Igmpproxy noworking

firbc

I tried… still nothing. Attaching logs...

IGMPProxy logs:

igmpproxy, Version 0.1 beta2, Build 090427 
Copyright 2005 by Johnny Egeland <johnny@rlo.org>
Distributed under the GNU GENERAL PUBLIC LICENSE, Version 2 - check GPL.txt

Debu: Searching for config file at '/tmp/igmpproxy.conf'
Debu: Config: Quick leave mode enabled.
Debu: Config: Got a phyint token.
Debu: Config: IF: Config for interface xl0.
Debu: Config: IF: Got upstream token.
Debu: Config: IF: Got ratelimit token '0'.
Debu: Config: IF: Got threshold token '1'.
Debu: Config: IF: Got altnet token 172.16.100.0/24.
Debu: Config: IF: Altnet: Parsed altnet to 172.16.100/24.
Debu: Config: IF: Got altnet token 84.255.209.0/24.
Debu: Config: IF: Altnet: Parsed altnet to 84.255.209/24.
Debu: Config: IF: Got altnet token 84.255.208.0/24.
Debu: Config: IF: Altnet: Parsed altnet to 84.255.208/24.
Debu: Config: IF: Got altnet token 172.17.140.0/24.
Debu: Config: IF: Altnet: Parsed altnet to 172.17.140/24.
Debu: Config: IF: Got altnet token 172.17.141.0/24.
Debu: Config: IF: Altnet: Parsed altnet to 172.17.141/24.
Debu: IF name : xl0
Debu: Next ptr : 0
Debu: Ratelimit : 0
Debu: Threshold : 1
Debu: State : 1
Debu: Allowednet ptr : 2820c030
Debu: Config: Got a phyint token.
Debu: Config: IF: Config for interface rl0.
Debu: Config: IF: Got downstream token.
Debu: Config: IF: Got ratelimit token '0'.
Debu: Config: IF: Got threshold token '1'.
Debu: Config: IF: Got altnet token 192.168.0.0/24.
Debu: Config: IF: Altnet: Parsed altnet to 192.168.0/24.
Debu: IF name : rl0
Debu: Next ptr : 0
Debu: Ratelimit : 0
Debu: Threshold : 1
Debu: State : 2
Debu: Allowednet ptr : 2820c080
Debu: Adding Physical Index value of IF 'xl0' is 1
Debu: buildIfVc: Interface xl0 Addr: 89.212.139.155, Flags: 0xffff8843, Network: 89.212/16
Debu: Adding Physical Index value of IF 'rl0' is 2
Debu: buildIfVc: Interface rl0 Addr: 192.168.0.50, Flags: 0xffff8843, Network: 192.168.0/24
Debu: Adding Physical Index value of IF 'lo0' is 3
Debu: buildIfVc: Interface lo0 Addr: 127.0.0.1, Flags: 0xffff8049, Network: 127/8
Debu: Found config for xl0
Debu: Found config for rl0
Note: adding VIF, Ix 0 Fl 0x0 IP 0x9b8bd459 xl0, Threshold: 1, Ratelimit: 0
Debu:         Network for [xl0] : 89.212/16
Debu:         Network for [xl0] : 172.16.100/24
Debu:         Network for [xl0] : 84.255.209/24
Debu:         Network for [xl0] : 84.255.208/24
Debu:         Network for [xl0] : 172.17.140/24
Debu:         Network for [xl0] : 172.17.141/24
Note: adding VIF, Ix 1 Fl 0x0 IP 0x3200a8c0 rl0, Threshold: 1, Ratelimit: 0
Debu:         Network for [rl0] : 192.168.0/24
Debu:         Network for [rl0] : 192.168.0/24
Debu: Got 262144 byte buffer size in 0 iterations
Debu: Joining all-routers group 224.0.0.2 on vif 192.168.0.50
Note: joinMcGroup: 224.0.0.2 on rl0
Debu: SENT Membership query   from 192.168.0.50    to 224.0.0.1
Debu: Sent membership query from 192.168.0.50 to 224.0.0.1\. Delay: 10
Debu: Created timeout 1 (#0) - delay 10 secs
Debu: (Id:1, Time:10) 
Debu: Created timeout 2 (#1) - delay 21 secs
Debu: (Id:1, Time:10) 
Debu: (Id:2, Time:21) 
Debu: Packet from 192.168.0.50: proto: 2 hdrlen: 24 iplen: 8 or 2048
Note: RECV V2 member report   from 192.168.0.50    to 224.0.0.2 (ip_hl 24, data 8)
Note: The IGMP message was from myself. Ignoring.
Debu: Packet from 192.168.0.50: proto: 2 hdrlen: 20 iplen: 8 or 2048
Note: RECV Membership query   from 192.168.0.50    to 224.0.0.1 (ip_hl 20, data 8)
Debu: Packet from 192.168.0.23: proto: 2 hdrlen: 24 iplen: 8 or 2048
Note: RECV V2 member report   from 192.168.0.23    to 239.255.255.250 (ip_hl 24, data 8)
Debu: Should insert group 239.255.255.250 (from: 192.168.0.23) to route table. Vif Ix : 1
Debu: No existing route for 239.255.255.250\. Create new.
Debu: No routes in table. Insert at beginning.
Info: Inserted route table entry for 239.255.255.250 on VIF #1
Debu: Joining group 239.255.255.250 upstream on IF address 89.212.139.155
Note: joinMcGroup: 239.255.255.250 on xl0
Debu: 
Current routing table (Insert Route);
-----------------------------------------------------

Debu: #0: Dst: 239.255.255.250, Age:2, St: I, OutVifs: 0x00000002
Debu: 
-----------------------------------------------------

Debu: Eliminate compiler warning for field type = 22
Debu: Packet from 89.212.139.155: proto: 2 hdrlen: 24 iplen: 8 or 2048
Note: RECV V2 member report   from 89.212.139.155  to 239.255.255.250 (ip_hl 24, data 8)
Note: The IGMP message was from myself. Ignoring.
Debu: Packet from 10.0.1.13: proto: 2 hdrlen: 20 iplen: 8 or 2048
Note: RECV Membership query   from 10.0.1.13       to 239.1.1.67 (ip_hl 20, data 8)
Debu: Packet from 10.0.1.13: proto: 2 hdrlen: 20 iplen: 8 or 2048
Note: RECV Membership query   from 10.0.1.13       to 239.1.1.141 (ip_hl 20, data 8)
Debu: Packet from 192.168.0.22: proto: 2 hdrlen: 24 iplen: 8 or 2048
Note: RECV V2 member report   from 192.168.0.22    to 224.0.0.252 (ip_hl 24, data 8)
Debu: Should insert group 224.0.0.252 (from: 192.168.0.22) to route table. Vif Ix : 1
Debu: No existing route for 224.0.0.252\. Create new.
Debu: Found existing routes. Find insert location.
Debu: Inserting after route 239.255.255.250
Info: Inserted route table entry for 224.0.0.252 on VIF #1
Debu: Joining group 224.0.0.252 upstream on IF address 89.212.139.155
Note: joinMcGroup: 224.0.0.252 on xl0
Debu: 
Current routing table (Insert Route);
-----------------------------------------------------

Debu: #0: Dst: 239.255.255.250, Age:2, St: I, OutVifs: 0x00000002
Debu: #1: Dst: 224.0.0.252, Age:2, St: I, OutVifs: 0x00000002
Debu: 
-----------------------------------------------------

Debu: Eliminate compiler warning for field type = 22
Debu: Packet from 89.212.139.155: proto: 2 hdrlen: 24 iplen: 8 or 2048
Note: RECV V2 member report   from 89.212.139.155  to 224.0.0.252 (ip_hl 24, data 8)
Note: The IGMP message was from myself. Ignoring.
Debu: Packet from 89.212.139.155: proto: 2 hdrlen: 24 iplen: 8 or 2048
Note: RECV V2 member report   from 89.212.139.155  to 239.255.255.250 (ip_hl 24, data 8)
Note: The IGMP message was from myself. Ignoring.
Debu: Packet from 192.168.0.23: proto: 2 hdrlen: 24 iplen: 8 or 2048
Note: RECV V2 member report   from 192.168.0.23    to 239.192.152.143 (ip_hl 24, data 8)
Debu: Should insert group 239.192.152.143 (from: 192.168.0.23) to route table. Vif Ix : 1
Debu: No existing route for 239.192.152.143\. Create new.
Debu: Found existing routes. Find insert location.
Debu: Inserting at beginning, before route 239.255.255.250
Info: Inserted route table entry for 239.192.152.143 on VIF #1
Debu: Joining group 239.192.152.143 upstream on IF address 89.212.139.155
Note: joinMcGroup: 239.192.152.143 on xl0
Debu: 
Current routing table (Insert Route);
-----------------------------------------------------

Debu: #0: Dst: 239.192.152.143, Age:2, St: I, OutVifs: 0x00000002
Debu: #1: Dst: 239.255.255.250, Age:2, St: I, OutVifs: 0x00000002
Debu: #2: Dst: 224.0.0.252, Age:2, St: I, OutVifs: 0x00000002
Debu: 
-----------------------------------------------------

Debu: Eliminate compiler warning for field type = 22
Debu: Packet from 89.212.139.155: proto: 2 hdrlen: 24 iplen: 8 or 2048
Note: RECV V2 member report   from 89.212.139.155  to 239.192.152.143 (ip_hl 24, data 8)
Note: The IGMP message was from myself. Ignoring.
Debu: Packet from 89.212.139.155: proto: 2 hdrlen: 24 iplen: 8 or 2048
Note: RECV V2 member report   from 89.212.139.155  to 239.192.152.143 (ip_hl 24, data 8)
Note: The IGMP message was from myself. Ignoring.
Debu: Packet from 10.0.1.13: proto: 2 hdrlen: 20 iplen: 8 or 2048
Note: RECV Membership query   from 10.0.1.13       to 239.1.1.67 (ip_hl 20, data 8)
Debu: Packet from 10.0.1.13: proto: 2 hdrlen: 20 iplen: 8 or 2048
Note: RECV Membership query   from 10.0.1.13       to 239.1.1.141 (ip_hl 20, data 8)
Debu: Packet from 192.168.0.2: proto: 2 hdrlen: 24 iplen: 8 or 2048
Note: RECV V2 member report   from 192.168.0.2     to 239.1.1.196 (ip_hl 24, data 8)
Debu: Should insert group 239.1.1.196 (from: 192.168.0.2) to route table. Vif Ix : 1
Debu: No existing route for 239.1.1.196\. Create new.
Debu: Found existing routes. Find insert location.
Debu: Inserting after route 239.192.152.143
Info: Inserted route table entry for 239.1.1.196 on VIF #1
Debu: Joining group 239.1.1.196 upstream on IF address 89.212.139.155
Note: joinMcGroup: 239.1.1.196 on xl0
Debu: 
Current routing table (Insert Route);
-----------------------------------------------------

Debu: #0: Dst: 239.192.152.143, Age:2, St: I, OutVifs: 0x00000002
Debu: #1: Dst: 239.1.1.196, Age:2, St: I, OutVifs: 0x00000002
Debu: #2: Dst: 239.255.255.250, Age:2, St: I, OutVifs: 0x00000002
Debu: #3: Dst: 224.0.0.252, Age:2, St: I, OutVifs: 0x00000002
Debu: 
-----------------------------------------------------

Debu: Eliminate compiler warning for field type = 22
Debu: Packet from 89.212.139.155: proto: 2 hdrlen: 24 iplen: 8 or 2048
Note: RECV V2 member report   from 89.212.139.155  to 239.1.1.196 (ip_hl 24, data 8)
Note: The IGMP message was from myself. Ignoring.
Debu: Packet from 192.168.0.50: proto: 2 hdrlen: 24 iplen: 8 or 2048
Note: RECV V2 member report   from 192.168.0.50    to 224.0.0.2 (ip_hl 24, data 8)
Note: The IGMP message was from myself. Ignoring.
Debu: Packet from 10.0.1.13: proto: 2 hdrlen: 20 iplen: 8 or 2048
Note: RECV Membership query   from 10.0.1.13       to 239.1.1.56 (ip_hl 20, data 8)
Debu: Packet from 10.0.1.13: proto: 2 hdrlen: 20 iplen: 8 or 2048
Note: RECV Membership query   from 10.0.1.13       to 239.1.1.89 (ip_hl 20, data 8)
Debu: Packet from 10.0.1.13: proto: 2 hdrlen: 20 iplen: 8 or 2048
Note: RECV Membership query   from 10.0.1.13       to 239.1.1.56 (ip_hl 20, data 8)
Debu: About to call timeout 1 (#0)
Debu: Aging routes in table.</johnny@rlo.org>

upstream interface:

listening on xl0, link-type EN10MB (Ethernet), capture size 96 bytes
16:55:52.621387 IP 10.0.1.13 > 239.1.1.67: igmp query v2 [max resp time 20] [gaddr 239.1.1.67]
16:55:52.681141 IP 10.0.1.13 > 239.1.1.141: igmp query v2 [max resp time 20] [gaddr 239.1.1.141]
16:55:54.483330 IP 10.0.1.13 > 239.1.1.67: igmp query v2 [max resp time 20] [gaddr 239.1.1.67]
16:55:54.487321 IP 10.0.1.13 > 239.1.1.141: igmp query v2 [max resp time 20] [gaddr 239.1.1.141]
16:55:57.341130 IP 10.0.1.13 > 239.1.1.56: igmp query v2 [max resp time 20] [gaddr 239.1.1.56]
16:55:57.498146 IP 10.0.1.13 > 239.1.1.89: igmp query v2 [max resp time 20] [gaddr 239.1.1.89]
16:55:58.484496 IP 10.0.1.13 > 239.1.1.56: igmp query v2 [max resp time 20] [gaddr 239.1.1.56]
16:55:59.486103 IP 10.0.1.13 > 239.1.1.89: igmp query v2 [max resp time 20] [gaddr 239.1.1.89]
16:55:59.691610 IP 10.0.1.13 > 239.1.1.54: igmp query v2 [max resp time 20] [gaddr 239.1.1.54]
16:56:00.612221 IP 10.0.1.13 > 239.1.1.253: igmp query v2 [max resp time 20] [gaddr 239.1.1.253]
16:56:01.485312 IP 10.0.1.13 > 239.1.1.54: igmp query v2 [max resp time 20] [gaddr 239.1.1.54]
16:56:01.947106 IP 10.0.1.13 > 239.1.1.90: igmp query v2 [max resp time 20] [gaddr 239.1.1.90]
16:56:02.484413 IP 10.0.1.13 > 239.1.1.253: igmp query v2 [max resp time 20] [gaddr 239.1.1.253]
16:56:03.338506 IP 10.0.1.13 > 239.1.1.41: igmp query v2 [max resp time 20] [gaddr 239.1.1.41]
16:56:03.487262 IP 10.0.1.13 > 239.1.1.90: igmp query v2 [max resp time 20] [gaddr 239.1.1.90]
16:56:04.465623 IP 10.0.1.13 > 239.1.1.18: igmp query v2 [max resp time 20] [gaddr 239.1.1.18]
16:56:04.484366 IP 10.0.1.13 > 239.1.1.41: igmp query v2 [max resp time 20] [gaddr 239.1.1.41]
16:56:05.372219 IP 10.0.1.13 > 239.1.1.96: igmp query v2 [max resp time 20] [gaddr 239.1.1.96]
16:56:05.484465 IP 10.0.1.13 > 239.1.1.18: igmp query v2 [max resp time 20] [gaddr 239.1.1.18]
16:56:06.499832 IP 10.0.1.13 > 239.1.1.96: igmp query v2 [max resp time 20] [gaddr 239.1.1.96]
16:56:06.986881 IP 10.0.1.13 > 239.1.1.5: igmp query v2 [max resp time 20] [gaddr 239.1.1.5]
16:56:07.534196 IP 10.0.1.13 > 239.1.1.55: igmp query v2 [max resp time 20] [gaddr 239.1.1.55]
16:56:07.833971 IP 10.0.1.13 > 239.1.1.108: igmp query v2 [max resp time 20] [gaddr 239.1.1.108]
16:56:08.422791 IP 10.0.1.13 > 239.1.1.41: igmp query v2 [max resp time 20] [gaddr 239.1.1.41]
16:56:08.484538 IP 10.0.1.13 > 239.1.1.5: igmp query v2 [max resp time 20] [gaddr 239.1.1.5]
16:56:08.783066 IP 10.0.1.13 > 239.1.1.67: igmp query v2 [max resp time 20] [gaddr 239.1.1.67]
16:56:09.485665 IP 10.0.1.13 > 239.1.1.41: igmp query v2 [max resp time 20] [gaddr 239.1.1.41]
16:56:09.489890 IP 10.0.1.13 > 239.1.1.108: igmp query v2 [max resp time 20] [gaddr 239.1.1.108]
16:56:09.499401 IP 10.0.1.13 > 239.1.1.55: igmp query v2 [max resp time 20] [gaddr 239.1.1.55]
16:56:09.742920 IP 10.0.1.13 > 239.1.1.109: igmp query v2 [max resp time 20] [gaddr 239.1.1.109]
16:56:10.342237 IP 10.0.1.13 > 239.1.1.56: igmp query v2 [max resp time 20] [gaddr 239.1.1.56]
16:56:10.472746 IP 10.0.1.13 > 239.1.1.57: igmp query v2 [max resp time 20] [gaddr 239.1.1.57]
16:56:10.484244 IP 10.0.1.13 > 239.1.1.67: igmp query v2 [max resp time 20] [gaddr 239.1.1.67]
16:56:11.485354 IP 10.0.1.13 > 239.1.1.109: igmp query v2 [max resp time 20] [gaddr 239.1.1.109]
16:56:11.489842 IP 10.0.1.13 > 239.1.1.56: igmp query v2 [max resp time 20] [gaddr 239.1.1.56]
16:56:11.493843 IP 10.0.1.13 > 239.1.1.57: igmp query v2 [max resp time 20] [gaddr 239.1.1.57]
16:56:12.564220 IP 10.0.1.13 > 239.1.1.112: igmp query v2 [max resp time 20] [gaddr 239.1.1.112]
16:56:14.082126 IP 10.0.1.13 > 239.1.1.22: igmp query v2 [max resp time 20] [gaddr 239.1.1.22]
16:56:14.084370 IP 10.0.1.13 > 239.1.1.54: igmp query v2 [max resp time 20] [gaddr 239.1.1.54]
16:56:14.487918 IP 10.0.1.13 > 239.1.1.112: igmp query v2 [max resp time 20] [gaddr 239.1.1.112]
^C
40 packets captured
708 packets received by filter
0 packets dropped by kernel

downstream interface:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes
16:55:51.152763 IP 192.168.0.23 > 239.255.255.250: igmp v2 report 239.255.255.250
16:55:53.019928 IP 192.168.0.22 > 224.0.0.252: igmp v2 report 224.0.0.252
16:55:53.159780 IP 192.168.0.23 > 239.192.152.143: igmp v2 report 239.192.152.143
16:55:54.778272 IP 192.168.0.2 > 239.1.1.196: igmp v2 report 239.1.1.196
16:56:04.010537 IP 192.168.0.2 > 224.0.0.2: igmp leave 239.1.1.196
16:56:04.011157 IP 192.168.0.50 > 239.1.1.196: igmp query v2 [gaddr 239.1.1.196]
16:56:04.555460 IP 192.168.0.2 > 239.1.1.196: igmp v2 report 239.1.1.196
16:56:04.778919 IP 192.168.0.2 > 239.1.1.196: igmp v2 report 239.1.1.196
16:56:09.775502 IP 192.168.0.2 > 224.0.0.2: igmp leave 239.1.1.196
16:56:09.775859 IP 192.168.0.50 > 239.1.1.196: igmp query v2 [gaddr 239.1.1.196]
16:56:09.782944 IP 192.168.0.2 > 239.1.1.159: igmp v2 report 239.1.1.159
16:56:10.233938 IP 192.168.0.2 > 224.0.0.2: igmp leave 239.1.1.159
16:56:10.234865 IP 192.168.0.50 > 239.1.1.159: igmp query v2 [gaddr 239.1.1.159]
16:56:10.241733 IP 192.168.0.2 > 239.1.1.192: igmp v2 report 239.1.1.192
16:56:10.279853 IP 192.168.0.2 > 239.1.1.192: igmp v2 report 239.1.1.192
16:56:10.943221 IP 192.168.0.2 > 224.0.0.2: igmp leave 239.1.1.192
16:56:10.944132 IP 192.168.0.50 > 239.1.1.192: igmp query v2 [gaddr 239.1.1.192]
16:56:10.951770 IP 192.168.0.2 > 239.1.1.159: igmp v2 report 239.1.1.159
16:56:11.280018 IP 192.168.0.2 > 239.1.1.159: igmp v2 report 239.1.1.159
16:56:13.714242 IP 192.168.0.50 > 239.1.1.196: igmp query v2 [gaddr 239.1.1.196]
^C
20 packets captured
859 packets received by filter
0 packets dropped by kernel

routing table:

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            89.212.0.1         UGS         0  1387675    xl0
89.212.0.0/16      link#1             UC          0       20    xl0
89.212.0.1         00:90:1a:42:80:5c  UHLW        2      970    xl0     69
89.212.71.79       00:90:1a:42:80:5c  UHLW        1        0    xl0   1082
89.212.72.188      00:90:1a:42:80:5c  UHLW        1        2    xl0    720
89.212.139.155     127.0.0.1          UGHS        0        0    lo0
89.212.172.197     00:90:1a:42:80:5c  UHLW        1        0    xl0    720
89.212.228.72      00:11:6b:17:a7:21  UHLW        1        6    xl0   1168
127.0.0.1          127.0.0.1          UH          1        0    lo0
192.168.0.0/24     link#2             UC          0        0    rl0
192.168.0.2        00:1a:4d:41:3e:3f  UHLW        1  2612889    rl0   1179
192.168.0.22       00:16:ea:ae:61:7e  UHLW        1      636    rl0   1051
224.0.0.0/4        89.212.0.1         UGS         0        0    xl0
224.0.0.1          89.212.0.1         UGHS        0        0    xl0
224.0.0.2          89.212.0.1         UGHS        0        0    xl0

Eugene

On WAN you have to have rule allowing outgoing traffic, you can not create it using gui.
Please give the output of

pfctl -sr | grep allow-opts

firbc

sorry, you mean this right?

# pfctl -sr | grep allow-opts
pass in quick on xl0 proto igmp all keep state allow-opts label "USER_RULE: ipTV" queue(qwandef, qwanacks)
pass in quick on xl0 proto udp all keep state allow-opts label "USER_RULE: ipTV" queue(qwandef, qwanacks)
pass in quick on rl0 all flags S/SA keep state allow-opts label "USER_RULE" queue(qlandef, qlanacks)
#

Eugene

you see? you do not have pass out.
Did you copy my files after you reinstalled package?

firbc

I try but I getting errors and there is no automatic routes,… not exactly sure why. I copy both filter.inc and igmpproxy on location that you said.

If I enter "pfctl -sr | grep allow-opts" with version you gave it to me it doesn't show me anything.

igmpproxy, Version 0.1 beta2, Build 090818 
Copyright 2005 by Johnny Egeland <johnny@rlo.org>
Distributed under the GNU GENERAL PUBLIC LICENSE, Version 2 - check GPL.txt

Debu: Searching for config file at '/tmp/igmpproxy.conf'
Debu: Config: Quick leave mode enabled.
Debu: Config: Got a phyint token.
Debu: Config: IF: Config for interface xl0.
Debu: Config: IF: Got upstream token.
Debu: Config: IF: Got ratelimit token '0'.
Debu: Config: IF: Got threshold token '1'.
Debu: Config: IF: Got altnet token 172.16.100.0/24.
Debu: Config: IF: Altnet: Parsed altnet to 172.16.100/24.
Debu: Config: IF: Got altnet token 84.255.209.0/24.
Debu: Config: IF: Altnet: Parsed altnet to 84.255.209/24.
Debu: Config: IF: Got altnet token 84.255.208.0/24.
Debu: Config: IF: Altnet: Parsed altnet to 84.255.208/24.
Debu: Config: IF: Got altnet token 172.17.140.0/24.
Debu: Config: IF: Altnet: Parsed altnet to 172.17.140/24.
Debu: Config: IF: Got altnet token 172.17.141.0/24.
Debu: Config: IF: Altnet: Parsed altnet to 172.17.141/24.
Debu: IF name : xl0
Debu: Next ptr : 0
Debu: Ratelimit : 0
Debu: Threshold : 1
Debu: State : 1
Debu: Allowednet ptr : 2820c030
Debu: Config: Got a phyint token.
Debu: Config: IF: Config for interface rl0.
Debu: Config: IF: Got downstream token.
Debu: Config: IF: Got ratelimit token '0'.
Debu: Config: IF: Got threshold token '1'.
Debu: Config: IF: Got altnet token 192.168.0.0/24.
Debu: Config: IF: Altnet: Parsed altnet to 192.168.0/24.
Debu: IF name : rl0
Debu: Next ptr : 0
Debu: Ratelimit : 0
Debu: Threshold : 1
Debu: State : 2
Debu: Allowednet ptr : 2820c080
Debu: Adding Physical Index value of IF 'xl0' is 1
Debu: buildIfVc: Interface xl0 Addr: 89.212.139.155, Flags: 0xffff8843, Network: 89.212/16
Debu: Adding Physical Index value of IF 'rl0' is 2
Debu: buildIfVc: Interface rl0 Addr: 192.168.0.50, Flags: 0xffff8843, Network: 192.168.0/24
Debu: Adding Physical Index value of IF 'lo0' is 3
Debu: buildIfVc: Interface lo0 Addr: 127.0.0.1, Flags: 0xffff8049, Network: 127/8
Debu: Found config for xl0
Debu: Found config for rl0
Note: adding VIF, Ix 0 Fl 0x0 IP 0x9b8bd459 xl0, Threshold: 1, Ratelimit: 0
Debu:         Network for [xl0] : 89.212/16
Debu:         Network for [xl0] : 172.16.100/24
Debu:         Network for [xl0] : 84.255.209/24
Debu:         Network for [xl0] : 84.255.208/24
Debu:         Network for [xl0] : 172.17.140/24
Debu:         Network for [xl0] : 172.17.141/24
Note: adding VIF, Ix 1 Fl 0x0 IP 0x3200a8c0 rl0, Threshold: 1, Ratelimit: 0
Debu:         Network for [rl0] : 192.168.0/24
Debu:         Network for [rl0] : 192.168.0/24
Debu: Got 262144 byte buffer size in 0 iterations
Debu: Joining all-routers group 224.0.0.2 on vif 192.168.0.50
Note: joinMcGroup: 224.0.0.2 on rl0
Info: sendto to 224.0.0.2 on 192.168.0.50; Errno(1): Operation not permitted
Debu: SENT V2 member report   from 192.168.0.50    to 224.0.0.2
Info: sendto to 224.0.0.1 on 192.168.0.50; Errno(1): Operation not permitted
Debu: SENT Membership query   from 192.168.0.50    to 224.0.0.1
Debu: Sent membership query from 192.168.0.50 to 224.0.0.1\. Delay: 10
Debu: Created timeout 1 (#0) - delay 10 secs
Debu: (Id:1, Time:10) 
Debu: Created timeout 2 (#1) - delay 21 secs
Debu: (Id:1, Time:10) 
Debu: (Id:2, Time:21) 
Debu: About to call timeout 1 (#0)
Debu: Aging routes in table.
Debu: 
Current routing table (Age active routes);
-----------------------------------------------------

Debu: No routes in table...
Debu: 
-----------------------------------------------------

Debu: About to call timeout 2 (#0)
Info: sendto to 224.0.0.1 on 192.168.0.50; Errno(1): Operation not permitted
Debu: SENT Membership query   from 192.168.0.50    to 224.0.0.1
Debu: Sent membership query from 192.168.0.50 to 224.0.0.1\. Delay: 10
Debu: Created timeout 3 (#0) - delay 10 secs
Debu: (Id:3, Time:10) 
Debu: Created timeout 4 (#1) - delay 21 secs
Debu: (Id:3, Time:10) 
Debu: (Id:4, Time:21) 
Debu: Got a IGMP request to process...
Debu: Packet from 10.0.1.13: proto: 2 hdrlen: 20 iplen: 8 or 2048
Note: RECV Membership query   from 10.0.1.13       to 224.0.0.1 (ip_hl 20, data 8)
Debu: About to call timeout 3 (#0)
Debu: Aging routes in table.
Debu: 
Current routing table (Age active routes);
-----------------------------------------------------

Debu: No routes in table...
Debu: 
-----------------------------------------------------

Debu: About to call timeout 4 (#0)
Info: sendto to 224.0.0.1 on 192.168.0.50; Errno(1): Operation not permitted
Debu: SENT Membership query   from 192.168.0.50    to 224.0.0.1
Debu: Sent membership query from 192.168.0.50 to 224.0.0.1\. Delay: 10
Debu: Created timeout 5 (#0) - delay 10 secs
Debu: (Id:5, Time:10) 
Debu: Created timeout 6 (#1) - delay 115 secs
Debu: (Id:5, Time:10) 
Debu: (Id:6, Time:115) 
Debu: About to call timeout 5 (#0)
Debu: Aging routes in table.
Debu: 
Current routing table (Age active routes);
-----------------------------------------------------

Debu: No routes in table...
Debu: 
-----------------------------------------------------

^CWarn: select() failure; Errno(4): Interrupted system call
Note: Got a interupt signal. Exiting.
Debu: clean handler called
Note: All routes removed. Routing table is empty.
Info: Shutdown complete....</johnny@rlo.org>

Eugene

You did something wrong. Lets proceed off-forum to avoid spamming here. I'd like to see your screen (or connect remotely to your pfsense). I'll e-mail you in approx 2 hours.

dimokrat

hi all!

My IGMPProxy is not working too..

I've simply installed the appropriate package, and specify WAN as upstream and LAN as downstream (without any additional options, because I don't understand it). And there is no picture at all. What I made wrong?

firbc

Hi again,

I testing Eugene's version of IGMPProxy for few days now and is working very well. That version also work well with IGMP v3. I testing this on pfSense 1.2.3-RC3 built on Fri Oct 30 05:27:54 UTC 2009 version.

Thanks Eugene for good work.

the6thday

hi

did a lot of testing and debuging with eugene over the last week, and it's working now, even with the somewhat strange german T-Home setups.

Big thx to Eugene for the great work!

myka

Hi,
my pf alow-opts rules looks like this:
is it correct? On wan interface I see only messages: igmp query v2

# pfctl -sr | grep allow-op
pass out all flags S/SA keep state allow-opts label "let out anything from firewall host itself"
pass in quick on rl0 reply-to (rl0 84.240.30.62) inet all flags S/SA keep state allow-opts label "USER_RULE"
pass in log quick on nfe0 all flags S/SA keep state allow-opts label "USER_RULE: Default allow LAN to any rule"
# tcpdump -ni rl0 igmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes
02:38:40.619355 IP 84.240.30.62 > 224.0.0.1: igmp query v2

Eugene

Looks good.

Clouseau

Sorry, but I just can't figure this out at all?

Am I stupid or what, but is there anywhere a manual how this IGMPproxy should be configured and do you have to do still rules for igmp ect…? At least the documentation sucks deebly. I just can guess what should be feeded in where and why.

I noticed that there is a webGUI for this but I can see only cli stuff here. Is there any documentation and working samples available anywhere.

Here is the webGUI part to fill up:

WAN
Interface: WAN
Description:ISP
Type:upstream interface
Threshold:
Networks:12.23.45.67/20

LAN
Interface: LAN
Description:Lan network
Type:downstream interface
Threshold:
Networks:192.168.1.1/24

So whats wrong or missing? Which Ip address and how the mask should be presented here? 12.23.45.67/20 or 12.23.45.67 255.255.240.0. Should this be the wan side network address or my WAN interface address or what?

Networks on LAN side? Same questions as on WAN side - how the ip or networ should be presented exactly whit mask or whit out the mask. Or should here be my setopbox's ip or LAn interface ip or what?

Understand my frustration now? There is no basic hint what to feed in here and as I said before the documentation sucks  >:(

Now I and many other IPTV users needs this faq whit good examples! The more print screens the better  ;D

Eugene

Howto
I truly belive that if a person understands what he is doing then he is doing much better then stupidly following some procedure without understanding what it is all about. Thus a bit of theory here. If you are not interested go directly to "Setup and configuration procedure".
Theory
On the diagram below PC1 wants to watch IPTV i.e. to receive multicast stream.
(1) player generates IGMP-report saying "I want to receive multicast stream which is being disseminated to some multicast IP (let it be 239.0.0.1). Multicast stream is a stream of UDP packets (in our case of IPTV picture + sound). Different multicast addresses mean different TV channels. This IGMP-report is multicast packet as well and is forwarded to all devices on given local network segment by the switch(es), i.e. all devices on this segment receive this packtes (let's not touch multicast aware switches here).
(2) But all devices do not care about this IGMP-report, only pfSense with running igmpproxy becomes aware that some device (PC1) connected to its lan wants to receive a multicast stream. LAN interface on our diagram according to igmpproxy terminology is "Downstream interface" in other words "Interface where receiver(s) of multicast stream is(are) located". Now pfSense has to get this stream somewhere and it generates IGMP-report on "Upstream interface" (WAN) hoping to get this stream from Provider. Note that there is no routing of packet (1), pf does not route multicast/broadcast traffic, this is brand new packet generated by igmpproxy.
(3) Provider's device (most probably router) after receiving your IGMP-report with group IP 239.0.0.1 starts transmitting udp stream with destination IP 239.0.0.1 towards your pfSense.
(4) pfSense already knows who wants to watch this channel as at the step (2) igmpproxy told kernel that this stream is wanted at LAN interface and BSD kernel without any igmpproxy participation starts routing these packets to LAN where user(s) gets picture and sound in his player.

Setup and configuration procedure.
1. Install igmpproxy package from System->Packages
2. Create a rule on LAN interface in Firewall->Rules
Pass Proto=IGMP Source=LANnet Destination=224.0.0.0/4 in AdvancedOptions check "This allows packets with ip options to pass …"
Save/Apply
It will allow igmpproxy to receive IGMP-reports on LAN.
3. Create a rule on WAN interface in Firewall->Rules
Pass Proto=UDP Destination=224.0.0.0/4
Save/Apply
It will allow you to receive multicast stream with any multicast IP.
4. Configure igmpproxy in Services->IGMP proxy. Make LAN Downstream and WAN Upstream interfaces.
5. Check that igmpproxy is running (green) in Status->Services.

90% probability that this is it - enjoy.
Optional steps:
6. Extraordinary case one - provider sends packets with source IP which does not belong to your network configured on Upstream-WAN (different from 1.1.1.0/24 on our diagram), for example packets have 3.4.5.42. We need to add this network in igmpproxy config for Upstream interface - add 3.4.5.0/24 in Networks for this interface.
7. Extraordinary case two - you have complex network connected to LAN and there is a router which is capable to route multicast packets and the device that wants to see IPTV is connected not directly to pfSense LAN segment but to other segment (after this router) having IP belonging let's say to 10.10.10.0/24. In this case we need to add this subnet in igmpproxy config for Downstream interface - add 10.10.10.0/24 in Networks. Probably you'll need to create a rule on LAN interface for this subnet as we did for LAN subnet in step 2. I depends how your router is configured.
8. Extraordinary case three - this is when you have extraordinary cases one and two at the same time.Complete both steps 6. and 7.

PS: rules must be more strict. All that was created above means the same as "allow all" for ordinary unicast packets.
PPS: UDP-stream IPTV is usually lots of small packets, so this is pretty intensive load on your nics and cpu. If you have bad picture/sound quality the first thing to check is your system load.
PPPS: you can easily create several Downstream interfaces if needed.
P(4)S: remarks and comments are welcome!

Recommended reading: IGMP protocol.

Ting

:D :D :D

This is quite great stuff!! Sounds like some people (including me) can now get rid of their W70x routers and use real hardware instead. I feel like having read a thousand pages on this topic the last days without any solution.

One silly question: Do you remember this one?

new backbone:

everything that has to do with normal web -> pppoe on vlan7
iptv multicast -> dhcp with some strange options on vlan8

As I'm new to VLAN and things around I've no clue how to solve the dhcp problem.

@the6thday: Maybe you could also share how you resolved this?

Cheers!

Eugene

@Ting:

One silly question: Do you remember this one?

new backbone:
everything that has to do with normal web -> pppoe on vlan7
iptv multicast -> dhcp with some strange options on vlan8

No I do not.

the6thday

@Ting:

@the6thday: Maybe you could also share how you resolved this?

OK heres a litte tutorial for german T-Home IPTV

1)As far as i know the current igmp proxy package is still broken(at least the version number is still the same) @Eugene could you update the package to the latest version?

To resolve this issue i attached a working filter.inc file and a working igmpproxy to this post. !!!!!!!!!remove the .txt extension from the files!!!!!!!!
After you install the package(like you normally would…) you have to upload these two files via sftp to the pfsene box:

1.1: login via ssh to the pfsense box and kill the igmpproxy if its running( select shell in the menu and then use the "top" command to check if igmpproxy is running, if it is press "k" and type in the proxy's process id then press enter...)

1.2: login via sftp (you can use filezilla for this) put the filter.inc file in the /etc/inc/ folder and put the igmpproxy file in the /usr/local/sbin folder, make sure to set execution rights to the file(chmod 777 for example)

2. Now we need to configure pfsense and igmpproxy:

2.1: Do your normal wan setup (pppoe connection over vlanid 7)
You have to use a VDSL modem (for example Speedport 300HS or Speedport 221) you cannot use any of the vdsl routers (speedport W721/W722/W920) in passtrough mode because they mess up the vlan tags!!!

2.2: configure a second opt interface for vlan 8 with dhcp:

Note: you may need to manually configure DNS servers under system->general setup after you did this for your internet connection to work correctly!

2.3: create static routes for the T-Home IPTV networks:

Note: the gatewayIP may be different for your location, i think t-home has diffrent gateways for each city… you can use pfsense's packet capture feature to capture the dhcp response when you enable the opt2(iptv) interface so you can look at it and find out the correct gateway IP.
(t-home uses dhcp options to tell the router what static routes he needs, but the pfsense dhcp client doesn't understand them so you have to set the static routes yourself...)

2.4: configure the igmp proxy:

2.5: allow opts / firewall rules:

Now you have to create a firewall rule for the iptv/opt2 interface, to keep it simple just allow everything:

And now you need to allow opts on the LAN and the IPTV interface:

now reboot and it should work…
(igmpproxy is going to spam your logs with useless info but you can ignore that...)

edit: forgot the firewall rules part (2.5)

filter.inc.txt
igmpproxy.txt

firbc

I have working IGMPProxy but I having problem with all wireless access points on network. When I start TV all connections on wlan dies. Anyone have same problem?

Eugene

What is your setup? What are upstream and downstream interfaces?

Ting

@the6thday:

@Ting:

@the6thday: Maybe you could also share how you resolved this?

OK heres a litte tutorial for german T-Home IPTV

Thanks for this detailled explanation! This is really helpful. I had to add some reboots after virtually every step to have my internet access working but everything else was fine. :-)

But there are still questions from my side:
a) In 2.5 you say "And now you need to allow opts on the LAN and the IPTV interface:". Does this refer to the new rule described before or is this an additional rule?

b) Will the IPTV traffic now on my normal LAN interface which is connected to VLAN agnostic switch? I suppose this will not work. Is there a way to route the VLAN8 traffic to another hardware network interface on my pfsense box?

Thanks again!

the6thday

@Ting:

But there are still questions from my side:
a) In 2.5 you say "And now you need to allow opts on the LAN and the IPTV interface:". Does this refer to the new rule described before or is this an additional rule?

b) Will the IPTV traffic now on my normal LAN interface which is connected to VLAN agnostic switch? I suppose this will not work. Is there a way to route the VLAN8 traffic to another hardware network interface on my pfsense box?

Thanks again!

a: you normally have only one rule on the iptv and the lan interface… (allows everything in any direction) so you have to enable allow opts in this rule...

b: i don't understand the question... the iptv traffic will be on your normal lan interface or whatever you set as downstream interface in the igmp config...
since you have a t-home connection i assume you are german so maybe you should send me a PM in german...

btw: i've updated the igmpproxy attachment in the last post with the new version that currently is included in pfsense 2.0 beta1

In pfsense 2.0 igmp is finally working as it should (igmp leave works)...
In pfsense 1.2.3 igmp leaves are not processed correctly (the same igmpproxy version was used to test this, its not igmpproxy's fault) which could cause problems if you switch channels very often in a short period of time, (but with a vdsl 50mbit connection thats currently not an issue for normal tv use...)