Hi, trying to setup minidlna access from iot subnet but no success. Minidlna running on the router(br-lan 192.168.1.0/24), and iot subnet is 192.168.20.0/24.
When I connect those devices(smart-tv and avr) to br-lan they immediately access to minidlna wo any issues.
I have following cfgs (minidlna, firewall, smcroute) and mroute outputs:
/etc/config/minidlna:
config minidlna 'config'
...
option interface 'br-lan,br-tv_avr'
/etc/config/firewall:
config rule
option dest_port '1900'
option src 'tv_avr'
option name 'TV_AVR-FORWARD-REQUEST-SSDP'
option target 'ACCEPT'
option family 'ipv4'
list dest_ip '239.255.255.250'
option dest 'lan'
list proto 'udp'
config rule
option src_port '1900'
option src 'lan'
option name 'LAN-FORWARD-RESPOND-SSDP'
list src_ip '192.168.1.1'
option family 'ipv4'
option target 'ACCEPT'
option dest 'tv_avr'
list proto 'udp'
config rule
option dest_port '8200'
option src 'tv_avr'
option name 'TV_AVR-FORWARD-ACCEPT-MINIDLNA'
option target 'ACCEPT'
option family 'ipv4'
list dest_ip '192.168.1.1'
option dest 'lan'
list proto 'tcp'
config rule
option src_port '8200'
option src 'lan'
option name 'LAN-FORWARD-ACCEPT-MINIDLNA'
list src_ip '192.168.1.1'
option family 'ipv4'
option target 'ACCEPT'
option dest 'tv_avr'
list proto 'tcp'
/etc/smcroute.conf:
mgroup from br-tv_avr group 239.255.255.250
mroute from br-tv_avr group 239.255.255.250 to br-lan
And mroute output:
root@turris:~# ip mroute
(192.168.20.105,239.255.255.250) Iif: br-tv_avr Oifs: br-lan State: resolved
(192.168.20.105,239.255.250.250) Iif: br-tv_avr State: resolved
(192.168.20.125,239.255.255.250) Iif: br-tv_avr Oifs: br-lan State: resolved
root@turris:~# smcroutectl show route
ROUTE (S,G) INBOUND PACKETS BYTES OUTBOUND
(*, 239.255.255.250) br-tv_avr 0 0 br-lan
(192.168.20.125, 239.255.255.250) br-tv_avr 264 93312 br-lan
(192.168.20.105, 239.255.250.250) br-tv_avr 64 8064
(192.168.20.105, 239.255.255.250) br-tv_avr 4297 2437384 br-lan
Andy ideas? How can I get it working? Many thanks in advance.
And 2nd question more important, after sometime mroute shows a foreign ip from my upstream subnet, if my wan ip is x.y.z.n, that foreign ip is x.y.z.18
I found that ip at abusedb as well. Now wondering if it is security flaw. Why that happens? See below X.Y.Z.18 inbound eth2
root@turris:~# ip mroute
(192.168.20.105,239.255.255.250) Iif: br-tv_avr Oifs: br-lan State: resolved
(192.168.20.105,239.255.250.250) Iif: br-tv_avr State: resolved
(192.168.20.125,239.255.255.250) Iif: br-tv_avr Oifs: br-lan State: resolved
(X.Y.Z.18,239.255.255.250) Iif: eth2 State: resolved
root@turris:~#
root@turris:~#
root@turris:~# smcroutectl show route
ROUTE (S,G) INBOUND PACKETS BYTES OUTBOUND
(*, 239.255.255.250) br-tv_avr 0 0 br-lan
(X.Y.Z.18, 239.255.255.250) eth2 4 599
(192.168.20.125, 239.255.255.250) br-tv_avr 344 121464 br-lan
(192.168.20.105, 239.255.250.250) br-tv_avr 74 9324
(192.168.20.105, 239.255.255.250) br-tv_avr 4923 2792955 br-lan