SOLVED: SONOS across multiple VLANS

Here’s the simple walk through. Hope it helps.
Also, if anyone (@LTS_Tom maybe) sees something insecure in this solution please chip in!

Step 1: Enable Multicast Traffic

1. Enable IGMP Proxy on pfSense:

  • Go to Services > IGMP Proxy.
  • Click Add under “IGMP Proxy”.
  • Set the following:
  • Interface: Choose your “IOT subnet” interface.
  • Type: Set to “Upstream”.
  • Networks: Add the subnet range for the IOT subnet (e.g., 192.168.20.0/24).
  • Add another entry:
  • Interface: Choose your “Secure subnet” interface.
  • Type: Set to “Downstream”.
  • Networks: Add the subnet range for the Secure subnet (e.g., 192.168.10.0/24).

2. Enable Avahi Daemon (mDNS Repeater) on pfSense:

  • Go to Services > Avahi.
  • Check the box to Enable the mDNS repeater.
  • Under Interfaces, select both your “Secure subnet” and “IOT subnet” interfaces.
  • Save the configuration.
Step 2: Configure Firewall Rules

1. Allow Multicast Traffic on the Secure Subnet:

  • Go to Firewall > Rules.
  • Select your “Secure subnet” interface.
  • Click Add to create a new rule.
  • Set the following:
  • Action: Pass
  • Interface: Your “Secure subnet” interface.
  • Protocol: UDP
  • Source: Any
  • Destination: Network
  • Destination Address: Your “IOT subnet” (e.g., 192.168.20.0/24)
  • Destination Port Range: 5353 (both from and to)
  • Save and apply the rule.

2. Allow Multicast Traffic on the IOT Subnet:

  • Select your “IOT subnet” interface.
  • Click Add to create a new rule.
  • Set the following:
  • Action: Pass
  • Interface: Your “IOT subnet” interface.
  • Protocol: UDP
  • Source: Any
  • Destination: Network
  • Destination Address: Your “Secure subnet” (e.g., 192.168.10.0/24)
  • Destination Port Range: 5353 (both from and to)
  • Save and apply the rule.

Step 3: Restart The Services

  • This should do it.