OpenWrt Forum Archive

Topic: Multicast problem on pseudobridge

The content of this topic has been archived on 12 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
philsson
21 Feb 2012, 23:25

I have a little problem, before trying to change the configuration too much I thought of asking for a little help here.
I have configured a bridge (pseudo) on an TP-Link WR740n router which is connecting to my AP on a Linksys WRT320N running tomato. To this bridge I have a computer connected on one of the ethernet ports. I have complete access to the whole LAN between all computers and all services (as far as I have tested it). The problem is the machine connected on the bridge runs some services that multicast, for example UPNP Client/Server connected to the TV, Airfoilspeakers/Shairport/Airplay, Appletalk, Samba etc. These services are not available if I do not browse for a known adress. Most programs don't allow this, but only connect to selfdiscovered devices. The machine on the bridge is getting an IP from DHCP on the AP thou. I am a little confused, please help me out.

EDIT: Everything configured according to this guide
This is a copy of my firewall settings

config 'defaults'
    option 'syn_flood' '1'
    option 'input' 'ACCEPT'
    option 'output' 'ACCEPT'
    option 'forward' 'ACCEPT'

config 'zone'
    option 'name' 'lan'
    option 'input' 'ACCEPT'
    option 'output' 'ACCEPT'
    option 'forward' 'ACCEPT'
    option 'network' 'lan wwan'
    option 'masq' '1'
    option 'mtu_fix' '1'

config 'zone'
    option 'name' 'wan'
    option 'network' 'wan'
    option 'output' 'ACCEPT'
    option 'masq' '1'
    option 'mtu_fix' '1'
    option 'input' 'ACCEPT'
    option 'forward' 'ACCEPT'

config 'forwarding'
    option 'src' 'lan'
    option 'dest' 'wan'

config 'rule'
    option 'name' 'Allow-DHCP-Renew'
    option 'src' 'wan'
    option 'proto' 'udp'
    option 'dest_port' '68'
    option 'target' 'ACCEPT'
    option 'family' 'ipv4'

config 'rule'
    option 'name' 'Allow-Ping'
    option 'src' 'wan'
    option 'proto' 'icmp'
    option 'icmp_type' 'echo-request'
    option 'family' 'ipv4'
    option 'target' 'ACCEPT'

config 'rule'
    option 'name' 'Allow-DHCPv6'
    option 'src' 'wan'
    option 'proto' 'udp'
    option 'src_ip' 'fe80::/10'
    option 'src_port' '547'
    option 'dest_ip' 'fe80::/10'
    option 'dest_port' '546'
    option 'family' 'ipv6'
    option 'target' 'ACCEPT'

config 'rule'
    option 'name' 'Allow-ICMPv6-Input'
    option 'src' 'wan'
    option 'proto' 'icmp'
    list 'icmp_type' 'echo-request'
    list 'icmp_type' 'destination-unreachable'
    list 'icmp_type' 'packet-too-big'
    list 'icmp_type' 'time-exceeded'
    list 'icmp_type' 'bad-header'
    list 'icmp_type' 'unknown-header-type'
    list 'icmp_type' 'router-solicitation'
    list 'icmp_type' 'neighbour-solicitation'
    option 'limit' '1000/sec'
    option 'family' 'ipv6'
    option 'target' 'ACCEPT'

config 'rule'
    option 'name' 'Allow-ICMPv6-Forward'
    option 'src' 'wan'
    option 'dest' '*'
    option 'proto' 'icmp'
    list 'icmp_type' 'echo-request'
    list 'icmp_type' 'destination-unreachable'
    list 'icmp_type' 'packet-too-big'
    list 'icmp_type' 'time-exceeded'
    list 'icmp_type' 'bad-header'
    list 'icmp_type' 'unknown-header-type'
    option 'limit' '1000/sec'
    option 'family' 'ipv6'
    option 'target' 'ACCEPT'

config 'include'
    option 'path' '/etc/firewall.user'

(Last edited by philsson on 21 Feb 2012, 23:35)

The discussion might have continued from here.