Solved this. The problem was that I was switching vlan 4 and vlan 6 through the netgear switch towards to pfsense firewall. igmp snooping on the netgear can only look at one vlan. I chose the client side vlan, therefore vlan 4 igmp traffic was being dropped.
Also, it’s totally not as complex as I have seen written in different places. vlan 4 is multicast traffic only. Therefore no routes need to be added. Also, no outbound nat needs to be added because no traffic passes through the pfsense to vlan 4. It all happens through the igmp proxy, which means the packet source is the vlan 4 interface address. This also means you are protected by default because of the default deny rule, which should mean that NAT itself is not even needed to be enabled I’m guessing.
In fact, it was all the suggestions to use outbound NAT and adding extra static routes that made it all complex and difficult to setup. It was only later than I put the fiber cable into the switch and from there to the pfsense. That caused the last problem.
The important things to pay attention to are:
- Setup igmp snooping on the switches monitoring the client side vlan. So all boxes should be on the same vlan.
- Likely set rules to allow options on tcp connections to the 185.24.* addresses where the unicast comes from.
- Connect the vlan 4 and vlan 6 cable directly into the pfsense firewall to avoid the problem with the igmp snooping limitation.
- Obviously to setup the igmp proxy, it’s needed.
It’s possible that the architecture has simplified since some guides were written, though I doubt it. Who can tell 