Here’s the simple walk through. Hope it helps.
Also, if anyone (@LTS_Tom maybe) sees something insecure in this solution please chip in!
Step 1: Enable Multicast Traffic
1. Enable IGMP Proxy on pfSense:
- Go to Services > IGMP Proxy.
- Click Add under “IGMP Proxy”.
- Set the following:
- Interface: Choose your “IOT subnet” interface.
- Type: Set to “Upstream”.
- Networks: Add the subnet range for the IOT subnet (e.g., 192.168.20.0/24).
- Add another entry:
- Interface: Choose your “Secure subnet” interface.
- Type: Set to “Downstream”.
- Networks: Add the subnet range for the Secure subnet (e.g., 192.168.10.0/24).
2. Enable Avahi Daemon (mDNS Repeater) on pfSense:
- Go to Services > Avahi.
- Check the box to Enable the mDNS repeater.
- Under Interfaces, select both your “Secure subnet” and “IOT subnet” interfaces.
- Save the configuration.
Step 2: Configure Firewall Rules
1. Allow Multicast Traffic on the Secure Subnet:
- Go to Firewall > Rules.
- Select your “Secure subnet” interface.
- Click Add to create a new rule.
- Set the following:
- Action: Pass
- Interface: Your “Secure subnet” interface.
- Protocol: UDP
- Source: Any
- Destination: Network
- Destination Address: Your “IOT subnet” (e.g., 192.168.20.0/24)
- Destination Port Range: 5353 (both from and to)
- Save and apply the rule.
2. Allow Multicast Traffic on the IOT Subnet:
- Select your “IOT subnet” interface.
- Click Add to create a new rule.
- Set the following:
- Action: Pass
- Interface: Your “IOT subnet” interface.
- Protocol: UDP
- Source: Any
- Destination: Network
- Destination Address: Your “Secure subnet” (e.g., 192.168.10.0/24)
- Destination Port Range: 5353 (both from and to)
- Save and apply the rule.
Step 3: Restart The Services
- This should do it.