1

I realize this question might be a little too specific, and I've read all the other questions about multicast on VPN, multicast on multiple interfaces, etc.

But, I've applied all the information from those questions, and I'm down to what I believe is the final step.

Background info:

  1. LAN is 10.xx.xx.xx on Interface x1
  2. WLAN is 192.xx.xx.xx on Interface x4
  3. There is a wifi access point on WLAN plugged directly into x4.
  4. Chromecast is connected to WLAN with IP address 192.xx.xx.99
  5. CCTV Monitor (Windows 7) is connected to LAN via unmanaged switch on x1.
  6. Multicast is enabled for all objects on LAN and WLAN

Relevant Firewall rules:

  • LAN > MULTICAST, Any source to Any destination, Any service, Allow
  • LAN > WLAN, Any source to any destination, Any service, Allow
  • WLAN > MULTICAST, Chromecast to Any destination, IGMP, Allow
  • WLAN > MULTICAST, Any source to Any destination, Any service, Deny
  • WLAN > LAN, Chromecast to All Workstations, Any service, Allow

There are a couple rules set up to block traffic at lower priorities than the ones i've listed.

All I believe I have left is to route multicast between WLAN and LAN, or to be more specific, 10.xx.xx.* and 192.xx.xx.99. I can not figure out how to do so. I'm guessing I need to create a NAT policy for IGMP both directions? The chromecast and the PC were capable of communicating before I segregated the WLAN from LAN, all physical hardware in its current configuration, except that the WAP was plugged into the switch on the same interface(x1) but now it is on its own interface (x2).

TL;DR: How can I allow a PC on x1 LAN 10.xx.xx.151 to cast to Chromecast on x4 WLAN 192.xx.xx.99?

Dexter
  • 111
  • 3
  • IGMP is local to a subnet and can't (read: should never be) translated between subnets. It also doesn't need to be permitted between subnets as, again, IGMP should never actually traverse a routing device. In short you need to allow multicast routing on the firewall. A quick google shows something like this, perhaps - https://support.sonicwall.com/kb/sw6366 – rnxrx Jan 14 '17 at 06:43
  • Ah ok, i think i just have a misunderstanding of how multicast is passed on. I thought IGMP routing was required for Multicast. The link you provided was the first instructional I followed. It simply confirmed everything I had already tried, it I started over anyway. the link does not talk about Multicast routing, but instead limits multicast to specific objects/groups. My problem is I have done all this and my router is still either not passing on the multicast information from Chromecast, or my PC's Join request is being ignored (or it's the other way, still fuzzy on how Chromecast works. – Dexter Jan 14 '17 at 15:02
  • IGMP only manages group membership within a subnet. The multicast router is supposed to use IGMP on each connected subnet to determine who has interest in what groups (...and who is originating multicast traffic) and then should forward accordingly (generally using something like PIM - Protocol Independent Multicast). You might want to start from a wide-open firewall configuration to confirm that the firewall is actually sending IGMP group queries in each routed subnet and then set up a known-working multicast source/receiver to prove it's the firewall and not the Chromecast. – rnxrx Jan 14 '17 at 23:17
  • I DMZ'd the Chromecast and it is in fact connecting. It turned out that the configuration I listed above allowed the Chromecast to connect across subnets, I just didn't wait long enough for tables to update. I disabled the Chromecast IGMP WLAN to LAN rule, and it stopped connecting across the subnets, while continuing to connect locally on WLAN. So it appears this is the rule that allowed it to function. Is there a way around this? – Dexter Jan 17 '17 at 18:16
  • @rnxrx Just saw your comment. after I posted one. I'll give PIM a shot – Dexter Jan 17 '17 at 18:19

0 Answers0