Smcroute - minidlna between subnets

Hi, trying to setup minidlna access from iot subnet but no success. Minidlna running on the router(br-lan 192.168.1.0/24), and iot subnet is 192.168.20.0/24.
When I connect those devices(smart-tv and avr) to br-lan they immediately access to minidlna wo any issues.

I have following cfgs (minidlna, firewall, smcroute) and mroute outputs:

/etc/config/minidlna:

config minidlna 'config'
	...
	option interface 'br-lan,br-tv_avr'

/etc/config/firewall:

config rule
	option dest_port '1900'
	option src 'tv_avr'
	option name 'TV_AVR-FORWARD-REQUEST-SSDP'
	option target 'ACCEPT'
	option family 'ipv4'
	list dest_ip '239.255.255.250'
	option dest 'lan'
	list proto 'udp'

config rule
	option src_port '1900'
	option src 'lan'
	option name 'LAN-FORWARD-RESPOND-SSDP'
	list src_ip '192.168.1.1'
	option family 'ipv4'
	option target 'ACCEPT'
	option dest 'tv_avr'
	list proto 'udp'

config rule
	option dest_port '8200'
	option src 'tv_avr'
	option name 'TV_AVR-FORWARD-ACCEPT-MINIDLNA'
	option target 'ACCEPT'
	option family 'ipv4'
	list dest_ip '192.168.1.1'
	option dest 'lan'
	list proto 'tcp'

config rule
	option src_port '8200'
	option src 'lan'
	option name 'LAN-FORWARD-ACCEPT-MINIDLNA'
	list src_ip '192.168.1.1'
	option family 'ipv4'
	option target 'ACCEPT'
	option dest 'tv_avr'
	list proto 'tcp'

/etc/smcroute.conf:

mgroup from br-tv_avr group 239.255.255.250
mroute from br-tv_avr group 239.255.255.250 to br-lan

And mroute output:

root@turris:~# ip mroute
(192.168.20.105,239.255.255.250) Iif: br-tv_avr  Oifs: br-lan  State: resolved
(192.168.20.105,239.255.250.250) Iif: br-tv_avr   State: resolved
(192.168.20.125,239.255.255.250) Iif: br-tv_avr  Oifs: br-lan  State: resolved

root@turris:~# smcroutectl show route
ROUTE (S,G)                        INBOUND             PACKETS      BYTES  OUTBOUND                                                                                   
(*, 239.255.255.250)               br-tv_avr                 0          0  br-lan
(192.168.20.125, 239.255.255.250)  br-tv_avr               264      93312  br-lan
(192.168.20.105, 239.255.250.250)  br-tv_avr                64       8064 
(192.168.20.105, 239.255.255.250)  br-tv_avr              4297    2437384  br-lan

Andy ideas? How can I get it working? Many thanks in advance.

And 2nd question more important, after sometime mroute shows a foreign ip from my upstream subnet, if my wan ip is x.y.z.n, that foreign ip is x.y.z.18
I found that ip at abusedb as well. Now wondering if it is security flaw. Why that happens? See below X.Y.Z.18 inbound eth2

root@turris:~# ip mroute
(192.168.20.105,239.255.255.250) Iif: br-tv_avr  Oifs: br-lan  State: resolved
(192.168.20.105,239.255.250.250) Iif: br-tv_avr   State: resolved
(192.168.20.125,239.255.255.250) Iif: br-tv_avr  Oifs: br-lan  State: resolved
(X.Y.Z.18,239.255.255.250)  Iif: eth2        State: resolved
root@turris:~# 
root@turris:~# 
root@turris:~# smcroutectl show route
ROUTE (S,G)                        INBOUND             PACKETS      BYTES  OUTBOUND                                                                                   
(*, 239.255.255.250)               br-tv_avr                 0          0  br-lan
(X.Y.Z.18, 239.255.255.250)   eth2                      4        599 
(192.168.20.125, 239.255.255.250)  br-tv_avr               344     121464  br-lan
(192.168.20.105, 239.255.250.250)  br-tv_avr                74       9324 
(192.168.20.105, 239.255.255.250)  br-tv_avr              4923    2792955  br-lan

Removed forwarding rules and added following rules. It works now without smcroute.

config rule
	option dest_port '1900'
	option src 'tv_avr'
	option target 'ACCEPT'
	option family 'ipv4'
	list dest_ip '239.255.255.250'
	list proto 'udp'
	option name 'TV_AVR-SSDP'

config rule
	option dest_port '8200'
	option src 'tv_avr'
	option target 'ACCEPT'
	option family 'ipv4'
	list proto 'tcp'
	option name 'TV_AVR-MINIDLNA'

My 2nd question related to smcroute still remains.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.