Why is pfSense blocking multicast traffic when it is explicitly enabled?

I have a pair of pfSense firewall/routers set up in CARP/XML Config cluster. On the LAN side, the switch also has a pair of servers running corosync/pacemaker/drbd. These are on a different ip network, but still generate multicast packets.

For the life of me, I cannot get pfSense to allow the packets. I tried using the easy rule button, but that failed. I also added a rule that allows all ports, all addresses with a destination of the multicast address, and enabled "allowopts" and "nostate"; all to no avail. The traffic is still stopped by the default rule. Any idea what I might be doing wrong?

Here is a shot of the rules (and yes, they've been reloaded a few times: Firewall Rules screenshot

I've also tried "no state." The rule under the title there is the Easy-Rule, and it chose the 239 address for both the source and destination; the src port is * and the dest port is 5405.

Here is the log showing the rejection by the default rule: Firewall Log screenshot

It's worth noting that it originally showed the scrubbing rule was also blocking, so I disabled the packet fragment scrubbing.


Solution 1:

Your rule's IP address seems to be incorrect : 192.132.1.0/30 in your firewall rules picture and 192.168.132.2 in your logs

The firewall rule IP should probably be allowing multicast traffic from 192.168.132.0/30 (or the appropriate subnet)