How to get Bell Fibe in Quebec/Ontario (Internet and IPTV) working with pfSense
-
@zax103, thanks a lot for this post. I recently switched from Videotron to Bell FTTH recently and after reading what you've done, I was sure I could also replicate such a setup. I didn't have a pfSense box at home (only at the office), so I was wondering if I could get this working on cheaper hardware (Linksys E4200 with custom firmware). In the process, I went through several issues that I had to debug, but actually got it fully working. I've wrote about it on a different forum and you can find my post if you search for 'Tossing the Home Hub 2000 while keeping TV', but I wanted to highlight a few things in your setup.
Bell also uses VLAN 37 for what it seemed, some IPv6 traffic. Anyone thinking about simply bridging their WAN port to connect the HH2000 on it should also bring that VLAN on it. However, if you aren't using that HH2000 device, you don't have to worry about it at all.
When my setup was completed, I could watch TV, but once in a while, it would simply cut off for a very short period of time, then resume. I tracked this down to a timeout mechanism used by Bell (upstream), or it could even be coming from the ONT. The interface on VLAN36 will receive an IGMP request to report the current subscription from 192.168.1.1. If the IGMP proxy doesn't answer that request, the multicast membership will be evicted. So you should add "192.168.1.0/24" to your upstream configuration to handle this.
As for the 'Apps' and 'On Demand' features, you need to hijack the DNS queries that are going to "*.iptv.bell.ca". I didn't take any chance, and did hijack the entire "bell.ca" and "bell.com" domains redirecting these queries to one of the DNS servers I was getting back from the DHCP Ack. I'm not sure if you are using dnsmasq on your setup, but if you do, the configuration change is simple:
rebind-domain-ok=bell.ca
rebind-domain-ok=bell.com
server=/bell.ca/10.2.127.228
server=/bell.com/10.2.127.228The 'rebind-domain-ok' is only needed if you have 'stop-dns-rebind' in your configuration, which prohibits upstream servers from returning private addresses. For instance, "mdsfe001.iptv.bell.ca" has to resolve to "10.2.121.4".
With all of this, an STB user wouldn't even noticed that the HH 2000 device isn't used anymore.
Thanks again for your great post!
-
thanks for the info everything is working fine for the iptv but now i have igmp flooding and crashing my wlan.does anyone have a tip for controling those igmp broadcast
![Screenshot 2015-07-02 00.45.57.png](/public/imported_attachments/1/Screenshot 2015-07-02 00.45.57.png)
![Screenshot 2015-07-02 00.45.57.png_thumb](/public/imported_attachments/1/Screenshot 2015-07-02 00.45.57.png_thumb) -
I want to thank everybody here, I was finally able to get everything working today. IPTV, Relaunch and OnDemand all working perfectly.
-
DNS resolving, forcing all *.bell.ca addresses to 10.2.127.228 fixed all DNS issue for me.
-
Adding the "192.168.1.0/24" to the upstream configuration resolved the freeze when the signal switched over too multicast.
-
As for the IGMP flooding on my wlan, I run DD WRT on my AP and blocked all multicast packets on all interfaces. Therefor no more wireless interruptions.
Something I did noticed, making any modification on pfsense, requires a full reset of all devices for my configuration to stick.
-
-
Hi guys,
Sorry I should have mentioned that the any/any/any rules can definitely be tweaked.
First of all, yes, you can restrict the WAN_IPTV rule to UDP only.
Keep in mind that WAN_IPTV is from the VLAN which is linked directly to a private network at Bell's data center and doesn't hit the public internet.
I started with everything wide open, and I plan on closing things up a bit while the system is running. I just didn't want a too-restrictive firewall rule to slow me down, it was hard enough as it was. :)
–---
I should also mention that one is supposed to set the QoS priority on the IPTV VLAN to 4. I haven't done it because I have 175/175, but at 50/50 you might need to. I might do it in future if I see my signal suffering.
Hi, thank you for your great tutorial. Could you give me the specific on how to set QoD on the IPTV VLAN to 4 please. I have been searching for days on traffic shaping and havn't find the right way yet.
-
Hi guys,
Sorry I should have mentioned that the any/any/any rules can definitely be tweaked.
First of all, yes, you can restrict the WAN_IPTV rule to UDP only.
Keep in mind that WAN_IPTV is from the VLAN which is linked directly to a private network at Bell's data center and doesn't hit the public internet.
I started with everything wide open, and I plan on closing things up a bit while the system is running. I just didn't want a too-restrictive firewall rule to slow me down, it was hard enough as it was. :)
–---
I should also mention that one is supposed to set the QoS priority on the IPTV VLAN to 4. I haven't done it because I have 175/175, but at 50/50 you might need to. I might do it in future if I see my signal suffering.
Hi, thank you for your great tutorial. Could you give me the specific on how to set QoD on the IPTV VLAN to 4 please. I have been searching for days on traffic shaping and havn't find the right way yet.
I meant QoS not QoD, sorry
-
I want to thank everybody here, I was finally able to get everything working today. IPTV, Relaunch and OnDemand all working perfectly.
-
DNS resolving, forcing all *.bell.ca addresses to 10.2.127.228 fixed all DNS issue for me.
-
Adding the "192.168.1.0/24" to the upstream configuration resolved the freeze when the signal switched over too multicast.
-
As for the IGMP flooding on my wlan, I run DD WRT on my AP and blocked all multicast packets on all interfaces. Therefor no more wireless interruptions.
Something I did noticed, making any modification on pfsense, requires a full reset of all devices for my configuration to stick.
Hi, can I ask you how you managed to force all bell.ca to 10.2.127.228 please ? I am using Outbound as my DNS resolver. Thanks
-
-
I want to thank everybody here, I was finally able to get everything working today. IPTV, Relaunch and OnDemand all working perfectly.
-
DNS resolving, forcing all *.bell.ca addresses to 10.2.127.228 fixed all DNS issue for me.
-
Adding the "192.168.1.0/24" to the upstream configuration resolved the freeze when the signal switched over too multicast.
-
As for the IGMP flooding on my wlan, I run DD WRT on my AP and blocked all multicast packets on all interfaces. Therefor no more wireless interruptions.
Something I did noticed, making any modification on pfsense, requires a full reset of all devices for my configuration to stick.
Hi, can I ask you how you managed to force all bell.ca to 10.2.127.228 please ? I am using Outbound as my DNS resolver. Thanks
From here : https://forum.pfsense.org/index.php?topic=87738.msg534214#msg534214
-
-
Thank you !
-
I found fairly easy solution and no additional trouble with the routing/NAT and no need for IGMP proxy.
Ok, I am not Canadian but my provider is also offering IPTV on VLAN 4.
what I did:
Had to create 3 additional interfaces under Interface Assignments.
IPTV_IN would be VLAN4 taken from network card handling the WAN connection.
IPTV_OUT would be physical NIC in pfSense box which you would connect to the IPTV STB
IPTV_BRIDGE would be bridge between those two. And only this would have IP from DHCP. The previous 2 assignments are left without anything assigned to them.What's left to do after creating those intefaces is to add passing rules for them in Firewall settings. And you are good to go.
I also changed Outbound NAT rules to manual and removed bunch of rules from there to tighten down subnet isolation but it's not really needed for watching TV.
Im away from home working about week but if anyone is interested, I can provide screenshots from WebUI afterwards.
-
Hello,
New user here. I'm trying to achieve the same objective as the OP (Bell Fibe Internet + IPTV without the Bell-provided Home Hub). Can someone who has done this please confirm whether the IPTV receiver can still obtain software updates with this setup? My concern is that Bell might have some port forwarding for remote management hidden away in the configuration of the Home Hub (not visible to the end user), and without this the receiver can't update itself.
Also, my setup is complicated by the fact that my LAN is on 10.10.1.0/24 which of course overlaps with Bell's IPTV range 10.0.0.0/8; I expect this will cause some routing issues.
Thanks
cinergi -
Hi @cinergi,
I've received updates with my configuration no problem. I went through the whole setup with a senior bell engineer and he likely would have mentioned this shortcoming if it existed.
I'm using 10.50.0.0/16 for my LAN and I have no problems whatsoever with the 10.0.0.0/8 probably because of the "downstream" setting on IGMPProxy.
Incidentally, you aren't the same @cinergi from the TMC forums are you? :)
Rob
-
Hello
My objective was;
Keep VLAN35 for Internet on HOMELAN on 192.168.2.0/24 (through pfsense) and keep VLAN36 for IPTV through the HH2000 on 192.168.10.0/24 + internet to achieve wireless through the hub (simply because i like the app BELL FIBE TV and it as to be on same subnet of IPTV to work…) It was important for me to keep two separate subnet because i like to manage my things and the HUB, well, i don't like it.
Ethernet cable from ONT through switch (cheap 8 ports switch from tplink)
Something like this http://blog.ngpixel.com/post/104449747538/how-to-bypass-bell-fibe-hub-and-use-your-own-router
SWITCH;
port1 = Ont
port2 = Hub2000
port3 = Wan(pfsense)PFSENSE
Setup VLAN35 + PPPOE WAN side
LAN on 192.168.2.0/24, HOMELAN + dhcp serverHUB2000
I inserted my B1xxxxxx + password for Internet/fibe + setup wirelessSo i have 2 x PPPOE, one on pfsense for VLAN35 and one on the hub for IPTV.
What its weird is that it worked so i kind have two public IP…?The HUB2000 crap help me to learn a lot in the past few weeks. I tried all kind of setup including the one described by shaqan wich is a nice approch, but i didn't achieve the goal, i don't have enough knowledge, help for this also http://www.dslreports.com/forum/r30116518-Tossing-the-Home-Hub-2000-while-keeping-TV, i understand only partially my problem so far, alot of readings to do…
I keep reading
-
Out of curiosity, why didn't you do the full switchover to pfSense? You wouldn't have the strange issues you're reporting had you done that. The Bell Fibe app works and you have full functionality with the Bell TV system.
-
Hello
I was not able to make it right, wasn't fluid enough, i was losing gateway with apinger and didn't have enough time to figure it out so i reverted back to my old setup, vlan35 on pfsense and vlan36 through hub2000, has i said i have much more readings to do. I take it one step at a time.
thx again
-
Oh no worries, just curious.
I assume you are getting two PPPoE addresses because you are passing the ONT signal through a switch which doesn't filter VLAN 35, so both the Home Hub 2000 and the pfSense box have access to VLAN 35.
You could check that by using a service like whatismyip.com. I'm betting your WiFi network (from the Home Hub) is on a different subnet than your wired pfSense network. Might not be great for, for example, controlling wired devices from your Wi-Fi smartphone.
-
Hi @cinergi,
I've received updates with my configuration no problem. I went through the whole setup with a senior bell engineer and he likely would have mentioned this shortcoming if it existed.
I'm using 10.50.0.0/16 for my LAN and I have no problems whatsoever with the 10.0.0.0/8 probably because of the "downstream" setting on IGMPProxy.
Incidentally, you aren't the same @cinergi from the TMC forums are you? :)
Rob
Hello @Zax123,
Sorry for the delayed reply. I thought the forum would notify me of new posts in this thread but it didn't, so I only saw your post now.
It's good to know that the software updates still work with this setup! I'm still working on my own setup. I should have mentioned that I'm not actually using pfSense, but an Edgerouter from Ubiquiti Networks. It runs a version of Vyatta. I'm currently having problems with my multicast streams - the IPTV stream works for about 10 seconds on every new channel, then freezes. I've read that Bell starts each stream as unicast and switches to multicast after approximately 10 seconds, so it seems that my receiver can't make the transition to multicast. I'm working to troubleshoot this issue, but I can't find anything wrong with my IGMP proxy settings.
My IPTV receiver is connected via coax cable (HPNA). I've ordered an HPNA media converter, but in the meantime I've been using the Home Hub 2000 as a media converter by plugging my router into one of the LAN ports (not WAN) and letting the Home Hub bridge this to the HPNA port. It only occurred to me afterwards that the Home Hub might be doing some IGMP and/or multicast filtering on its LAN ports, and since in a standard Fibe configuration this traffic comes from the WAN port, this could explain the issue I'm seeing. I'll be able to confirm once I receive my HPNA converter to replace the Home Hub.
As for the TMC Forums, I'm not sure what "TMC" stands for but I don't recall being a member of any forum with that acronym! :)
Thanks!
-cinergi
-
Hello
For now I have no Fibe Tv but Internet is ok. Yesterday i began troubleshooting with Bell and its a pain.
I have lost connection with IPTV Gateway, it is offline and no tv, no hockey no baseball….
I have reconnected all the cable as standard, just pfsense in a lan port of the Hub2000.
I have seen a couple of this 16.10.2015 17:00:48 WRN DHCPC The WAN DHCP client process has successfully been terminated on Vlan 36
Any idea?
Thx
-
Hello
Finally solve my problem, had to replace de HH2000…
Thx
-
The 10 second thing is definitely a problem with IGMP proxy. The settings I show at the beginning of this thread should help you to troubleshoot. Not sure if another router (not pfSense) would have the same settings, but I know that once I implement IGMP proxy in pfSense, that problem went away instantly.
Does your IPTV receiver not have the option of being connected by RJ45 port? That would eliminate the need for the Home Hub 2000 to convert…
-
Hello
Finally solve my problem, had to replace de HH2000…
Thx
You also could bypass the HH2000 altogether. When you plug pfSense into a HH2000 LAN port, the HH2000 goes into some kind of bridge mode, but it definitely slows down the connection and adds another layer that your packets have to travel through.
My intention with this thread was to eliminate the need for the HH2000 which is definitely possible. I've lived without it for more than a year now.
Now I need to upgrade my hardware because I got gigabit fiber from Bell and my little APU can't handle the speed. :(