How to setup UDPBroadcastRelay on pfSense CE 2.6

/ Networking, pfSense / By

Introduction

If you’re a home-labber like me, you’ve probably attempted to subnet your home network to separate the unsafe Wi-Fi devices from your LAN. This is a great idea in theory but quickly falls apart if you have many smart devices on your network. In my network I have an Nvidia shield with Chromecast capability, a wireless printer, and countless other IOT devices that connect to different subnets.

The problem here is that many devices will use mDNS or multicast DNS to let other devices know that they are there. For example my printer sends out multicast packets advertising the ipp (internet printing protocol) on it’s IP address. I have pfSense for my home router and even with firewall rules wide open, it will not route those mDNS packets between subnets.

Enter Martin Wasley updbroadcastrelay, he developed this great program that listens for packets on a specified UDP broadcast port and sends it to all specified interfaces as though it originated from the sender. Even better news is that it was ported over to FreeBSD (the pfSense base OS) and is now way easier to install!

Prerequisites

  • pfSense CE 2.6 (2.7 is not out but promises to have a package for this built in).
  • An idea of the devices you want accessible across subnets.
  • Wireshark is a great tool to monitor the traffic on each subnet to make sure it’s working.
  • ssh enabled on your pfSense router, only temporarily

You will also want to have your network segmented into different subnets. I’m using the following interfaces and VLANs for this example:

  • LAN – igc1
  • Server LAN – igc2
  • WLAN – igc2.2
  • IOT WLAN – igc2.69

Steps

  1. On your desktop, download package from https://freebsd.pkgs.org
  2. Copy the package from your computer to the pfSense router, I like to use scp from PowerShell:
scp C:\temp\udpbroadcastrelay-3.0.b.pkg root@pfsense.home.domain:~/

This syntax will place the file in the home directory of the root user. If you have another user with admin permissions you could also use that in this case.

  1. ssh into the router with putty, or as I prefer, PowerShell.
  2. Install the package with:
pkg add udpbroadcastrelay-0.3.b.pkg
  1. That’s it for the command line steps! If you enabled ssh just for this you can safely disable it again. Return to the UI for pfSense and go to System -> Package Manager -> Available Packages. Install the Shellcmd package.
  2. Once the install is complete go to Services -> Shellcmd. I’ll provide some examples below of the correct syntax to use with pfSense but the GitHub page has some good references for the actual ports and addresses.

Examples

mDNS over multiple subnets:

/usr/bin/nohup /usr/local/sbin/./udpbroadcastrelay --id 1 --port 5353 --dev igc1 --dev igc2 --dev igc2.2 --dev igc2.69 --multicast 224.0.0.251 -s 1.1.1.1 -f > /dev/null

SSDP over multiple subnets:

/usr/bin/nohup /usr/local/sbin/./udpbroadcastrelay --id 2 --port 1900 --dev igc1 --dev igc2 --dev igc2.2 --dev igc2.69 --multicast 239.255.255.250 -f > /dev/null