How to get Bell Fibe in Quebec/Ontario (Internet and IPTV) working with pfSense

idscomm

@rcmpayne
Yes. I have the Fibe connected to the media converter, then I created 2 VLANS. 35 for Internet and 34 for TV (in my case here TV seems to be on 34 since I managed to get and IP). I spoof the MAC from the HH3000 on my “physical” WAN interface but I have set it to “none” compare to the 2 VLANS set to DHCP (no pppoe here either)

Internet is working fine but like I said I don’t see a gateway in pfsense for the IPTV (using the latest version of pfsense).

My Network LAN is not 192.168.2.x like the HH3000 by default. Not sure if this can cause an issue.

I follow the guide on this site but I wasn’t sure about the downstream which shows I guess his LAN correct? I would have to adjust this to reflect my LAN I suppose.

My question is where to you connect the Wireless VAP, anywhere on your LAN? Then the DHCP will assign an IP to the device and the 2 receiver will then pull an address from the VAP (through the DHCP)?

I can send you print screen as well if it’s easier :)

Thanks a lot :)

rcmpayne

I am using VLAN7 for my iptv LAN network.

So 4 interfaces:
WAN – tagged 35
IPTV WAN – tagged 34
LAN – no tag
IPTV LAN – tagged 7

IPTV WAN has a gateway assigned statically because DHCP doesn’t provide it. We got this from a packet capture, it is likely different for other people.

1. Disable the Gateway that was created by default for IPTV WAN interface. we will create a new one manually

Because I’m using multiple “virtual interfaces” for one physical interface, we also set up a static Route to use the IPTV WAN Gateway for the IGMP addresses, and IPTV addresses (239.0.0.0/8, 10.0.0.0/8).

From the DHCP request in the packet capture…
Relay agent IP address: 10.194.192.2

Set this as the IPTV WAN Gateway address.

We also spoofed the HH3K MAC address on our WAN adapter – this picks up an IP faster instead of waiting for the IPTV lease to expire (up to 18 hours I believe).

In DHCP for the IPTV LAN I set the Bell DNS servers:
47.55.55.55
142.166.166.166

Set up an IGMP proxy:
Upstream: 10.0.0.0/8
Downstream: 239.0.0.0/8

If you cant get the gateway via the packet capture, let me know and i will give you a example and steps. Once you get this part we can talk about getting your box connected. do you want lan or wireless for the IPTV boxes? i have one running on unifi AC-Lite and one on lan using a tp-link smart switch (40.00 from amazon that allows for vlans)

idscomm

Thanks for the write up. So your IPTV LAN is on a different interface and not your regular LAN then?

regarding the packet capture, did you use wireshark or pfsense?

I do have a Unifi Access Point AC Lite as well as the controller running on my LAN. So my understanding is that you are not using the Bell VAP?

In the meantime, I am currently setting things up as per your write up...

rcmpayne

@idscomm I have two interfaces coming into PF sense, One for Wan and one for LAN. My lan connects to a switch This is a five port switch from TP link where I have one port with a PVid of 7 for the hardwired pvr. Another port K’NEX to unify access point where I have two Wi-Fi SSIDs is create it. 1 SSID is called IPTV and has a VLAN of 7 tagged.

Ill get you steps to cap from pfsense after I get out of the hot tub :)

idscomm

Sounds good to me lol! I hear ya, we have a hot tub too!!! A must!

idscomm

Would my gateway be there:

rcmpayne

@idscomm I would open two pages for pfsense, one on pcap and one on Status -> Interfaces. Find your IPTV WAN and release the IP. Start the pcap and renew the WAN IPTV interface again

Stop the pcap and download the capture to open in wireshark. Filter by dhcp and look for "relay agent ip". This if your IPTV WAN gateway.

idscomm

got it!

For testing purposes, I will use a second switch and put that IPTV LAN on another separate network like 192.168.2.x like the default one they use... I have 4 interfaces in that box...

rcmpayne

The Next thing you need to do is create a VLAN LAN adapter. right now you likely have three

WAN host with mac from hh3k (not used)
WAN vlan 35 for internet
WAN vlan 34 for IPTV
LAN likely no vlan for your internal devices

Create a new LAN with a vlan of something. I used vlan 7 for mine.

Setup a DHCP for this. Since its vlan 7, i used 192.168.7.x

Its this LAN interface that you need to used for your IGMP

Here is my IPTV LAN firewall rules

on your unifi AP, create IPTV SSID and give it your internal vlan. Connect your device to this and see if you get the 192.168.7.x ip not your standard IP for your reg LAN. This will ensure your new IPTV ssid is routing to pfsense with the correct vlan and getting a correct dhcp address.

If you have a TP-link switch and also want to get a local port set for this vlan as well you can do something like this. port 8 is pvid 7 thus will get forced a vlan 7 id

rcmpayne

I have three of these switches. one for Living room, Rec room and one in the garage with the pfsense router. They work great for vlans

https://www.amazon.ca/TP-Link-Ethernet-Unmanaged-Replacement-TL-SG108E/dp/B00K4DS5KU/ref=sr_1_4?keywords=tp-link+easy+switch&qid=1575157953&sr=8-4

idscomm

ok, I have a Cisco 3750G, port 1 is my Trunk carrying a few VLAN for my internal network. I will add VLAN7 and also add VLAN 7 as Trunk for my Access Point ports. So you are using your own access point for the IPTV and not the VAP? The wireless receivers will ask for an IP but what make them go on VLAN7, pfsense will route them to VLAN 7?

rcmpayne

also, install Avahi in pfsense so you can cut your other networks from accessing your main LAN but allows your main lan to access these other networks. Mainly for IOT ssid but can be used for the LAN network for IPTV boxes as well.

Vid: https://www.youtube.com/watch?v=HW9mUrF1ZgU

rcmpayne

@idscomm said in How to get Bell Fibe in Quebec/Ontario (Internet and IPTV) working with pfSense:

also add VLAN 7 as Trunk for my Access Point ports. So you are using your own access point for the IPTV and not the VAP? The wireless receivers will ask for an IP but what make them go on VLAN7, pfsense will route them to

Yea, I am using my unifi for the WIFI. i grabbed a cheap tplink access point with a bush button WPS. on that device I created a SSID that matched my unifi ssid. (unifi will start sending you alerts that you have a rouge AP). i booted my PVR and when it did not see the hh3k anymore, it asked me to press ok to connect to WPS. start wps on the tplink box and wait till it connects. after it connected, i disconnected the wps ap and it started connecting to unifi AP right away. not sure what a VAP is but if thats from Bell, i am not using it.

idscomm

on your VLAN7, you use Bell DNS, your gateway is it your DHCP gatewan from your VLAN7 or the IPTV gateway?

rcmpayne

@idscomm sorry about that. I use the bell dns on my vlan7 lan dhcp server.

47.55.55.55
142.166.166.166

idscomm

@rcmpayne ok, so I tested everything and I'd say I am almost there. The TV works but I lost connection after 10 sec ish. I remember seeing this issue earlier... any idea?

rcmpayne

Are you sure your box is getting a IP from the correct lan dhcp? I recall getting that as well but the box was not on my vlan7 ip

idscomm

for testing purposes tonight I used a separate NIC and setup a different Network for the IPTV

rcmpayne

@idscomm looks like it might be your IGMP Proxy or multicast being filtered

https://www.dslreports.com/forum/r31118482-Yes-you-CAN-bypass-the-HomeHub-3000~start=330

idscomm

Seems like I lost my internet now ......