PFSense with BT YouView (IPTV)
-
I recently acquired an SG-1000, and with the exception of IPTV everything is working perfectly. If I switch it back out for my ISP supplied router, IPTV works correctly.
I am aware of existing threads on this topic, but have not had any luck with them so far, I have listed a couple of them below:
https://forum.pfsense.org/index.php?topic=100444.0
https://forum.pfsense.org/index.php?topic=74126.0I have created an interface directly on the WAN port (not over PPPoE)
http://i.imgur.com/iluzjGg.png
This interface is enabled and has been given a random private IP not in an existing subnet
http://i.imgur.com/KwWk5wj.png
I have set up upstream and downstream IGMP proxies using the address ranges provided in existing threads (ensuring the LAN network matched my own)
The upstream interface uses the newly created BTSPORT interface (bypassing PPPoE) and the downstream uses the LAN interface.
(On a side note, pressing "Apply Changes" on this page doesn't get rid of the box asking you to apply changes. It seems to go away on a reboot though)
http://i.imgur.com/tjfZ0EM.png
I configured the firewall for the BTSPORT interface to allow all IPv4 traffic from both of the ranges specified on the upstream IGMP proxy. As you can see below, neither rule has any hits. Made sure to enable IP Options on these rules.
http://i.imgur.com/x0MFX6w.png
–------------------------
DEBUGGING
Below is a summary of the debugging I have performed:
(NOTE: Any firewall rules mentioned all had IP options enabled)
- Created a rule on the LAN interface that allows all traffic to the YouView box and enabled logging. This rule has 0 hits.
- Created a rule on the LAN interface that allows all traffic from the YouView box, this has hits.
http://i.imgur.com/mMoEcE7.png
I saw the following traffic from the YouView box using firewall logging:
109.159.157.208:80
81.139.56.100:53 (BT DNS)
109.159.157.170:80I found this additional traffic using a packet capture for the LAN address of the YouView box:
213.123.22.212:5803
213.123.22.212:50001
213.123.22.212.50000I created a rule on the LAN interface to allow all traffic to 224.0.0.0/4. From this, I see the followin traffic:
From Router to 224.0.0.1
From Router to 224.0.0.2
From Router to 224.0.0.251I have also tried creating equivalent rules on the WAN and BTSPORT interfaces, and they have no hits.
I have run a packet capture on the BTSPORT interface looking for anything to/from 224.0.0.0/4. I have had no results.
I have run a packet capture on the LAN interface for 224.0.0.0/4. I have had no results.
However, I do not see any multicast traffic (hence the peviously mentioned packet capture returning nothing).
ANALYSIS
I am not too familiar with how IGMP works, but I don't believe I am seeing any IGMP traffic other than periodic messages originating from the firewall itself.
I don't believe there is an issue with the YouView box itself as it works correctly when I connect the ISP router.
If anybody has any suggestions i'd love to hear them. I can provide further information if it helps to clarify my setup.
-
After doing some further digging, I noticed something interesting in the packet captures.
The following packet dump is the result of me attempting to connect to the following network stream in VLC:
rtp://234.81.130.4:5802That appears to be a BT IPTV test channel, and successfully loads when I swap out my PFSense box for the BT Router.
20:11:45.993988 IP 192.168.1.10 > 224.0.0.2: igmp 20:11:45.995015 IP 192.168.1.1 > 234.81.130.4: igmp 20:12:08.999491 IP 192.168.1.1 > 224.0.0.1: igmp 20:12:09.652340 IP 192.168.1.1 > 224.0.0.2: igmp 20:14:13.772826 IP 192.168.1.1 > 224.0.0.1: igmp 20:14:15.002275 IP 192.168.1.10 > 224.0.0.2: igmp 20:14:15.003409 IP 192.168.1.1 > 234.81.130.4: igmp
My PCs IP is 192.168.1.10, which you can see in the first packet. It sends out an all routers message.
The second message appears to be from the router and to the correct multicast destination address. However, this is a packet dump of the LAN interface. I am reasonably certain that this packet should have gone out the interface specified by the upstream interface for the IGMP Proxy.
I have verified my IGMP Proxy settings using both the GUI and reading config.xml, and the upstream is set as the WAN interface without PPP encapsulation.
Does anybody know if I am simply misunderstanding how this multicast communication works? It's not a topic i'm too familiar with.
EDIT:
Based on a comparison of my above packet capture, and the packet capture of somebody who has this working (link below), it does appear to be a problem with the IGMP proxy not forwarding the multicast traffic out of the correct upstream interface.
https://forum.pfsense.org/index.php?topic=100444.msg582638#msg582638
-
As further debugging this, I ran the igmp proxy manually from the command line.
/tmp/igmpproxy.conf:
quickleave phyint cpsw0 upstream ratelimit 0 threshold 1 altnet 224.0.0.0/4 altnet 109.159.247.0/24 phyint cpsw1 downstream ratelimit 0 threshold 1 altnet 192.168.1.0/24 phyint pppoe0 disabled phyint ovpns1 disabled
Command:
sudo igmpproxy -d -vvvv /tmp/igmpproxy.confResult:
SENT Membership query from 192.168.1.1 to 234.81.130.4 Sent membership query from 192.168.1.1 to 234.81.130.4\. Delay: 10 RECV Membership query from 192.168.1.1 to 234.81.130.4 RECV Membership query from 192.168.1.1 to 224.0.0.1 RECV V2 member report from 192.168.1.1 to 224.0.0.2 The IGMP message was from myself. Ignoring.
This seems to confirm my previous findings. PFSense appears to be forwarding IGMP messages straight back into the LAN, which then causes it to give a message about receiving an IGMP message from itself.
-
I've also got issues with the SG-1000 and IGMP Proxy, I have been using the Proxy with a PC based PFsense for a few years now, with no issues but I cannot get the SG-1000 working with it, i've tried clean installs. Very frustrating, i've had to go back to my old pc PFsense and the SG is redundant for now until i get a solution.
-
This bug with IGMP Proxy seems to still exist in 2.4.2.
I have a different ISP, Movistar Spain, with a different setup (IPTV comes through its own separate VLAN) and I still see the same "The IGMP message was from myself. Ignoring." message and no IGMP is forwarded to the right upstream interface.