Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CB Fioptics IPTV

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 1 Posters 670 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      courtalj
      last edited by

      Hello,

      Recently signed up for Cincinnati Bell Fioptics FTTH with IPTV. Replaced the provided wireless router with a pfsense box + Ubiquiti AP and the internet works great. However, I cannot get the IPTV boxes to work. I've read every post the internet has about Fioptics IPTV networking, and many posts from @Mech, with no luck.

      Here's what I have:

      pfsense 2.5.2-RELEASE

      IGMP enabled:
      8800e150-11ac-45eb-98d2-74ebe90da1d0-image.png

      IGMP WAN pass rule, UDP IPTV traffic pass:
      2445951a-d1dc-46f4-86a8-76adb78f9489-image.png

      IGMP LAN pass rule:
      8ba53b12-979e-4c5c-9f85-0194fe3729f1-image.png

      All rules have the "Allow packets with IP options to pass" box checked. In the Firewall System Logs I see IGMP traffic matches on both WAN and LAN, suggesting that IGMP traffic is flowing successfully, but not the actual multicast traffic.

      Only one WAN interface and one LAN interface. No vlans, PPPoE, or anything fancy like that.

      As part of my debugging, I set up two of the ports on the pfsense box as a bridge and connected the ISP provided router through them in order to capture the traffic. I set the bridge as an interface, created a "pass all IPV4" rule, and enabled the "Allow packets with IP options to bass" box, at which point the TV started working. Capturing the traffic confirmed that all Fioptics IPTV streams originate from 10.0.0.0/8 and are destined for 239.0.0.0/8 as suggested here.

      337c01f9-3e54-44e3-b94f-f80691ef83af-image.png

      I tried to make rules in the bridge interface to match the IPTV traffic specifically (IPv4 UDP from 10.0.0.0/8), but could not get the rules to match any traffic even though I could see it in Packet Capture. This suggests to me that the packets were being routed at the link layer and not the firewall due to the bridge.

      I also made sure I am using the ISP DNS servers to eliminate that as a possible issue.

      Does anyone have any ideas? Spitballing: Do I need to add more networks to the IGMP proxy? Are my pass-through rules not adequate? Is my box dropping all link-layer multicast packets at the interface so they never even get to the firewall?

      1 Reply Last reply Reply Quote 0
      • C Offline
        courtalj
        last edited by

        Ok, I got it working and am successfully watching the Fioptics IPTV right now thru the pfsense router. There were two problems - one change to the configuration shown in the question, and another I discovered separately.

        First problem: 224.0.0.0/8 needs to be added to the IGMP proxy downstream, like this:
        6c3fde5c-11cc-4d89-801f-fb4fab262743-image.png
        Interesting note: 239 is 11101111 and 224 is 11100000, so these are both under a 224.0.0.0/4 mask. I do see some IGMP packets destined for 225.x.x.x (11100001) - so I wonder if 224.0.0.0/4 is actually the "more correct" downstream IGMP network.

        Second problem: DNS. In order to isolate all traffic to/from the IPTV box, I set up a second LAN port (called IPTV), and switched only the IPTV box over to it. Capturing the traffic revealed that the first thing the box does when it boots is a DNS query for entm.iptv.zoomtown.com (and then a series of others sequentially after each one resolves successfully).

        I had configured pfsense originally to use 1.1.1.1 as the DNS server, which does not resolve that hostname. Then, I allowed the ISP DHCP to configure the DNS servers but the default ones provided also would not resolve that name. Only the DNS servers ns1.fuse.net (216.68.1.100) and ns2.fuse.net (216.68.2.100) will resolve them. These must have been configured on the ISP provided router. I did not want all DNS queries to go to these servers however, so I re-configured the DNS servers under General Setup to be 1.1.1.1 and 1.0.0.1, then set the DHCP DNS servers for the IPTV interface (Services -> DHCP Server -> IPTV) to the two fuse servers. That seemed to fix it.

        C 1 Reply Last reply Reply Quote 1
        • C Offline
          courtalj @courtalj
          last edited by

          @courtalj

          For future viewers: I made a duplicate post on Superuser and am maintaining my configuration there:

          https://superuser.com/questions/1672350/pfsense-cincinnati-bell-fioptics-iptv

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.