This is a pretty common scenario:
You have a media server (think windows media server or XBMC server) that is connected to your wired network. You also have a variety of wireless clients (think netbooks or laptops) that you would like to setup in order to use the media server via streaming or UPnP. In my particular case I had a wireless ubuntu laptop hosting uShare which I wanted to connect to my wired Xbox 360 to play content on the TV. (to read more about setting up uShare on ubuntu follow the blogpost here: http://nexus172.wordpress.com/2009/04/26/how-to-stream-video-to-your-xbox360-using-ubuntu-ushare/)
Only problem is, good security practices state that you should segregate the wireless and wired networks into different subnets, which is what I had done. My sonicwall firewall separated the two subnets and filtered traffic passing between them. Now in my support days SonicWALL’s official stance used to be that they do not support Xbox since UPnP is inherently not very secure (which is true) and it opens different ports to make things a bit more interesting. Nevertheless with some multicasting knowledge I managed to get this working using the following method:
1. Setup the uShare server as described in the link. (pity uShare is not under active development anymore… if this bothers you, you may want to consider installing and setting up XBMC as a UPnP server)
2. Took a packet capture on the sonicwall and reproduced the issue. I saw something similar to the following (in this screenshot traffic is passing, though at this stage you probably will see the traffic being dropped)
Note how the destination IP is a multicast IP address : 126.96.36.199.
3. I enabled multicast on both the LAN (wired) and WLAN interfaces from the network > interfaces section:
4. At this point, I also enabled multicast via firewall > multicast. I thought it was a done deal at this point but the packet capture still showed the packets being dropped. The drop code showed an error code of 206. Looking this up on the sonicwall KB page here:
We see that 206 stands for: 206 No IGMP interface entry found
5. So under Firewall > Multicast > Multicast policies I disabled the option “Require IGMP membership reports for multicast data…” and chose the option “enable reception for the following multicast addresses: xbox”, where “xbox” is a network object containing a multicast address type IP of 188.8.131.52
6. In the WLAN > LAN and LAN > WLAN firewall rules I defined a rule to allow all UDP communication between the server and XBOX. For further security, you could run a packet capture to see which ports are being used by the XBOX, but these change so it’s a bit of a gamble.
Note that multicast only is used in the initial discovery phase, once that is done (i.e. xbox finds the UPnP server) the traffic is UDP unicast between the two nodes.
One last tip : this should be done automatically but just in case make sure appropriate allow rules exist in the LAN > MULTICAST and WLAN > MULTICAST firewall rules
That’s it! The packet capture was now showing packets being forwarded (as shown in my first screenshot)