IPTV IGMP multicast problems with BT YouView on pfSense
-
Hmm, double natting, that adds a layer of complexity, I'd recommend you continue to try this with just one router for now until you find the problem - just to simplify the configuration. If you have VLC installed you can open the test channel on a computer to make it easier to generate the IGMP packets and test for the UDP packets. To do that open VLC and go to MEDIA > OPEN NETWORK STREAM… > and paste this into the box "rtp://234.81.130.4:5802" (no quotes). That's the BT YouView Test Channel. That way you can connect your computer directly to the router and still have internet access while debugging.
Then what I did was run a packet capture in pfSense on the IPTV interface by going to DIAGNOSTICS > PACKET CAPTURE set the interface to IPTV and the count to 0. Start a packet capture, then open the test stream for a couple of seconds, close the stream again and then stop the capture. You should have something that looks like this:
That's the IPTV traffic being "requested" via IGMP and arriving, you'll see it intermingled with the PPPoE packets. Only do a short capture because these packets mount up quickly! If you don't see that traffic, then the IGMP traffic isn't making it out to BT, so the problem lies there, if you do, then check the IGMP proxy configuration and the firewall rules. The source IP of the packet (here it is 109.159.247.1) is the subnet you should use in the upstream category (109.159.247.0/24) it will be different for different ISPs. (We are talking about the same BT right? - British Telecom?)
See what you get in your capture and have a fiddle. Post here if no luck. ;)
I notice that you only have a FW rule on IPTV interface, there is no need to have any other rule anywhere else?
No that's the only rule I have, and I'm not sure you even need that.
Mech
EDIT: Oh, and I use 192.168.0.1 for my local network, but if you use something else, make sure you change that in the proxy settings!
-
Hi,
Still no luck!
I tried to get the PFsense linked direct to the BT TV (and kill the internet in my entire place) but no success.
My network is 192.168.10.X, and I have adjusted accordingly.
Before Pfsense (which is 4 days old here) I had a Ubiquiti router as a main gateway connected to openreach modem.
the BTTV device was behind a second router (Netgear), so it was working as "NAT behind NAT" scenario.I will try to capture a log from the Pfsense linked direct to the BTTV and will post here.
thanks for the help!
Luis
-
So, quite useless tentative.
i started the package collection, zap down to the cables, linked ONLY the BTTV equipment on PFsense, which was configured as described by Mech (only change was my LAN address, it was 192.168.10.11). So I had it configured as 192.168.10.11/24.
The BTTV fail to work (again it was openreach modem <-> Pfsense <-> BT TV, nothing else connected).the log was pretty useless to me, the only thing that draw my attention was a few ICMP packages lost to amazonWBS and AKATAI (or ATAMAKI, or something similar) technologies.
a bunch of TCP messages
a good number of UDP (nearly all of them to DNS servers –> port 53).i can see the "frame" working on the TV, with the channels, time, program grade, etc, but there is no content and a few seconds later the message that some problem happen pops in....
At the moment i dont think the ubiquiti router is the issue, as i took it away to test.
the PFsense, is the latest version, the only additions i've made were OPENDNS and Snort.
any ideas of where to look next?
tks
luis
-
Hi,
Just a feedback.
I made it work.
your configuration is exactly right.
I added another NIC on the PFSense box and get rid of the router/double NAT.everything is fine now!
thanks!
Luis
-
Hello,
I have configured my pfsense 2.2.6 as per yours above but with 192.168.1.0/24 as the LAN, but no joy with BT TV for the IP channels.
https://www.dropbox.com/s/xt1r1ccq0lq7gco/IGMP%20Proxy%20Settings.jpg?dl=0
I have the firewall rule set up as above and have changed the DNS to BT's as I was using Google DNS.
https://www.dropbox.com/s/wljwikj5or2nw3l/IPTV%20Firewall%20Rules.jpg?dl=0
https://www.dropbox.com/s/8iqobb752ccxhq5/WAN%20Firewall%20Rules.jpg?dl=0
Any other suggestions as to troubleshooting? I'm trying to get hold of a HH to bypass the pfsense box and confirm all is ok if using a standard BT setup.
Only difference is I do not have a switch which has IGMP Snooping on it.
-
Hello,
Managed to get it working. One thing to add to the above instruction from Mech:-
- Your DNS must be set to BT's DNS, I was using google DNS
The problem I have now is that I can not use the internet when watching a IPTV channel. BT Sport HD Europe is taking up about 8 - 10 Mb of bandwidth when watching it. I am on a 45 Mb connection. When watching the IPTV channel I can not do anything else on the internet, timeouts, errors, pages just not loading.
Any ideas as to what the cause could be?
============================================= UPDATES ======================================================
I have had to rebuild my pfSense router following an upgrade to 3.x.x which has broken the IGMP Proxy. The above config will not currently (24/09/2016) work with any 3.x.x build.
One other small thing to add…
- You must modify the "Default allow LAN to any rule" and enable the option "This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic.". It is found under "Advanced Options" near the bottom of the page, when editing this rule.
-
Hello,
Managed to get it working. One thing to add to the above instruction from Mech:-
- Your DNS must be set to BT's DNS, I was using google DNS
The problem I have now is that I can not use the internet when watching a IPTV channel. BT Sport HD Europe is taking up about 8 - 10 Mb of bandwidth when watching it. I am on a 45 Mb connection. When watching the IPTV channel I can not do anything else on the internet, timeouts, errors, pages just not loading.
Any ideas as to what the cause could be?
Good find on the DNS. I didn't even think to check that.
My only guess could be that your switch doesn't do IGMP snooping and so that traffic is being broadcast to all ports and swamping your switch. Doesn't seem very likely though. If that doesn't work you might be better off starting a new thread and asking there.
Cheers.
-
Looking for some ideas. Having read about Mech's success in getting this working I thought I'd try.
I have my BT Openreach HG612 VDSL modem connected to my pfSense box.
I started with a vanilla install of pfSense.
I started by configuring a PPPoE connection and the default/quick setup.
I now have a working LAN that I can access the internet from. All good.
I am using BT's DNS on pfSense as configured by their DHCP servers - again everything default.
So next I setup the secondary connection to the HG612 as described by Mech in an earlier post.
The configuration BT uses call for two logical connections on one physical interface:
1. PPPoE for Internet
2. Multicast
Then I set up IGMP proxy, again following the recipe described by Mech - with one small exception: the default LAN IP is 192.168.1.x which is what I am using, so I use 192.168.1.1/24 in the IGMP Downstream.
Now I add a rule to the firewall, again as Mech describes to pass UDP on port 5802.So this all ought to work… but I still get the dreaded IPC6023 error on the set-top box.
Looking at the firewall log, it was blocking some IGMP traffic from 0.0.0.0 to 224.0.0.1 so I added a rule to pass this on the IPTV interface. This removed the blocked packets from the log, but does not allow the Set Top box to work.
What have I missed? What else can I check or try?
Any ideas greatly appreciated.
Andrew
-
Hello,
I've followed the instructions above but I couldn't get it working.
I have a BT Youview ultraHD box and an PC Engines Apu2c4 device with pfSense 2.3.2-RELEASE (amd64) on it.
I have 3 network interfaces;
igb0 : WAN (pppoe)
igb1 : LAN
igb2 : IPTVHere's the configuration I've set :
https://gyazo.com/ab1d7e5472e2d93c5386625f640c8d96
https://gyazo.com/08c10df137b7ee5bb149450f2306f701
https://gyazo.com/466688bfc4ed35065513900974ac2195On my TV I'm getting "Can't Connect to the Internet" error message at the moment. YouView box is connected to igb2 interface.
Can you please help?
Thanks
OmurEdit: Do I need to do anything on youview box? I still don't understand how it would get internet from igb2 interface.
-
Hello,
I've followed the instructions above but I couldn't get it working.
Hey, before I take a look at your exact configuration, it's worth pointing out that in the latest versions of pfSense they've broken IGMP proxy when using vlans, take a look at this issue on the bug tracker: https://redmine.pfsense.org/issues/6099
So I'm still on version 2.2.6 until this regression is fixed.
Are you using vlans at all?
Cheers
-
Updates added to earlier post with extra step and warning around latest versions of pfSense.
-
Thought it might be useful to mention that this approach also works perfectly with YouView TV from Plusnet.
The only issue I had with the instructions was when setting up the IPTV interface and putting a value into the MAC address field caused my connection to stop working. I found that leaving the MAC address blank worked with no problems.
UPDATE:
The setup works with 2.2.6.
It does NOT work with 2.3.X.
It does work with 2.4.X although I found that approximately every 5 minutes the stream would drop and I would need to change channels and back again to restart the streaming channel. I found this was corrected by the firewall rule described below by ProxyMoron i.e. allow the IPv4 IGMP protocol from any source… -
Just an update for anyone else that finds this.
I found the above instructions would NOT work for my BT UltraHD youview box and that i also needed another pass rule on the IPTV Wan interface we create.
This should allow IPV4 IGMP, from a source of any, to destination of network 224.0.0.0/4 (with Advanced Options -> "Allow packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic" ticked) otherwise the picture would drop out after 4 minutes.
In addition i found i did NOT need to use BT's DNS servers - you mileage may vary.
Finally, If your STILL having problems try https://redmine.pfsense.org/issues/6099#note-112, but this should be fixed as of version 2.4 and I personally did not need it.
-
Hello,
I have had IPTV on BT working perfectly on version 2.2.6 of PFSense for a while now.
I have waited for v2.4RC and created a brand new install to test it out. It's configured exactly the same as the 2.2.6 install.
Nothing, I don't even think it can see the multicast traffic from the WAN.
Is there any thing I should do different in 2.4?
Any ideas?
-
Hello,
I have had IPTV on BT working perfectly on version 2.2.6 of PFSense for a while now.
[…]
Is there any thing I should do different in 2.4?
Not sure if you're using VLANs, but if thats the case, the IGMP Proxy is broken since 2.3.0 if you use it on VLAN interfaces….
-
I've got it working on SG-2220 hardware, on version 2.3 and 2.4rc , on both none vlan and vlan. Just making sure you pass IGMP with IP options enabled firewall rule for your interface . Following the instructions in this post.
-
Hi All,
I'm having a problem getting this to work using VLAN.
I'm using version: 2.3.4
Is the IGMP proxy broken when using it on a VLAN over a NIC?
-
It's works also with that version, and over vlan.
Make sure you're Firewall rule is passing IGMP on your Lan interface to the Youview, with IP Options enabled!!!!!!.
If your Network switch can toggle Multicast IGMP snooping on and off try both to see if that makes any difference.
Try Restarting the IGMP server after any changes, I've found this is needed in some scenarios.
Post your settings so I can check and advise????
-
Hi casualsix,
Thank you for your fast reply.
Please see attached screen shots of my settings. Hopefully these will make more sense than my typing.
I really appreciate any help as the other half isn't happy…
.png)
.png_thumb)
.png)
.png_thumb)
.png)
.png_thumb)
.png)
.png_thumb)
.png)
.png_thumb)
.png)
.png_thumb)
.png)
.png_thumb) -
Hi,
Not sure you need all the NAT-OUT rules for the BT Vision, mine doesn't need it.Firewall rules look O.K to me.
Can you screenshot the interface assignments please(hide the mac add's).
I take it your hardwired between your vlan interface and the BT Vision/Youview box, as I've found some wifi configs block multicasting?
Also have you used the test stream rtp://234.81.130.4:5802 with VLC player on your PC?
What does your System > General Logging say? IGMP system messages
