How to get Bell Fibe in Quebec/Ontario (Internet and IPTV) working with pfSense

surrealillusion

Well this is going to sound strange but after leaving the whole setup alone and doing some more traffic captures I plugged everything back in and it now works. I didn't make any changes to the pfSense config, very odd. Finally I can enjoy the PVR and be rid of this homehub. Thanks for the help!

cwilkinson

@surrealillusion:

Well this is going to sound strange but after leaving the whole setup alone and doing some more traffic captures I plugged everything back in and it now works. I didn't make any changes to the pfSense config, very odd. Finally I can enjoy the PVR and be rid of this homehub. Thanks for the help!

First of all, thanks to the OP, and everyone else in this thread.

I had everything working in a virtual machine to test, except I had a dedicated subnet/interface for the LAN side of the IPTV, everything worked.

So I decided to move to an APU unit and now I am receiving the same network connection error on the dvr unit as surrealillusion… my Wireless Receiver works fine to watch tv.

Tried DVR on HomeHub again, works fine, moved back same issue.

I am wondering if there is a timeout or something that needs to drop as I have made many changes/tests, so I guess I am waiting it out as I can see nothing getting blocked.

Elegant

Is there anyway to set this up with non-FTTH? I can't seem to get a gateway IP, just says "Dynamic' and no internet activity. Was hoping to have my pfSense and my Coax to Ethernet box replace the HH2000.

seb851

Hello,

I followed the tutorial step by step:

Internet works totally
TV Works partially: Multicast work but not Replay, VOD and APP

Any idea ?

PfSense Router Configuration:
Config: Intel Atom Processor C2750, Supermicro A1SAi-2750F, 4gb ram, 120gb ssd
Version: 2.2.6-RELEASE (amd64)

nabolito

@iscy:

@zax103, thanks a lot for this post. I recently switched from Videotron to Bell FTTH recently and after reading what you've done, I was sure I could also replicate such a setup. I didn't have a pfSense box at home (only at the office), so I was wondering if I could get this working on cheaper hardware (Linksys E4200 with custom firmware). In the process, I went through several issues that I had to debug, but actually got it fully working. I've wrote about it on a different forum and you can find my post if you search for 'Tossing the Home Hub 2000 while keeping TV', but I wanted to highlight a few things in your setup.

Bell also uses VLAN 37 for what it seemed, some IPv6 traffic. Anyone thinking about simply bridging their WAN port to connect the HH2000 on it should also bring that VLAN on it. However, if you aren't using that HH2000 device, you don't have to worry about it at all.

When my setup was completed, I could watch TV, but once in a while, it would simply cut off for a very short period of time, then resume. I tracked this down to a timeout mechanism used by Bell (upstream), or it could even be coming from the ONT. The interface on VLAN36 will receive an IGMP request to report the current subscription from 192.168.1.1. If the IGMP proxy doesn't answer that request, the multicast membership will be evicted. So you should add "192.168.1.0/24" to your upstream configuration to handle this.

As for the 'Apps' and 'On Demand' features, you need to hijack the DNS queries that are going to "*.iptv.bell.ca". I didn't take any chance, and did hijack the entire "bell.ca" and "bell.com" domains redirecting these queries to one of the DNS servers I was getting back from the DHCP Ack. I'm not sure if you are using dnsmasq on your setup, but if you do, the configuration change is simple:
rebind-domain-ok=bell.ca
rebind-domain-ok=bell.com
server=/bell.ca/10.2.127.228
server=/bell.com/10.2.127.228

The 'rebind-domain-ok' is only needed if you have 'stop-dns-rebind' in your configuration, which prohibits upstream servers from returning private addresses. For instance, "mdsfe001.iptv.bell.ca" has to resolve to "10.2.121.4".

With all of this, an STB user wouldn't even noticed that the HH 2000 device isn't used anymore.

Thanks again for your great post!

Hi,
Where exactly enter the dns changes (rebind-domain-ok=bell.ca, rebind-domain-ok=bell.com, server=/bell.ca/10.2.127.228, server=/bell.com/10.2.127.228) on the web configurator ?

thank you,
Nabolito.

singerie

@nabolito:

@iscy:

@zax103, thanks a lot for this post. I recently switched from Videotron to Bell FTTH recently and after reading what you've done, I was sure I could also replicate such a setup. I didn't have a pfSense box at home (only at the office), so I was wondering if I could get this working on cheaper hardware (Linksys E4200 with custom firmware). In the process, I went through several issues that I had to debug, but actually got it fully working. I've wrote about it on a different forum and you can find my post if you search for 'Tossing the Home Hub 2000 while keeping TV', but I wanted to highlight a few things in your setup.

Bell also uses VLAN 37 for what it seemed, some IPv6 traffic. Anyone thinking about simply bridging their WAN port to connect the HH2000 on it should also bring that VLAN on it. However, if you aren't using that HH2000 device, you don't have to worry about it at all.

When my setup was completed, I could watch TV, but once in a while, it would simply cut off for a very short period of time, then resume. I tracked this down to a timeout mechanism used by Bell (upstream), or it could even be coming from the ONT. The interface on VLAN36 will receive an IGMP request to report the current subscription from 192.168.1.1. If the IGMP proxy doesn't answer that request, the multicast membership will be evicted. So you should add "192.168.1.0/24" to your upstream configuration to handle this.

As for the 'Apps' and 'On Demand' features, you need to hijack the DNS queries that are going to "*.iptv.bell.ca". I didn't take any chance, and did hijack the entire "bell.ca" and "bell.com" domains redirecting these queries to one of the DNS servers I was getting back from the DHCP Ack. I'm not sure if you are using dnsmasq on your setup, but if you do, the configuration change is simple:
rebind-domain-ok=bell.ca
rebind-domain-ok=bell.com
server=/bell.ca/10.2.127.228
server=/bell.com/10.2.127.228

The 'rebind-domain-ok' is only needed if you have 'stop-dns-rebind' in your configuration, which prohibits upstream servers from returning private addresses. For instance, "mdsfe001.iptv.bell.ca" has to resolve to "10.2.121.4".

With all of this, an STB user wouldn't even noticed that the HH 2000 device isn't used anymore.

Thanks again for your great post!

Hi,
Where exactly enter the dns changes (rebind-domain-ok=bell.ca, rebind-domain-ok=bell.com, server=/bell.ca/10.2.127.228, server=/bell.com/10.2.127.228) on the web configurator ?

thank you,
Nabolito.

you can juste go to your 'dns resolver' page, and add the dns and domain manualy from there. it's at the bottom of the page.

iscy

@singerie:

@nabolito:

@iscy:

@zax103, thanks a lot for this post. I recently switched from Videotron to Bell FTTH recently and after reading what you've done, I was sure I could also replicate such a setup. I didn't have a pfSense box at home (only at the office), so I was wondering if I could get this working on cheaper hardware (Linksys E4200 with custom firmware). In the process, I went through several issues that I had to debug, but actually got it fully working. I've wrote about it on a different forum and you can find my post if you search for 'Tossing the Home Hub 2000 while keeping TV', but I wanted to highlight a few things in your setup.

Bell also uses VLAN 37 for what it seemed, some IPv6 traffic. Anyone thinking about simply bridging their WAN port to connect the HH2000 on it should also bring that VLAN on it. However, if you aren't using that HH2000 device, you don't have to worry about it at all.

When my setup was completed, I could watch TV, but once in a while, it would simply cut off for a very short period of time, then resume. I tracked this down to a timeout mechanism used by Bell (upstream), or it could even be coming from the ONT. The interface on VLAN36 will receive an IGMP request to report the current subscription from 192.168.1.1. If the IGMP proxy doesn't answer that request, the multicast membership will be evicted. So you should add "192.168.1.0/24" to your upstream configuration to handle this.

As for the 'Apps' and 'On Demand' features, you need to hijack the DNS queries that are going to "*.iptv.bell.ca". I didn't take any chance, and did hijack the entire "bell.ca" and "bell.com" domains redirecting these queries to one of the DNS servers I was getting back from the DHCP Ack. I'm not sure if you are using dnsmasq on your setup, but if you do, the configuration change is simple:
rebind-domain-ok=bell.ca
rebind-domain-ok=bell.com
server=/bell.ca/10.2.127.228
server=/bell.com/10.2.127.228

The 'rebind-domain-ok' is only needed if you have 'stop-dns-rebind' in your configuration, which prohibits upstream servers from returning private addresses. For instance, "mdsfe001.iptv.bell.ca" has to resolve to "10.2.121.4".

With all of this, an STB user wouldn't even noticed that the HH 2000 device isn't used anymore.

Thanks again for your great post!

Hi,
Where exactly enter the dns changes (rebind-domain-ok=bell.ca, rebind-domain-ok=bell.com, server=/bell.ca/10.2.127.228, server=/bell.com/10.2.127.228) on the web configurator ?

thank you,
Nabolito.

you can juste go to your 'dns resolver' page, and add the dns and domain manualy from there. it's at the bottom of the page.

Use this from now on:
dhcp-option=br1,6,10.2.127.228

Since my PVR is setup on 'br1', when it sends the DHCP request, the router will return Bell's DNS resolver and all DNS requests from the PVR will now succeed.

There was a firmware update on these machines that are now trying to resolve:
discovery.iptv.microsoft.com. 300 IN A 10.2.76.132

If this doesn't resolve properly, the PVR doesn't boot anymore.

aasimenator

Hello everyone,

I have a question, will this kind of setup also work with Bell "Take the Hill - FTTB" ?

my Client has a Bell Connection Hub with Internet Only. The Router has limited control / functionality so i finally bought a pfSense SG4860 router.

I have been trying to get it to work but i am unable to, Bell Customer support people are not helping… When i asked them if i need to configure VLANs or anything else they said no.

Currently I have the connection going like this...

Fiber Box > Connection Hub > Switches > Desktops & servers

I would like to replace the connection hub with the pfSense router.

Does anyone have any idea on how do i get this done? Does the FTTB follow the same configuration as FTTH which the OP has setup? am i asking in the wrong section :-X

Thanks in Advance.

Aasim

techanalyst

Trying to accomplish this with a Cisco ASA and a pair of Cisco 3850s

Any pointerS?

befrenchy

@zax123:

Hi all,

I thought I'd post this for all to see as others may be interested in how I finally got this working.

My mission was to replace the Bell Home Hub 2000 router which is a rather in-flexible device considering that I have 175mbps/175mbps service. I wanted to replace it with a pfSense box I built on an APU.

After doing some reading, I realized that Bell passes both internet and IPTV on one network wire using VLANs coming off the ONT (Optical Network Terminator) box.

They use VLAN 35 for internet and PPPoE authentication on this VLAN and VLAN 36 for IPTV with DHCP.

The steps to get internet working are quite simple. You create a VLAN at 35 on the external interface that connects to the one active port on the ONT:
.

While you're in there, create a VLAN at 36 on the same interface for the IPTV connection.

Then assign that VLAN to an interface and enable it and set it to use PPPoE authentication:

That's pretty much all you need to do for internet. pfSense does the NATing and routing setup for you automatically.

Getting IPTV to work is a little more involved.

First assign the VLAN 36 to an interface, and set it to DHCP:

Your automatic gateways will look like this:

Then set up a static route for 10.0.0.0/8 to go to the gateway discovered by DHCP on the IPTV WAN interface:

Then set an advanced option on the LAN interface and the WAN-IPTV interface in the pass all firewall rules:

Finally, set up IGMP proxying as such:

If you've done everything correctly, you likely don't even need to restart pfSense, it'll just start working!

If anyone has any questions about this, let me know.

Robert

Is this setup still working for you? I just got my Fibe Internet and TV yesterday and trying to set this up as you do but I can't get the PPPoE interface to come up. Has anything changed at all in the setup?

shaqan

Why would you mess around using IGMP proxy? What's wrong with simply bridging the IPTV-related interfaces together and simply passing the traffic trough pfSense? As far as I can tell, all (and there is a bunch of 'em) IPTV related services work.

My setup (Northern-European/Scandinavian ISP Telia or Telia Sonera). IPTV coming in tagged as VLAN4, Internet traffic is left untagged

Interfaces followed by logic:
IPTV_INT - Virtual interface derived from VLAN4.
IPTV_EXT - Physical NIC, for connecting the pfSense box and ISP-provided TV set-top box.
IPTV_BR - For bridging the two above and requesting DHCP

Interface assignments (bigger picture under thumbnails)

Configuring IPTV VLAN4

IPTV_EXT

IPTV_IN

IPTV bridging. No Advanced settings used.

IPTV_BR

Grouped all the IPTV-related interfaces together

Firewall rules IPTV_INT/IPTV_EXT/IPTV_BR are all the same, nothing defined. Rules are under group tab "TV"

Firewall rules TV

'allowing' base rule more precisely
Part I

Part II (below that, everything is 'by default')

Don't think there's anything else left to do.. If pictures are loading slowly, let me know. I'll find some other host and modify the post accordingly.

singerie

I did a fresh install recently, and i'm a bit lost for some settings …

I added the 2 domain override here : https://192.168.5.1/services_unbound_overrides.php

Domain IP Description Actions
bell.ca 10.2.127.228
bell.com 10.2.127.228

but i'm a bit lost with those setings ...

rebind-domain-ok=bell.ca
rebind-domain-ok=bell.com

dhcp-option=br1,6,10.2.127.228

in what page or config file do i enter those settings ?

Also, my iptv wan interface is opt2, so I would replace br1 with opt2 i guess ?

infologikcell.com

Hi , brilliant post ! , I was looking for this a while now … however, Im still missing If I read this correcyly , the two VLANs(35 &36) goes to the same WAN interface ? , then how can you diferentiate traffic ? there got to be some kind of switch (one port goes to VLAN35 and the other directly to IPTV ?

can you elaborate more on this setup i.e. traffic coming in on VLAN35 goes out on interfacce X and traffic incoming from VLAN36 goes to interface Y ?

Thank You

singerie

@info@logikcell.com:

Hi , brilliant post ! , I was looking for this a while now … however, Im still missing If I read this correcyly , the two VLANs(35 &36) goes to the same WAN interface ? , then how can you diferentiate traffic ? there got to be some kind of switch (one port goes to VLAN35 and the other directly to IPTV ?

can you elaborate more on this setup i.e. traffic coming in on VLAN35 goes out on interfacce X and traffic incoming from VLAN36 goes to interface Y ?

Thank You

With the current bug (https://redmine.pfsense.org/issues/6099) i would suggest to skip vlan for now …. I have a 4 port gigabit intel (+- 75$ on ebay) .... 1 wan port, 1 lan port, 1 wanfibe port, and 1 lanfibe port. for this to work, you will probably need a managed switch that support vlan (until the bug is solved, then you will be able to run a cat5/6 cable directly between your pfsense & ONT).

the port between the managed switch & ONT will have to be tagged with vlan 35 & 36, then on different port, you setup 2 access port, 1 with vlan 35, and the other on vlan 36.

djstiky

Hi Guys,

I just switched to Bell for Gigabit Internet + TV + home phone and was wondering what is the best way to set up pfSense with the Home Hub 3000 (HH3000) which is the current model they are installing (FTTH).
Would want to use the iOS / TvOS apps as well.
I currently have a pfSense box with 2 network cards (1 for WAN and 1 for LAN), a Wifi access point and a unmanaged switch.
An updated guide would be great!

Thank you!

remlei

Just call your ISP and set your ONU or ONT to set your excess ethernet ports and dedicate it for IPTV, in my case I had 4 ethernet ports on ONT, 3 of them are assigned for IPTV and 1 for internet. No more mambo jumbo VLAN setup or routing setup, it works right away.

djstiky

Remlei, can you elaborate? Are you with Bell Fibe with Internet + TV?
Thanks.

sleepmaster91

Hi guys,

I found this forum and i found it very useful and i must thank the OP and everyone who contributed to this thread
I got the internet to work but i had problems with the TV. By doing a lot of googling i found out that you need to put your lan network (in my case 192.168.2.0/24 in the igmp proxy upstream but then the tv would play for 10s and then cut out so i did more googling around and i found a VERY IMPORTANT step : you need to do a bridge between the IPTV wan interface and the LAN interface. As soon as i did that the TV came on and stayed on !!! apps and whatnot are still not working but this is a major progress from the IPTV not working at all (i did try the dns redirection as advised by @iscy but maybe my seetings are wrong i will check tomorrow).

If you have any questions feel free to ask :)

Thanks again !!

Update : I had issues with the multicast packets causing tv to cut if i had multiple receivers plugged in my lan switch so i ~~installed a third NIC plugged in a seperate switch and configured IPTV on that interface. Now tv and internet works A1. Next step : installing a wireless access point ;)~~ split the lan into 2 vlans and used a managed switch (more info here https://www.highlnk.com/2014/06/configuring-vlans-on-pfsense/ )

Update #2 : PVR wasn't working on the wireless receivers connected to the VAP2500(IPTV Access Point). Thanks to @iscy who gave me a hint in the right direction(reply #13) I did some syslog investigation and i found out there was IPv6 traffic being blocked on the LAN interface(I really suggest everyone to host a syslog server on their PC/network) After i added Ipv6 traffic on the "Pass all" traffic rule on the IPTV LAN and rebooted everything PVR was up and running again !! Now all is working(Internet+IPTV+apps+PVR) ~~I'm 90% on my pfsense connection as i'm speaking(HH2000 is still hooked up for wifi connection and I might get a cheap AC1200 wireless router to finish the full switch to pfsense)~~ I'm 100% on the pfsense nowThanks again everyone for your contribution it helped me a lot :)

Update #3: I finlly made the full switch to pfsense yesterday and i noticed that the Tv would cut on/off every 5-10min so i did some investigation and i found out that you need to spoof the HH2000 MAC address to the WAN internet interface. I think bell has a list of mac addresses associated with their routers and that it doesn't work with a non-bell mac address. Also i noticed when you plug the VAP2500 in the switch there's a couple of "wrong network" errors on the wireless receivers so i had to unplug it for a couple seconds then plug iy back and reboot the wireless receivers and everything was fine then otherwise they would just boot to the "Bell Fibe" screen until you unplug the AP and plugged it back

If anyone needs help to get everything to work send me a PM and i will gladly help :)

froussy

I got it work with the 2.4 finally.. .. but app doesnt work… I added bell.ca in the resolver (with 10.2.xxx) and from a pc if I try to nslookup, I get "server failed"

any clue ?

Thanks

DPyro

A little off topic but I don't know where else to go for help. I got an Asus router with AdvancedTomato installed and got Internet and my PVR working. However, I need help getting my VAP2500/VIP2502 to work. Does anyone have suggestions why I'm stuck at the Bell logo on boot?

Do I need to place it on the same vlan as my PVR?
Do I need to get the apps to work in order for the VAP2500/VIP2502 to work?