Posted: Tue Dec 10, 2024 6:06 Post subject: Broadcast (e.g. 255.255.255.255) across subnets smcroute
I have my host network 192.168.1.X on br0 and an IoT network on a VLAN on br1 on 192.168.100.x, with a device on 192.168.100.3
- br0 can pass traffic freely to br1
- br1 is locked down except for DNS, mDNS, and UDP ports 9999, 20002
- mDNS resolver and repeater are enabled
All the following work properly
- I can avahi-browse from br0 to see the devices on br1
- Devices on br1 have DNS service and can access the Internet
- I can ping devices on the br1 network from br0
- I can unicast from br0 to any IP address & port on br1, e.g, "echo hello | nc -u 192.168.100.3 20002" and see the packets in Wireshark on 192.168.100.3
HOWEVER, I can't seem to broadcast to br1 (even with the firewall disabled)
e.g., "echo hello | nc -u -b 255.255.255.255 20002" FAILS to register on Wireshark on 192.168.100.3
It seems like I need to do something additional to get multicast working across subnets.
What am I missing?
Note, there was a typo above in my invocation of 'smcrouted', the flag should be '-f' and not 'e'.
However, when I checked my conf file with the '-F' flag, I got the following error message:
Code:
smcrouted -F /opt/etc/smcroute.conf.jnew
Verifying configuration file /opt/etc/smcroute.conf.jnew ...
/opt/etc/smcroute.conf.jnew line 2: mroute: Invalid multicast group: 255.255.255.255
Parse error in /opt/etc/smcroute.conf.jnew
So it seems like 'smcroute' works for multicast but not simple broadcast.
So back to the question:
How do I get a broadcast on 192.168.1.1 to 255.255.255.255 to be broadcast also on the 192.168.100.x subnet?
So I tried to see what happens when I broadcast within vs. cross-subnets:
The following broadcasts work within my primary 192.168.1.x net (and are detected by wireshark)
- echo hello | nc -u -b 255.255.255.255
- echo hello | nc -u -b 192.168.1.255
As does the following unicast
- echo hello | nc -u 192.168.1.3 (where 192.168.1.3 is the IP address of the computer I am monitoring with wireshark)
In contrast, when sending from 192.168.1.x to the 192.168.100.x subnet:
The following cross-subnet unicast works when run from the 192.168.1.x net
- echo hello | nc -u 192.168.100.100 (assuming the monitored computer has IP address 192.168.100.3)
But the following cross-subnet broadcasts all fail from the 192.168.1.x net when monitored on the 192.168.100.x subnet
- echo hello | nc -u -b 255.255.255.255
- echo hello | nc -u -b 192.168.100.255
I tried adding the following iptables rules, but they didn't help
I also tried turning on multicast forwarding for br1 (in Setup->Networking) but that didn't help.
So, what do I need to do so that 255.255.255.255 broadcasts initiating on 192.168.1.x are routed cross-net to individual devices on the 192.168.100.x subnet?
I reviewed the above carefully and I think the problem remains that I am trying to forward udp broadcast packets (i.e., 255.255.255.255) but smcroute only works on multicast.
Indeed /var/log/messages shows:
Code:
daemon.warn smcroute[5706]: /tmp/smcroute.conf line 1: join: Invalid multicast group: 255.255.255.255
daemon.warn smcroute[5706]: /tmp/smcroute.conf line 2: mroute: Invalid multicast group: 255.255.255.255
where my /tmp/smcroute.conf file looks like:
Code:
mgroup from br0 group 225.255.255.255
mroute from br0 group 255.255.255.255 to br1
Unfortunately, the messages that I am trying to forward (TP-LINK Kasa discovery messages) are broadcast...
I imagine I can't be the only person trying to get broadcast discovery messages to be forwarded from a primary subnet to an IOT subnet...
I read elsewhere that a program "udp-broadcast-relay" may be able to handle such forwarding BUT it doesn't seem available in entware.
Quote:
I just added smcroute to my build, will have a look at it after the holidays
where my use case is getting 'kasa discover' (either standalone or via homeassistant) to work from my IoT subnet to my main network.
Note:
- myserver.mydomain` is the machine and `br0` is the network bridge where I am running kasa discover (or if using homeassistant, substitute the name or ip address of your homeassistant installation, typically `homeassistant`)
- `br1` is the IoT network bridge where my kasa devices are installed
Note that `udp-broadcast-relay` is a small, easy to compile program. I just had to run 'make' to get it to compile under dd-wrt (where I have gcc installed via entware)
