PFSense with BT YouView (IPTV)
I recently acquired an SG-1000, and with the exception of IPTV everything is working perfectly. If I switch it back out for my ISP supplied router, IPTV works correctly.
I am aware of existing threads on this topic, but have not had any luck with them so far, I have listed a couple of them below:
I have created an interface directly on the WAN port (not over PPPoE)
This interface is enabled and has been given a random private IP not in an existing subnet
I have set up upstream and downstream IGMP proxies using the address ranges provided in existing threads (ensuring the LAN network matched my own)
The upstream interface uses the newly created BTSPORT interface (bypassing PPPoE) and the downstream uses the LAN interface.
(On a side note, pressing "Apply Changes" on this page doesn't get rid of the box asking you to apply changes. It seems to go away on a reboot though)
I configured the firewall for the BTSPORT interface to allow all IPv4 traffic from both of the ranges specified on the upstream IGMP proxy. As you can see below, neither rule has any hits. Made sure to enable IP Options on these rules.
Below is a summary of the debugging I have performed:
(NOTE: Any firewall rules mentioned all had IP options enabled)
- Created a rule on the LAN interface that allows all traffic to the YouView box and enabled logging. This rule has 0 hits.
- Created a rule on the LAN interface that allows all traffic from the YouView box, this has hits.
I saw the following traffic from the YouView box using firewall logging:
18.104.22.168:53 (BT DNS)
I found this additional traffic using a packet capture for the LAN address of the YouView box:
I created a rule on the LAN interface to allow all traffic to 22.214.171.124/4. From this, I see the followin traffic:
From Router to 126.96.36.199
From Router to 188.8.131.52
From Router to 184.108.40.206
I have also tried creating equivalent rules on the WAN and BTSPORT interfaces, and they have no hits.
I have run a packet capture on the BTSPORT interface looking for anything to/from 220.127.116.11/4. I have had no results.
I have run a packet capture on the LAN interface for 18.104.22.168/4. I have had no results.
However, I do not see any multicast traffic (hence the peviously mentioned packet capture returning nothing).
I am not too familiar with how IGMP works, but I don't believe I am seeing any IGMP traffic other than periodic messages originating from the firewall itself.
I don't believe there is an issue with the YouView box itself as it works correctly when I connect the ISP router.
If anybody has any suggestions i'd love to hear them. I can provide further information if it helps to clarify my setup.
After doing some further digging, I noticed something interesting in the packet captures.
The following packet dump is the result of me attempting to connect to the following network stream in VLC:
That appears to be a BT IPTV test channel, and successfully loads when I swap out my PFSense box for the BT Router.
20:11:45.993988 IP 192.168.1.10 > 22.214.171.124: igmp 20:11:45.995015 IP 192.168.1.1 > 126.96.36.199: igmp 20:12:08.999491 IP 192.168.1.1 > 188.8.131.52: igmp 20:12:09.652340 IP 192.168.1.1 > 184.108.40.206: igmp 20:14:13.772826 IP 192.168.1.1 > 220.127.116.11: igmp 20:14:15.002275 IP 192.168.1.10 > 18.104.22.168: igmp 20:14:15.003409 IP 192.168.1.1 > 22.214.171.124: igmp
My PCs IP is 192.168.1.10, which you can see in the first packet. It sends out an all routers message.
The second message appears to be from the router and to the correct multicast destination address. However, this is a packet dump of the LAN interface. I am reasonably certain that this packet should have gone out the interface specified by the upstream interface for the IGMP Proxy.
I have verified my IGMP Proxy settings using both the GUI and reading config.xml, and the upstream is set as the WAN interface without PPP encapsulation.
Does anybody know if I am simply misunderstanding how this multicast communication works? It's not a topic i'm too familiar with.
Based on a comparison of my above packet capture, and the packet capture of somebody who has this working (link below), it does appear to be a problem with the IGMP proxy not forwarding the multicast traffic out of the correct upstream interface.
As further debugging this, I ran the igmp proxy manually from the command line.
quickleave phyint cpsw0 upstream ratelimit 0 threshold 1 altnet 126.96.36.199/4 altnet 188.8.131.52/24 phyint cpsw1 downstream ratelimit 0 threshold 1 altnet 192.168.1.0/24 phyint pppoe0 disabled phyint ovpns1 disabled
sudo igmpproxy -d -vvvv /tmp/igmpproxy.conf
SENT Membership query from 192.168.1.1 to 184.108.40.206 Sent membership query from 192.168.1.1 to 220.127.116.11\. Delay: 10 RECV Membership query from 192.168.1.1 to 18.104.22.168 RECV Membership query from 192.168.1.1 to 22.214.171.124 RECV V2 member report from 192.168.1.1 to 126.96.36.199 The IGMP message was from myself. Ignoring.
This seems to confirm my previous findings. PFSense appears to be forwarding IGMP messages straight back into the LAN, which then causes it to give a message about receiving an IGMP message from itself.
I've also got issues with the SG-1000 and IGMP Proxy, I have been using the Proxy with a PC based PFsense for a few years now, with no issues but I cannot get the SG-1000 working with it, i've tried clean installs. Very frustrating, i've had to go back to my old pc PFsense and the SG is redundant for now until i get a solution.
This bug with IGMP Proxy seems to still exist in 2.4.2.
I have a different ISP, Movistar Spain, with a different setup (IPTV comes through its own separate VLAN) and I still see the same "The IGMP message was from myself. Ignoring." message and no IGMP is forwarded to the right upstream interface.