smcgrath12
Occasional Visitor
I use a non-jailbroken iPhone. I have OpenVPN server running on my RT-68AC router. I have a Dish Network receiver that listens for SSDP traffic for Multicast address "239.255.255.250" on port "1900". I have an app on my iPhone that enables me to interact with the Dish Receiver. Note that I have to use OpenVPN in TUN mode because the client device is iPhone.
Now, when my iPhone is on Wifi, the app finds the receiver. When my iPhone is remote and I am VPNed into my router, the app does not find the receiver. I am trying to make this work by instructing the router to send this SSDP trafffic received on OpenVPN TUN interface to the local LAN interface (which I am assuming is the interface bridge "br0") where this traffic is send via ethernet frames to my local LAN. The Dish Receiver replies back to the SSDP query using unicast with its own IP as the Source IP and the iPhone's IP as the Destination IP.
I have not enabled any IGMP related features (or any other multicasting router protocols) on the router web interface. I am assuming I don't need that because there are no upstream routers that need to be told that my local router is interested in receiving this SSDP traffic. ALSO, packet captures gives no indication that the Dish Receiver is actually sending any IGMP Membership Report to the router, so I cannot depend on IGMP protocol to instruct my router to accept traffic destined for "239.255.255.250" and dump it on br0.
I am using the terms "SSDP" & "MC" interchangeably for this post.
I have captured the SSDP query on the router using TcpDump. The iPhone is correctly sending this SSDP traffic over the OpenVPN connection and the OpenVPN server is getting this traffic. The TTL of this packet is "1". So, I run:
"iptables -t mangle -A PREROUTING --in-interface tun+ --protocol udp --destination 239.255.255.250/32 -j TTL --ttl-set 5"
Next, I guess I need to add a route on the router that instructs it to send this packet to br0. So, I run:
"ip route add 239.255.255.250/32 dev br0"
Assuming I am correct so far, at this point, I am not sure what I need to do next.
1. Because unicast traffic goes unhindered from TUN to br0, can I assume that the rules enabling this unicast movement applies to multicast traffic as well? Am I done at this point? Or do I need to specifically tell br0 interface to "accept" this SSDP MC traffic coming from the TUN interface?
2. Assuming that the br0 does infact need to be instructed to accept MC traffic, does the router's TCP/IP stack "consider" this MC traffic as traffic "meant for it's local consumption" or not? Basically, will this traffic go via INPUT (if considered local) or FORWARD (if considered non-local) chain of the FILTER table?
3. If it goes via the FORWARD chain, is this command ok?
"iptables -t filter -A FORWARD --in-interface tun+ --out-interface br0 --protocol udp --destination 239.255.255.250/32 -j ACCEPT"
4. Or, if goes via the INPUT chain, is this command ok?
"iptables -t filter -A INPUT --in-interface tun+ --protocol udp --destination 239.255.255.250/32 -j ACCEPT"
5. i am assuming that the SSDP reply (from Dish Receiver to iPhone) needs no extra rules because the return traffic is unicast.
Is there anything else I need to do to make this work? Will the above "Mangle" and "Route" commands coupled with either "Input" or "Forward" command sufficient to make this work? I am not sure how "SMCRoute" works, but I see it being used by folks for transferring MC traffic among VLANs when I researched this. So I am wondering if route & iptables commands are sufficient to do what I need to do....
Thanks.
Now, when my iPhone is on Wifi, the app finds the receiver. When my iPhone is remote and I am VPNed into my router, the app does not find the receiver. I am trying to make this work by instructing the router to send this SSDP trafffic received on OpenVPN TUN interface to the local LAN interface (which I am assuming is the interface bridge "br0") where this traffic is send via ethernet frames to my local LAN. The Dish Receiver replies back to the SSDP query using unicast with its own IP as the Source IP and the iPhone's IP as the Destination IP.
I have not enabled any IGMP related features (or any other multicasting router protocols) on the router web interface. I am assuming I don't need that because there are no upstream routers that need to be told that my local router is interested in receiving this SSDP traffic. ALSO, packet captures gives no indication that the Dish Receiver is actually sending any IGMP Membership Report to the router, so I cannot depend on IGMP protocol to instruct my router to accept traffic destined for "239.255.255.250" and dump it on br0.
I am using the terms "SSDP" & "MC" interchangeably for this post.
I have captured the SSDP query on the router using TcpDump. The iPhone is correctly sending this SSDP traffic over the OpenVPN connection and the OpenVPN server is getting this traffic. The TTL of this packet is "1". So, I run:
"iptables -t mangle -A PREROUTING --in-interface tun+ --protocol udp --destination 239.255.255.250/32 -j TTL --ttl-set 5"
Next, I guess I need to add a route on the router that instructs it to send this packet to br0. So, I run:
"ip route add 239.255.255.250/32 dev br0"
Assuming I am correct so far, at this point, I am not sure what I need to do next.
1. Because unicast traffic goes unhindered from TUN to br0, can I assume that the rules enabling this unicast movement applies to multicast traffic as well? Am I done at this point? Or do I need to specifically tell br0 interface to "accept" this SSDP MC traffic coming from the TUN interface?
2. Assuming that the br0 does infact need to be instructed to accept MC traffic, does the router's TCP/IP stack "consider" this MC traffic as traffic "meant for it's local consumption" or not? Basically, will this traffic go via INPUT (if considered local) or FORWARD (if considered non-local) chain of the FILTER table?
3. If it goes via the FORWARD chain, is this command ok?
"iptables -t filter -A FORWARD --in-interface tun+ --out-interface br0 --protocol udp --destination 239.255.255.250/32 -j ACCEPT"
4. Or, if goes via the INPUT chain, is this command ok?
"iptables -t filter -A INPUT --in-interface tun+ --protocol udp --destination 239.255.255.250/32 -j ACCEPT"
5. i am assuming that the SSDP reply (from Dish Receiver to iPhone) needs no extra rules because the return traffic is unicast.
Is there anything else I need to do to make this work? Will the above "Mangle" and "Route" commands coupled with either "Input" or "Forward" command sufficient to make this work? I am not sure how "SMCRoute" works, but I see it being used by folks for transferring MC traffic among VLANs when I researched this. So I am wondering if route & iptables commands are sufficient to do what I need to do....
Thanks.