Skip to content

Multicast routing UPnP traffic with Linux

I use my Linux desktop, which has both wired and wireless network adapters, to connect my Xbox 360 to the wireless network. My wireless driver (rt73usb in 2.6.28) does not support source address spoofing, which is needed for bridging, so I used routing instead. This broke UPnP IGD port forwarding, which uses multicast and doesn’t normally traverse a router. My solution: static multicast routing with smcroute.

My local network is, with my Wireless router/DSL modem at connected to the Linux box via wlan0, and my Xbox 360 at connected to the Linux box via eth0. I use proxy arp and a static route for to make the routing work – I’ll discuss this more in a later post. For now just assume that unicast traffic is routed correctly.

Note that running UPnP on your gateway has security implications; disabling UPnP and setting up static port forwarding is a better solution when available. My Verizon branded Actiontec gt701-wg has a crap port forwarding setup that only allows me to forward ports to computers that it has discovered, and it never seemed to discover the 360 behind my Linux box. Also with multiple machines on the network and multiple applications requiring port forwarding for full functionality, static port forwarding can get very tedius.

I messed around with xorp, which supports multicast routing, with no success. A much simpler solution when only a few computers are involved is to setup static multicast routes with smcroute:

# start the daemon
smcroute -d
# add some routes
smcroute -a eth0 wlan0
smcroute -a wlan0 eth0

# If the packets have a TTL of 1, they will be dropped even when the multicast
# routing rules are correct. This ensures that the TTL will be high enough.
iptables -t mangle -A PREROUTING -i eth0 -d -j TTL --ttl-inc 1
iptables -t mangle -A PREROUTING -i wlan0 -d -j TTL --ttl-inc 1

UPnP port forwarding uses the multicast group. The first smcroute -a command will forward any traffic coming in on eth0 from to the multicast group to the wlan0 interface. The second forwards traffic coming in on wlan0 from to to eth0. The second command probably isn’t required – the gateway does send out multicast announcements, but the 360 sends out a multicast query looking for a gateway regardless, and the response from the gateway is unicast, as is all remaining traffic. Note that you do not need to join the Linux box to any multicast groups for this to work.

I’m not sure if the iptables commands are necessary. I used the upnp client from miniupnp (upnpc) and my Linux laptop for the initial setup to make debugging easier, and upnpc sends packets with a TTL of 1 so the mangling was required. The Xbox 360 may use a higher TTL for the multicast packets. [upnpc can also be used to create port forwards for the 360, making multicast routing unnecessary, but that solution is less interesting.]

You can view the multicast routes, and how much they have been used, with the ip utility:

$ ip -s mroute
(,   Iif: wlan0      Oifs: eth0
345 packets, 133456 bytes
(, Iif: eth0       Oifs: wlan0
27 packets, 8362 bytes

Note that if a packet is dropped because the TTL is too low, it will still be included in the mroute packet count .

If you want to access a UPnP media server from a 360, then you will need to forward additional groups for the relavent IPs. Try; if that doesn’t work you will find tcpdump/wireshark with an “ip multicast” filter is very useful.


  1. eden says:


    I have a similar issue with multicast routing but my network is a little different.

    Mediatomb ( eth0) ————— ( eth0) Linux Gateway ( wlan0) ——( client

    I want that upnp client receive the upnp information in order to discover upnp server.
    As your example i need multicast routing but the network are different in my case.

    I don’t know if it’s possible to do that ?

    Sorry for my english i’m french 😉



  2. bda says:

    Hi eden,

    It should work for your setup – it’s actually simpler than the proxy-arp + static routes setup I was using. The important thing is being able to communicate between the two networks without NAT. You should be able to ping .5.1 from .7.1 and vice versa, without NAT changing the source addresses. It may be possible to get working with NAT but that makes things much more complicated. Then setup the multicast routing, but use the media server multicast address, which I think is, instead of


  3. Sumit Arora says:

    bda , May you explain below :

    Over OPENVPN – Forwarding of UPnP SSDP Multicast Packets from One Network to Another

    Network Configuration :

    (PC-A-Network-A – 192.168.60.X) –Switch(Router) — Internet (ISP) — Switch (Router) — (PC-B-Network-B – 192.168.10.X)

    What is happening ?

    libupnp device is running at PC-A-Network-A( and sending multicast packets(SSDP-Notify) at

    libupnp ctrlpoint is running at PC-B Network-B( and sending multicast packets(SSDP-Msearch) at

    OpenVPN Server is running at PC-B Network-B

    OpenVPN Client is running at PC-A Network-A

    (open VPN fully configured, as both network can ping each other)

    Via using smcroute ( from this :, its possible
    to route PC-A-Network Packets to Network-B (SSDP-Multicast Packets), and vice versa.

    What is not hapening ?

    PC-A sending multicast SSDP Packets , and those are forwarded via openVPN to Network -B and vice versa, but no one accepts the multicast packets received from another network ?

    Is there any body can explain ?

    Do I need to configure iptables rules so that packet should be forwarded ? Or required to add some NAT rules or Is it possible to do this scenario ?

  4. bda says:

    Hi Sumit,

    I would expect that to work if no NAT is being done, but I don’t have a very deep understanding of multicast. With my setup the Xbox would appear to other computers on the network as a normal member of the same network. I never actually tested it across networks. Let us know if you find anything.


  5. tkoun says:

    @eden, bda

    I confirm that on a similar network setup as eden’s with 2 subnets with a Synology media server (UPnP, DLNA) on one subnet and a Samsung smartTV on the other, bda’s solution works.
    Instead of a Linux box my router is a DD-WRT so I had to download the smcroute package from the OpenWRT package repo and copy the executable binary in the /jffs writeable partition.


  6. woops says:

    Hi tkoun,

    I have similar setup as yours. 2 subnets with a Synology media server on one subnet which is to be accessed by all kinds of devices on the other subnet. I use Zyxel USG20W as the router and firewall. Could you please post more details on how you route the UPnP multicast in your setup?



  7. Fraa Orolo says:

    Apparently SMCRoute has added some new features, allowing you to forget about the 192.168.1.X source addresses in the routes
    and instead use ANY address.
    This used to work only with Cisco switches and some other prof gear so far.

    this allows to directly forward any MCAST traffic to the SSDP group, which would even work with anonymous clients and
    media players on DHCP supplied addresses.

    Note: the media servers see the client multicasts as well (DISCOVER messages ) and answer with NOTIFY.

  8. tureface says:

    Hello bda,
    your post is very interesting because maybe i have a similar issue.
    I’m not very practical with Linux so sorry if i will put some incorrect question or incorrect detail.
    What i would like to do is route UDP multicast traffic from a IP interface to a wireless interface.
    So i have this traffic that is received by a BOX (it turs with UBUNTU) that has a wifi interface and IP interface.
    The UDP multicast traffic arrive at IP interface (doing a TCPdump at i can see > UDP where 192.x.x.x is (i think) the source and 225.x.x.x is the multicast ID of the service).
    I would like to route this multicast traffic to the wifi interface (

    Can you help me?

    Thanks a lot for your time.

  9. bda says:

    Hi Tureface,

    First you’ll need to make sure smcroute and iptables are installed:

    sudo apt-get install smcroute iptables

    Assuming your wired ethernet interface is eth0, and wireless is wlan0 (you can use ifconfig to determine the actual interface names), I think something like this would work (as root or with sudo for each command):

    # start the daemon
    smcroute -d
    # add some routes
    smcroute -a eth0 wlan0

    # If the packets have a TTL of 1, they will be dropped even when the multicast
    # routing rules are correct. This ensures that the TTL will be high enough.
    iptables -t mangle -A PREROUTING -i eth0 -d -j TTL –ttl-inc 1

    This assumes that all traffic multicast traffic is coming from If it’s coming from multiple sources, you could add an smcroute -a line for each source. If it has a dynamic address, you could install the latest smcroute from source, that Fraa Orolo linked above, and specify as the source, or change it to have a static address.

    Hope that helps, let us know if you get it working and what was required.

  10. arich57 says:


    Would you mind posting exactly what you did to get it working on a dd-wrt based router? I can’t seem to find a repo with smcroute for it.

    I’m trying to get it so I can vpn in through openvpn and have my client see a upnp server in the main network.


  11. Andy says:

    hi Sumit Arora,

    If you want to sent multicast from one network to the other you need to configure OpenVPN in bridge mode (with TAP0 interfaces) instead of route mode.

    check this:

  12. John says:

    Finally some article with clarification of this issue. Although its quite old I’ll just try to get some response anyway.

    I have no idea what exactly to do, could you instruct me a little bit?
    I have a PC running Ubuntu Server 16.04 with a local ip (connected to the dd-wrt router and internet). I’ve installed OpenVPN on it in order to access my media server remotely, but sure enough it cant be seen.
    So the network I have is: enp2s0 (, Bcast, Mask connected to the router) and tun0 (, P-t-P, Mask OpenVPN profile.

    How should I proceed with adding routes via smcroute? The setup described above confuses me on what to route with what.
    Should I touch any settings on the router, I think not, since the OpenVPN connects directly to the machine?

    Thanks, John.

  13. Anoop says:


    I am trying to achieve something similar. I have two upnp server or br10 and upnp client device on br0. I tried the same I am not able to ping each other.

    root@Docsis-Gateway:~# ip -s mroute
    (, Iif: br10 Oifs: br0
    183 packets, 35712 bytes
    (, Iif: br0 Oifs: br10
    0 packets, 0 bytes
    (, Iif: unresolved

    it is showing that packets from “” is zero. I dont know what the last line in that command means which says Iif is unresolved. What is wrong in my configuration?


Leave a Reply