Multiple Networks? #59
Comments
|
Hi @VeniceNerd ! Certainly you can bridge over multiple networks, just specify all the interface names in @commiepinko had the issue recently where he wanted to filter out responses so that certain networks would or would not receive mDNS broadcasts. Have a look at #57 and see if it makes sense to you. Kind regards, |
|
I wanted to permit mDNS only between br0 and nine VLANs and block all traffic between VLANs. It took me awhile to get the syntax right. I'd be happy to answer any questions The container: ifFilter.json: |
|
Thanks for the quick response! I'm not 100% sure I explain edmy use case clearly enough, though. I'm no trying to bridge multiple networks together (so they can all share mdns among each other) I'm trying to have several seperate mdns groups. I think it's easier explained with a graphic:
So basically I would like for VLAN 10, 20, and 30 to each exchange mdns information with VLAN 50 but I don't want VLAN's 10, 20, and 30 to exchange mdns information with each other. @commiepinko is that basically what you have figured out to do? If so I would definitely love to pick your brain a bit more about this because the mdns on the Unifi has been driving me INSANE! ;) ---- Use Case Explanation --- That's why I need each of the individual home networks to be able to exchange mdsn info with the IOT network. However, I want to prevent all of the HomePods and AppleTVs from one house to show up in the other house. That's why I don't want those three networks to talk to each other. ;) |
|
I'm assuming that the host that will run the relay is on your LAN. I'm also assuming the relay won't care if its host doesn't send or receive mDNS broadcasts. If I'm wrong, you should still be able to get the idea. Before you start, get the names of your network interfaces if you haven't already. Assuming your network looks like this, which is unlikely… …the following should do what you want. container I'm running the relay on a UniFi UDMP router (which requires other configuration in addition to this). Your container will of course be suited to your host. However you configure it, make sure that the mount and the location of ifFilter.json match up. The relay has to be able to find it. ifFilter.json Each line is a rule that controls which subnets are allowed to communicate with which network interfaces. Of course this controls only mDNS. I limit other traffic with a firewall running on the same host as the relay. (I can't use the firewall for everything because my router only supports an mDNS reflector, which projectile vomits everything everywhere.) A final thought… It sounds like you have an Internet of Things going on. At home, I've chosen to handle IoTsecurity by putting my trivial devices on a different SSID from anything sensitive and using a stateful firewall to limit the traffic. It works well and can be managed by the firewall's interface without all this fussing. Hope that helps. |
|
Thank you so much for all your help! Let me go through your reply step by step to make sure I got it right.
I think I’m using the exact same equipment as you. I was planning to run this on my Dreamachine Pro. That’s what you do, right
Do you know where I could find an easy to follow, step by step, tutorial to get this up and running on my DMP? I have never messed with installing anything on it some I’m a bit nervous…
Do you not have logging disabled? I read somewhere that the logs will fill up your storage space on the DMP within hours.
So this is where you lose me lol. I basically only VLAN 10 to talk to VLAN 50, VLAN 20 to VLAN 50, and VLAN 30 to VLAN 50 but not to each other. Maybe I’m not understanding exactly how the ifFilter.json works but to me it reads as if VLAN 10 would be allowed to talk to VLAN 20, 30, and 50, for example?
Yeah exactly. VLAN 50 will have all my wifi plugs, home automation devices, homebridge, and home assistant on it. Then I’ll bridge the mdns to the house, office, and guest house so they can talk to the respective Apple TV’s. Also, once this is all set up is there a way to test if everything is working right? For my firewall rules I always run the “ping” command to see if traffic is allowed through or not but not sure if there’s a way to test this for mdns as well. Again thanks so much for your help. I really appreciate I! |
Correct.
That clever boostchicken is ahead of us both. Implement their container-common script.
ifFilter.json is just a list of source→destination pairs (one per line) which determine which subnets can broadcast to which network interfaces (which were declared in the INTERFACES parameter when you created the container.) Each line explicitly declares which source→destination(s) broadcast traffic will be relayed. Just declare what you want to permit. Source is declared by subnet; destination by virtual network interface name.
I found the Discovery bonjour browser helpful. It'll show you mDNS broadcasts being received by the host you run it on.
Since you can only ping hosts, not ports, that's no help here. Discovery will let you see what broadcasts are or aren't reaching a given host.
No problem. The more specific you are about your confusion(s), the easier it is to address them. |
|
Wow! You are incredible!!! You just taught me so much about networking in general. Thank you so much!!!! I'm so excited to finally be wrapping my head around this. So let me see if I got this right.
ifFilter.json OPTION 1: { --> This would send mDNS traffic FROM my IOT Network (VLAN 50) to ALL of my other networks, correct? Will this be automatically a two way street or will the mDNS traffic only flow one way in this case? ifFilter.json OPTION 2: { --> In this case I would have created a two way street between VLAN 50 & LAN to all the other VLANS, correct? So mdns traffic would flow back and forth between them but NOT between the separate VLANS (10 to 20, 20 to 30, etc...), correct? Or would this cause mdsn traffic to spill over from VLAN 10 to VLAN 20 because it all passes through VLAN 50? Also, if all of my IOT devices are on VLAN 50 and my AppleTV's are on their respective VLANS do I even need to have mdns flow both ways or would I only need the IOT (VLAN 50) traffic to flow TO the Apple TV's? Once I understand the theory of this I think I will be ready to take the next step and try installing this on my DMP. Would this be the workflow? Step 1: Install the UDM Utilities - https://github.com/boostchicken/udm-utilities Step 2: Install Multicast relay - https://hub.docker.com/r/scyto/multicast-relay Step 3: Run these commands ifFilter.json Would that be the correct order? If so I will try to find some tutorials on how to implement each step. :) |
The relays are uni-directional. If you want a two-way street, specify the two different directions on separate lines. You've got the right idea. Don't be timid. Speaking for me, I never really learn anything until I've tried it and maid at least one big mess. Just keep track of what files you've created or altered on the UDM, so that you can revert and try again if it all goes pear shaped. |
Copy that. So am I correct to assume that "10.0.1.50.0/24": ["br0", "br10", "br20", "br30"] would take the mDns traffic from my VLAN 50 and send it to LAN, VLAN 10, VLAN 20, and VLAN 30? Do you know if Homekit even required bi directional mdns? Or is it only important that the IoT devices can send their mDns TO the AppleTVs? |
Yes.
I'm not sure, but remember that in this context, mDNS is only about broadcasting advertisements for services, not actually using the services. The only thing multicast-relay controls is the broadcast of the advertisement. The actual use of the advertised services is separate. For example, I have a server that uses mDNS on port 5353 to advertise SMB file shares to various VLANs. Clients on those VLANs can see the shares. However, whether or not they can actually access the shares has nothing to do with mDNS or multicast-relay. SMB uses ports 445 and 139, and whether or not hose are open between client and server is up to the firewall, not multicast-relay. If this is baffling, think of mDNS as a steaming service that does nothing but advertise shows available on other services. Being able to see the advertisement doesn't determine whether or not you can access the other services. It helps to remember what mDNS was developed for. The original motive for it was zero-config networking, i.e., to allow hosts on small networks without a DNS server to determine each other's names and addresses automatically. It doesn't actually handle the transfer of data between hosts, it only makes it possible for the hosts to address each other. |
|
Thanks to all of your help I have finally started jumping in now. Here is what I have done so far:
Now at this point I am stuck. The boostchicken readme says:
However, I can't find the commands on how to run podman-update or install the container-common to prevent the logs filling up. Could you guide me on this step? After I have done those two steps I plan on continuing like this: This step will install the multicast-relay docker container, correct? Do I enter this all at once?
{ This should send mdns advertisment from my VLAN50 to all other networks. I believe this unidirection should be enough to get my HomeKit working. However, I am also not sure how I actually edit or create this ifFilter.json file. Do you have any pointers here as well?
But I am not sure if I should be doing this or not since I didn't see it anywhere else. I feel like am SO CLOSE to success now!!! :) |
|
By your numbers, wherever comments seem helpful…
(Ignore the error message.) As you can see, the unifi-os shell don't know nuthin' 'bout runnin' no podman.
Yes and yes. podman is a single command and all the rest is just its parameters. Note the \ ending all lines except the last - \ says "ignore the following line break". One does this to break commands into readable parts to keep them comprehensible. It's a matter of taste and style. When the command is executed, it's seen as one continuous line without breaks.
You've got it. The subnet on the left forwards to the interfaces on the right, and if that's the only line, that's the only thing multicast-relay will do.
Create ifFilter.json using a text editor. It doesn't matter which so long so it saves plain text with Unix line endings. Of course you can also use a 'nix editor like vim or nano. I generally keep backup copies of scripts, config files, and all the rest, so I use a macOS editor and send the files to their working locations using scp. Where you put all these files of course matters. Here's how I do it. You can put ifFilter.json anywhere you like, but the correct directory path must appear in this line of the container configuration in order for podman to find it.
Up to you. One picture being worth a thousand, here's my configuration: multicast-relay_configuration.zip, consisting of three startup scripts and one support file.
My podman script is in there as well, and
You needn't script the existence of the script(s). Just put 'em where they go. Similarly, permissions matter, but you need set them but once:
Me too, but keep in mind it's not success until you've broken it and fixed it a few times. 😽 Finally, keep in mind that this entire exercise consists mostly of a way make multicast-relay persist between restarts of the UDM. Software updates to the UDM will may wipe it all out at any time. After every update, you'll need to check, reinstalling as necessary. You'll want to keep a copy of all your work elsewhere, or if you're feeling ambitious, perhaps write a single script that recreates all of it in a single execution. In general, the more you know about Linux, the easier this stuff gets. |
|
Thank you so much again. This is where I left off last time:
As far as I can tell I correctly installed the UDM Pro Boot script with the above commands, correct? Next I followed this guide to a T to install container-common. I see it in the folder:
and "vim" checked that the file has content: Then I placed the "ifFilter.json" into the "on_boot.d_support" folder:
Does that all look correct so far? However, next the boostchicken guide says to install podman-update:
The guide for that overwhelmed me a little, though. Do I need to do this before going on to install the relay? Or is this optional? If it is NOT optional do you have any other resources that could help me get this completed? I'm going to wait to hear back from you if I need to deal with the "podman-update" thing or if I'm ready to go ahead with the relay instal. Rather take it slow and steady with stuff like this. ;) |
|
I kept going because I really need my HomeKit setup to work again so I now finished all steps: Placed the 30-multicast-relay.sh" file on the UDMP and ran "chmod +x" on the file: Executed the following command in Terminal:
Ran the following two commands:
Unfortunately, the discovery tool (running on a computer in VLAN 10) is not showing any of the devices in VLAN50. It only shows the devices that are on VLAN 10. Did I do something wrong? Is there any way to check if the multicast relay is actually working? PS: ran "podman ps" and got the following result: No idea if that should be showing our "multicas-relay" or not... EDIT 1: After digging trough some forums I found this command "journalctl -u udm-boot.service" and ran it from the Unifi Shell. Not 100% sure what it does but here is the log result:
EDIT 2: Ran just "journalctl" from the Unifi Shell and looked out for "udm-boot.service". Here is the result: I also noticed that a little further down "avahi-daemon.socket" shows up as active. Wasn't that supposed to get killed with the "30-multicast-relay.sh" bootup script?
Anyways, here is the full readout in case it helps diagnose the problem: |
|
This thread is a godsend! I have been wanting to install the relay for ages but never knew where to start. I followed along as good as I could but it seems I'm in the same boat as @VeniceNerd. Installed everything but no dice. Since I followed his steps exactly (with my VLAN addressed of course) hat's probably not a surprise. @commiepinko hope you'll have time to come back here soon again seems like you've got this figured out on your system. Either way great knowledge so far. Thanks! |
|
Podman has a logging function. If necessary, run If it's not sufficiently informative, remove the existing container and make a new verbose one. With the verbose option, Of course ultimately you'll want to remove the verbose container, and run a new one without that option. |
|
Glad to help. It seems as though the tricky part for beginners is distinguishing between how the container is configured and operates vs the parts that are purely the relay's purview. |
@commiepinko you're back! happy dance!!!! I ran the two commands and this is the output: Of course I don't really have any clue what it means. Is it helpful to you at all? Or should I remove the container and re-install with verbose? Also, is it normal that udm-boot.service reports as "loaded / active / excited" when running "journalctl" from the Unifi Shell or should it be saying "loaded / active / running"?
@explorernerd glad this is helping you out as well! Once I have successfully figured this out I will write a clean post here with all the correct steps, summarizing everything that @commiepinko has taught me so that other people can join us. |
If that's the concise log, I shudder to imagine the verbose version. (And I'm not sure what the policy here is, but many environments frown on posting massive log entries.) My concise output from That's it - no repetition, no massive tome.
I don't know. What strikes me in your log is
I've no idea what that means, but it sounds like a possible syntax error somewhere in your configuration. Attach your container creation script, whatever you have in /mnt/data/on_boot.d, and your ifFilter.json? |
Oh sorry about that. Won't do that again!
Whenever you're near your machine would you mind to check? You just have to run "journalctl" from the Unifi Shell and look for udm-boot.service. I would like to rule out that the issue is there...
I downloaded the files from my UPMP and zipped them up for you: To create the container I ran this command in Terminal: Hopefully something will jump out at you! EDIT: So just I ran the following commands to stop and remove my original container:
Then I re-created the container WTHOUT the ifFilter.json option (also removed the -d) Boom! Immediately the Discovery tool is showing all the devices from all of my VLANS. I double checked by showing the logs: So it seems there is an issue with the ifFilter.json, right? EDIT 2: Yep! Did a f up on the ifFilter.json. Instead of: I had and extra "1" in my IP address. What a stupid mistake! So I replaced the ifFilter.json, removed the container and created another one:
No more error message! The only problem now appears to be that the ifFilter actually doesn't seem to do anything at all. No matter what VLAN I'm on I'm seeing devices from all other VLANs in Discovery. I attached my most recent files again! Do you have any idea why the ifFiler.json doesn't appear to be doing anything? Do I have more errors in there? PS: I hope it doesn't bother you that I note down all my detailed steps. Want to make sure that @explorernerd and others can follow along. |
|
@commiepinko if you don't want to read all the above here is a summary: there was an error in the ifFilter.json. I had an additional "1" in the IP source IP address. After I fixed that the error messages disappeared. Multicast Relay is working now! However, ifFilter.json doesn't seem to have any effect. No matter what VLAN I'm on I can see the mdns traffic from all other VLANs. Here are my latest sh files: I feel SO CLOSE now!!! I hope you have an idea (or trouble shooting suggestions) to find out why the filters aren't doing anything yet. PS: Does the ifFilter.json require any special chmod? This is what it looks like now: |
|
I figured it out!!! I figured out why it works for you but didn't work for me! I found this thread where I read that apparently if you don't define a source network in ifFilter by default it will broadcast to all other networks. And since I only had one line in my ifFilter
it meant that all the other networks would still broadcast everywhere else. So now I changed it to this: This way I force mdns traffics from all the other vlans (10, 20, 30) to my LAN network [br0]. So now almost everything works as intended. All networks get MDNS traffic from VLAN 50, but networks 10, 20, and 30 can't see traffic from each other. I say almost because weirdly enough my LAN (BR0) also only sees traffic from itself and VLAN 50. That's weird to me since I'm routing traffic from all the other networks into BR0. I assume it has to do with my final line:
Where I route br0 to br0. I assume that does something funky? I also tried:
That has the same effect, though. In the thread I found the guys discuss how to do this but I am not sure it was actually resolved. Maybe @juliodiz or @alsmith could chime in on how to properly do this? Unless you have an idea? |
|
Morning guys - great collaboration between you two - happy to see the community help there! The ifFilter check is basically this: So the logic is, for each interface that we want to transmit on, if the source IP of the mDNS request is in any filter configuration line, and if the interface being considered is NOT in the list of interfaces in the config, then we do not transmit. This should have the effect of letting 10.0.50.* broadcast on br0, br10, br20 and br30. 10.0.10.* only on br0, 10.0.20.* only on br0, etc - and also 10.0.1.0/24 also only on br0. Oh and because the relay only relays between different vlans, any given vlan will always see discovery traffic from other hosts on the same vlan - the relay can't control or influence that at all. That should cover your aim - br0 would see its own mDNS traffic, and that from from vlans 10, 20, 30 and 50. |
|
Yes, @commiepinko has been extremely helpful and generous with his time. I'm hoping this discussion will help many others setting up their relay!
It almost does! The only thing that doesn't work none of the traffic from 10.0.10., 10.0.20., or 10.0.30.* seems to show up on BR0. One note about this last line:
10.0.1.0 IS BR0. I only included this line to add 10.0.1.0 on the filter list. Without this line traffic from 10.0.1.0 was flowing into all other VLANs. So basically I told it to just send traffic to itself. Maybe that's why there are some issues with BR0 receiving traffic from the other VLANS? I just didn't know how to solve 10.0.1.0 not sending any traffic to the other networks without this line. @alsmith what would be the recommended way to add a source network to ifFiler.json and tell it NOT to send traffic anywhere? (Instead of using my weird workaround to have it send traffic to itself, which I think may be causing issues...) PS: I did try "10.0.1.0/24": [] as well which didn't work either. |
My understanding (and experience) is that multicast-relay does nothing unless told to. In other words, "don't relay anything" is the default and you don't have to specify it. A possible confusion is that the relay controls only mDNS traffic. For example, I use it to block broadcast advertisements for services between VLANs, but that's all it does. The VLANs can still access each other's services. Blocking the services themselves is a function of the firewall, not the relay. If the two don't complement each other, weirdness can result (e.g., being able to see file shares advertised, but not be able to access them, or vice versa).
Odd. My ifFilter.json is very similar… …and works as expected. (I'm being grateful, not bragging.) Check your container creation script and verify that all networks involved are listed? Final troubleshooting thought… Of course only what hosts broadcast can be relayed. To check that your systems are actually broadcasting the mDNS you expect, stop multicast-relay and enable the DM's multicast reflector: Settings > Services > mDNS. With the reflector enabled, you should have a free-for-all where every host on every network can see every other host's broadcasts. (Which I assume is why Settings > Wireless Networks > [WLAN] > Block LAN to WLAN Multicast and Broadcast Data exists, and which, come to think of it, is another setting to keep in mind.) |
That is so weird because this is not my experience at all. When I included only "10.0.50.0/24": ["br0", "br10", "br20", "br30"] in my json file all the other VLANS were broadcasting all over the place. Once I mentioned all the other networks as a source and told them where to route, then it all worked as expected. (Besides that one quirk I'm still struggling with...) Did you see this thread? #34 @alsmith said this over there:
Which would confirm what I have noticed, no? |
Huh. So it goes. I've never tried a configuration that didn't entirely specify what I wanted, so that wasn't noticeable, and so assumed wrong. Sorry 'bout that. It's good to know in any case. |
|
Correct, the default is to relay everywhere. Also, the relay won't ever rebroadcast on the interface that it received the packet from, so @VeniceNerd's |
|
Hey @commiepinko & @alsmith I can now with certainty say the this line in ifFilter.json:
causes issues. With this line enabled my mdns stops working properly and all kinds of weird issues arise. This line basically tells network 10.0.1.0/24 (which is BR0) to forward all traffic to itself. I did this so that BR0 won't send traffic to anyone else. Since that line causes issues, though, this is definitely not the way to exclude one VLAN from broadcasting anywhere else. It's not a big issue for me atm since I don't really have any devices on my main LAN (10.0.1.x) but it would still be nice to know what the proper way would be to exclude a specific network from broadcasting to any other VLANS (besides itself, of course). Any ideas? |
|
I've revised It's odd though - my install worked correctly with the error, and now it works without it. I can see no difference, except that now I know longer have to suffer godlike status or be mistaken for knowing everything. 😽 |
Can you say what issues that causes? If 10.0.1.1 is br0, then whether br0 is there is not then it shouldn't make any difference. The relay won't re-transmit a packet out of the same interface that it received it on. |
|
@alsmith looks like you were right and this is NOT after all what caused the issues. The change of the ifFilter seems to have been a mere coincidence. Probably because I stopped and restarted the container in the process. I just saw the problem happen again. Basically after a while my HomeKit devices show as "not responding" in the Home App. When everything works this is what the Discovery App shows:
All of the HomeKit devices are grouped under "_hap._tcp." and if you click on the little arrow it will show you the IP address and all the other details. Once everything stops working this is what Discovery shows:
Some devices can still be seen (at times) but they don't show up under "_hap._tcp." anymore and expanding on the arrow won't reveal any details. If you stay in the discovery tool you can often see it going back and forth. I have no idea what is going on. Sometimes everything works great and then everything stops working. I haven't seen any rhyme or reason yet. Here is what it looks like from the Home app: @commiepinko do you have any idea why this may be happening and what I could do to trouble shoot? Do I maybe have some settings wrong on the DMP? I disabled all firewall rules and I can ping across all VLANS. |
|
So I removed the container again and started a new one. This time without the ifFilter option. So I just ran: So now everything has been running solid for almost 48 hours. Of course I'm getting mdns traffic from all networks on all networks at the moment but there have been none of the weird issues I reported above. So right now my hunch is that the problem was caused by something in the ifFilter.json. Here again is my ifFilter.json: Do you guys see any issues at all with this? Why would including the ifFilter.json as an option cause my system to behave inconsistently? Just to make sure: I don't need to set any specific chmod on the ifFilter.json, correct? If you guys have any ideas of why it runs well without the ifFilter but starts acting up with the ifFilter I would greatly appreciate it. The only other option I can think of right now would to run multiple instances of multicast-relay. At least I would have to run two: and That would at least connect the two VLANs I need to swap mdns most. Just not sure if it is even recommended to run two instances of multicast. I obviously only would want to do this if we can't figure out the issue with the ifFilter solution. Any feedback greatly appreciated as always! |
|
Hey @commiepinko do you have any thoughts at all on the above? Any idea why my ifFilter may cause issues? If not what do you think of my idea of running two instances of Multicast Relay instead? Obviously I'd rather get the ifFilter to work but just in case... |
|
Alas, @VeniceNerd, I'm stumped. With the exception of omitting the LAN, your config is very like mine. If you As for running multiple instances, I'd be hesitant to double down on something that isn't working for unknown reasons, but that's must me. |
|
It wouldn't do any damage to run multiple instances if you separate them out so that they handle individual interfaces and won't want to interfere with each other - I think it's clever enough that even if you don't do that, that it wouldn't end up causing massive network traffic by rebroadcasting each others' packets but that's not worth trying out. (-; |
|
@alsmith It's driving me absolutely insane! Without the ifFilter.json everything works well. I am not trying a smaller setup with just three VLANS 10.0.10.0 = br10 I want VLAN 50 to send mdns to VLAN 10 and 30 but I don't want VLAN's 10 and 30 to send mdns anywhere else. First I tried this: Unfortunately, this causes the unexpected behaviors I have outlined above. Then I tried this: That configuration works but it's basically the same as not using any ifFilter at all since the traffic is transmitted on all VLANs. I assume because I have VLAN 10 and 30 dump into VLAN 50 and then VLAN 50 sends back to 10 and 30? So basically I still have not found a way to prevent VLAN's 10 and 30 from sending MDNS traffic anywhere. Are we 100% certain that asking one VLAN to send traffic to itself would be the best way to prevent it from sending it to any other VLANS? Or is there any other way I could try this in ifFilter? Also, @commiepinko can you think of anything in the Unifi Network settings that I may have set up incorrectly for this to happen? |
|
I collected logs for all scenarios and also discovered something REALLY strange in the last secnario! COMBINATION 1: Here mdns traffic gets transmitted between all networks. It's basically as if I'm not running ifFilter at all. Here is the log from this setup: I'm not good at reading logs but to me it looks like traffic is sent to BR50 and BR50 then turns around and sends it right back at BR10 and BR30. Exactly what I don't want to happen. This really confused me because I think @commiepinko does basically the same in his ifFilter, no? COMBINATION 2: This just breaks the setup for me. Most of my homekit traffic from BR50 won't show up on BR10 anymore and it breaks my Homekit. It's kind of jittery and intermittent. Here is the log for that: Then I scraped all of that and just ran this one, simple relay instead: This should only let VLAN 10 and VLAN 50 talk. However, the discovery tool also shows one or two devices from VLAN 30 when I'm connected to VLAN 10 or 50. This only happens sporadically. It's not always there. It should NEVER be there, though. I can even see them in the logs (10.0.30.145 - AppleTV & 10.0.30.178 - HomePod & 10.0.30.249 -iPad): Why in the world are these showing up when I run "podman logs -f multicast-relay-10"? Network BR30 wasn't even included in my interface list! What is going on? Are there rogue processes running on my DMP? At least I'm hoping this will give you guys an idea what may be going on cause I'm about ready to be admitted to an institution... lol |
|
@VeniceNerd… Here's my final (well, for the moment) configuration for reference, though I doubt there's anything new to be discovered there. FYI, I have a single complimentary firewall rule that blocks inter-VLAN traffic, and nothing else. Wish I had more to suggest. |
@commiepinko Yeah I'm starting to think that this is not about my relay configuration but that maybe something weird is going on with my network setup? Or maybe I accidentally have another rogue instance or the relay running at the same time? I really don't think so but maybe worth a look? Is there maybe a command to display all running podman instances? Also, I'm really hoping that @alsmith may have an idea why VLAN30 traffic is being passed when only VLAN 20 and 50 are defined in the relay. I have a feeling once I crack that nut the rest will fall into place... |
Podman doesn't have the hugely detailed command structure of Docker, but there's still a lot one can do. |
Here's what I have running: So that looks correct, no? If so I will open a new ticket with this specific issue since I think we are now quite far outside the scope of the original issue. |
|
@VeniceNerd That's identical to mine. |
|
Hey @commiepinko and @alsmith I am trying all of this again with a brand new network setup now and running MultiCast Relay on a Raspberry Pi instead of on the UDM Pro SE (I upgraded!). I am still seeing the EXACT same issue that I saw last year. As soon as I use the ifFilter.json stuff goes sideways. Is there ANY chance that my network addresses (10.1.1.0/ 10.1.10.0 / 10.1.20.0 / 10.1.30.0) are messing this up? It's the only difference I can see to what @commiepinko has going on. His are all 192.168.0.0 / 192.168.1.0 etc... I just don't understand how it can work so well for him and it's an absolute disaster for me. I have been trying this for almost two years now and may actually go insane soon. lol |
|
I opened a new issue with my observations on Raspberry Pi: scyto/multicast-relay#17 This is with a brand new UDM Pro SE, brand new network, and Multicast-Relay running on a Raspberry Pi. I still run in pretty much the same issue that I had last year on the UDM Pro. I don't understand what I am doing wrong... |
Is it possible to connect multiple sets of vlans together? I will have my network (1), my tenant network (2), and a shared iot network (3).
I would want network 1 and 3 to share mdns as well as network 2 and 3 to share mdns. However, I don’t want network 1 and 2 to share mdns with each other.
Is that possible?
The text was updated successfully, but these errors were encountered: