Multicast routing.



  • I know, it is the 100th post to this topic, but people who knew how to get it right always tell only little part of the solution. Like many others I try to get IP-TV from my german provider to work with my router. As far as I have read in all posts, this was a problem of the IGMP protokoll, which was not supportet by monowall or pfsense since yet. Now I see that I could use IGMP in the firewallrules, but it still does not work. Mybe because I have to recompile the kernel with multicast support and then copy the mrouted at the right place and then ….. Maybe someone gets a clue where my problem might be. If I have to recompile the kernel for multicast routing and also install and start the mrouted, why is this not in the pfsense included? In the description of the new pfsense functions to come I read the statement, that this is a feature of the actual version.
    A friend of mine uses flee4l with a module for IP-TV. I would like to use pfsense, like a lot of other people here. Is there anybody in this forum who is able and willing to help us?
    Many thanks in advance!



  • First, I am one of those writing in the IP-TV/IGMP threads since I run across this problem as well. But I have no clue (wouldn't even know how to compile a kernel and such).

    One thing I read though, is that you need to tag incoming IGMP traffic with VLAN ID7. Have you tried that (can we even have VLANs an WAN?)
    Looking forward to seeing this issue with t-entertain resolved

    BTW: Do you have ADSL 2+ or VDSL already?



  • Hi,

    first at all. I'm in the same situation like you.

    I searched many days in the internet for a solution. But there is no one with freebsd. Freebsd has no IGMP Proxy what is needed for the way of routing that igmpv3 traffic. Linux has a pretty old one but it works. So atm I use another linux box as my WAN Gateway for the IGMP routing and the pfSense Box behind.



  • On latest builds of 2.0 there should be igmpproxy daemon included.

    
    ########################################################
    #
    #   Example configuration file for the IgmpProxy
    #   --------------------------------------------
    #
    #   The configuration file must define one upstream
    #   interface, and one or more downstream interfaces.
    #
    #   If multicast traffic originates outside the
    #   upstream subnet, the "altnet" option can be
    #   used in order to define legal multicast sources.
    #   (See example...)
    #
    #   The "quickleave" should be used to avoid saturation
    #   of the upstream link. The option should only
    #   be used if it's absolutely necessary to
    #   accurately imitate just one Client.
    #
    ########################################################
    
    ##------------------------------------------------------
    ## Enable Quickleave mode (Sends Leave instantly)
    ##------------------------------------------------------
    quickleave
    
    ##------------------------------------------------------
    ## Configuration for em0 (Upstream Interface)
    ##------------------------------------------------------
    phyint em0 upstream  ratelimit 0  threshold 1
            altnet 10.0.0.0/8
    #       altnet 132.185.0.0/16   # BBC multicast trial
    #       altnet 217.0.119.0/24   # T-Home Entertain
    #       altnet 193.158.35.0/24  # T-Home Entertain
    
    ##------------------------------------------------------
    ## Configuration for ipw0 (Downstream Interface)
    ##------------------------------------------------------
    phyint ipw0 downstream  ratelimit 0  threshold 1
    
    ##------------------------------------------------------
    ## Configuration for lo0 (Disabled Interface)
    ##------------------------------------------------------
    phyint lo0 disabled
    
    

    This is a configuration sample file try it out and tell me how it did go.
    I will try to add a simple GUI as time permits. For now just the daemon is ok.
    You need to run it with igmpproxy -c $path_to_config_file
    to see the logging on console just append -d to the options so it doesn't detaches.

    You need to create even rules that express the ones below

    
    pass in on $WAN inet proto udp  to 224.0.0.0/4
    pass out on $WAN inet proto igmp from $WANIP to 224.0.0.0/4 allow-opts
    
    pass in on $LANINT inet proto igmp from $SETBOX to 224.0.0.0/4 allow-opts
    pass in on $LANINT inet proto udp  from $SETBOX
    pass in on $LANINT inet proto tcp  from $SETBOX
    
    

    Beaware that the rules are a little to permissibe if you know the ip/net that you multicast traffic uses specify it instead of the whole multicast reserved range.



  • @ermal:

    Beaware that the rules are a little to permissibe if you know the ip/net that you multicast traffic uses specify it instead of the whole multicast reserved range.

    You got them already in your config:
    #      altnet 217.0.119.0/24  # T-Home Entertain
    #      altnet 193.158.35.0/24  # T-Home Entertain

    That are german Telekom's IP-TV subnets (known as T-mobile in the US as well). FWIW



  • Does it work for those having that service is what i want to know :)



  • hi,

    this may sound stupid but i can't start the proxy…

    if i run "igmpproxy -c /var/etc/igmproxy.conf" via ssh shell all i get is:

    igmpproxy -c /var/etc/igmproxy.conf

    igmpproxy: not found

    ;)

    Edit: i just found the reason why its not "working" the igmpproxy was added on 2008-Dec-30 but the last snapshot is from Dec-26  :P



  • hi,

    since there are finally new snapshots:

    according to this: http://cvstrac.pfsense.org/chngview?cn=26831

    the igmpproxy bin file should be /usr/local/sbin/igmpproxy

    but in the latest build(20090105-1233) that file is missing, which leads to the same error message:

    igmpproxy -c /var/etc/igmproxy.conf

    igmpproxy: not found



  • hi again,

    since the bin file is finally there:

    i can start the igmpproxy now but sadly either I'm doing something wrong or it has a bug, since its not routing any multicasts all…

    might be related to this debug info from igmpproxy -d

    Debu: About to call timeout 6 (#0)
    Info: sendto to 224.0.0.1 on 192.168.0.10; Errno(22): Invalid argument
    Debu: SENT Membership query   from 192.168.0.10    to 224.0.0.1
    Debu: Sent membership query from 192.168.0.10 to 224.0.0.1. Delay: 10
    Debu: Created timeout 7 (#0) - delay 10 secs

    I believe i got the firewall routes part right, since there are no blocked entrys in the firewall log…

    igmp config:

    ########################################################
    #
    #   Example configuration file for the IgmpProxy
    #   --------------------------------------------
    #
    #   The configuration file must define one upstream
    #   interface, and one or more downstream interfaces.
    #
    #   If multicast traffic originates outside the
    #   upstream subnet, the "altnet" option can be
    #   used in order to define legal multicast sources.
    #   (See example...)
    #
    #   The "quickleave" should be used to avoid saturation
    #   of the upstream link. The option should only
    #   be used if it's absolutely necessary to
    #   accurately imitate just one Client.
    #
    ########################################################
    
    ##------------------------------------------------------
    ## Enable Quickleave mode (Sends Leave instantly)
    ##------------------------------------------------------
    quickleave
    
    ##------------------------------------------------------
    ## Configuration for em0 (Upstream Interface)
    ##------------------------------------------------------
    phyint pppoe0 upstream  ratelimit 0  threshold 1
           altnet 217.0.119.0/24   # T-Home Entertain
           altnet 193.158.35.0/24  # T-Home Entertain
           altnet 192.168.0.0/24   # test
    
    ##------------------------------------------------------
    ## Configuration for ipw0 (Downstream Interface)
    ##------------------------------------------------------
    phyint em0 downstream  ratelimit 0  threshold 1
    
    ##------------------------------------------------------
    ## Configuration for lo0 (Disabled Interface)
    ##------------------------------------------------------
    phyint lo0 disabled
    

    some more debug info:

    # igmpproxy -d
    igmpproxy, Version 0.1 beta2, Build 090105
    Copyright 2005 by Johnny Egeland <johnny@rlo.org>
    Distributed under the GNU GENERAL PUBLIC LICENSE, Version 2 - check GPL.txt
    
    Debu: Searching for config file at '/etc/igmpproxy.conf'
    Debu: Config: Quick leave mode enabled.
    Debu: Config: Got a phyint token.
    Debu: Config: IF: Config for interface pppoe0.
    Debu: Config: IF: Got upstream token.
    Debu: Config: IF: Got ratelimit token '0'.
    Debu: Config: IF: Got threshold token '1'.
    Debu: Config: IF: Got altnet token 217.0.119.0/24.
    Debu: Config: IF: Altnet: Parsed altnet to 217.0.119/24.
    Debu: Config: IF: Got altnet token 193.158.35.0/24.
    Debu: Config: IF: Altnet: Parsed altnet to 193.158.35/24.
    Debu: Config: IF: Got altnet token 192.168.0.0/24.
    Debu: Config: IF: Altnet: Parsed altnet to 192.168.0/24.
    Debu: IF name : pppoe0
    Debu: Next ptr : 0
    Debu: Ratelimit : 0
    Debu: Threshold : 1
    Debu: State : 1
    Debu: Allowednet ptr : 2820c040
    Debu: Config: Got a phyint token.
    Debu: Config: IF: Config for interface em0.
    Debu: Config: IF: Got downstream token.
    Debu: Config: IF: Got ratelimit token '0'.
    Debu: Config: IF: Got threshold token '1'.
    Debu: IF name : em0
    Debu: Next ptr : 0
    Debu: Ratelimit : 0
    Debu: Threshold : 1
    Debu: State : 2
    Debu: Allowednet ptr : 0
    Debu: Config: Got a phyint token.
    Debu: Config: IF: Config for interface lo0.
    Debu: IF name : lo0
    Debu: Next ptr : 0
    Debu: Ratelimit : 0
    Debu: Threshold : 1
    Debu: State : 2
    Debu: Allowednet ptr : 0
    Debu: Adding Physical Index value of IF 'em0' is 1
    Debu: buildIfVc: Interface em0 Addr: 192.168.0.10, Flags: 0xffff8843, Network: 192.168.0/24
    Debu: Adding Physical Index value of IF 'lo0' is 6
    Debu: buildIfVc: Interface lo0 Addr: 127.0.0.1, Flags: 0xffff8049, Network: 127/8
    Debu: Adding Physical Index value of IF 'pppoe0' is 9
    Debu: buildIfVc: Interface pppoe0 Addr: 87.144.192.239, Flags: 0xffff88d1, Network: 87.144.192.239/32
    Debu: Found config for em0
    Debu: Found config for pppoe0
    Note: adding VIF, Ix 0 Fl 0x0 IP 0x0a00a8c0 em0, Threshold: 1, Ratelimit: 0
    Debu:         Network for [em0] : 192.168.0/24
    Note: adding VIF, Ix 1 Fl 0x0 IP 0xefc09057 pppoe0, Threshold: 1, Ratelimit: 0
    Debu:         Network for [pppoe0] : 87.144.192.239/32
    Debu:         Network for [pppoe0] : 217.0.119/24
    Debu:         Network for [pppoe0] : 193.158.35/24
    Debu:         Network for [pppoe0] : 192.168.0/24
    Debu: Got 232448 byte buffer size in 8 iterations
    Debu: Joining all-routers group 224.0.0.2 on vif 192.168.0.10
    Note: joinMcGroup: 224.0.0.2 on em0
    Info: sendto to 224.0.0.1 on 192.168.0.10; Errno(22): Invalid argument
    Debu: SENT Membership query   from 192.168.0.10    to 224.0.0.1
    Debu: Sent membership query from 192.168.0.10 to 224.0.0.1\. Delay: 10
    Debu: Created timeout 1 (#0) - delay 10 secs
    Debu: (Id:1, Time:10)
    Debu: Created timeout 2 (#1) - delay 21 secs
    Debu: (Id:1, Time:10)
    Debu: (Id:2, Time:21)
    Debu: About to call timeout 1 (#0)
    Debu: Aging routes in table.
    Debu:
    Current routing table (Age active routes);
    -----------------------------------------------------
    
    Debu: No routes in table...
    Debu:
    -----------------------------------------------------</johnny@rlo.org>
    


  • Hi,

    I stumbled across the same problem as the6thday, but was able to solve the issue.

    The vital part of his configuration file again:

    
    ##------------------------------------------------------
    ## Configuration for em0 (Upstream Interface)
    ##------------------------------------------------------
    phyint pppoe0 upstream  ratelimit 0  threshold 1
           altnet 217.0.119.0/24   # T-Home Entertain
           altnet 193.158.35.0/24  # T-Home Entertain
           altnet 192.168.0.0/24   # test
    
    ##------------------------------------------------------
    ## Configuration for ipw0 (Downstream Interface)
    ##------------------------------------------------------
    phyint em0 downstream  ratelimit 0  threshold 1
    
    

    In the description for the first interface, it says "Configuration for em0", while you configure pppoe0. For the second interface it says "Configuration for ipw0", while you configure em0. To me it seems you bound em0 to the ADSL connection, so pppoe0. The LAN part, 192.168.0.0/24 has to be bound to another device, which I assume to be ipw0 in your case.

    Please note that ANY interface except pppoe0 and the corresponding network card (e.g. em0) has to be disabled to let igmpproxy work correctly. So if you apparently use the ipw0 interface or any other, you have to disable it in the configuration file with "phyint [device] disabled" - this is mandatory!

    Now the bad news: For me, it made the error disappear, though I still couldn't make it work.

    IGMPPROXY works 100% on my Ubuntu machine for T-Entertain, though I will not give up supporting you guys until the Multicast issue is resolved.

    If I have any news, I will keep you updated - would appreciate if you you guys would do the same.

    Cheers,

    Frank LaVerne



  • I'm not sure i really understand what you did to solve the error but this is my new config file (still not working and still showing the same error message):

    ########################################################
    #
    #   Example configuration file for the IgmpProxy
    #   --------------------------------------------
    #
    #   The configuration file must define one upstream
    #   interface, and one or more downstream interfaces.
    #
    #   If multicast traffic originates outside the
    #   upstream subnet, the "altnet" option can be
    #   used in order to define legal multicast sources.
    #   (See example...)
    #
    #   The "quickleave" should be used to avoid saturation
    #   of the upstream link. The option should only
    #   be used if it's absolutely necessary to
    #   accurately imitate just one Client.
    #
    ########################################################
    
    ##------------------------------------------------------
    ## Enable Quickleave mode (Sends Leave instantly)
    ##------------------------------------------------------
    quickleave
    
    ##------------------------------------------------------
    ## Configuration for WAN (pppoe0) (Upstream Interface)
    ##------------------------------------------------------
    phyint pppoe0 upstream  ratelimit 0  threshold 1
           altnet 217.0.119.0/24   # T-Home Entertain
           altnet 193.158.35.0/24  # T-Home Entertain
           altnet 192.168.0.0/24   # LAN IP SUBNET
    
    ##------------------------------------------------------
    ## Configuration for your LAN (em0) (Downstream Interface)
    ##------------------------------------------------------
    phyint em0 downstream  ratelimit 0  threshold 1
    
    ##------------------------------------------------------
    ## Configuration for anything else (Disabled Interfaces)
    ##------------------------------------------------------
    phyint lo0 disabled
    phyint em1 disabled
    phyint em2 disabled
    phyint ath0 disabled
    phyint pfsync0 disabled
    phyint enc0 disabled
    phyint pflog0 disabled
    
    


  • After checking it with my linux router again, I have to say: What I did was effective, yet quite stupid :) I have disabled my LAN device, so it won't try to send multicast membership queries bump

    So we both are in the same situation again.

    I have read about the problem before here, where you can get quite detailed information on the subject:

    http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2008-06/msg00344.html

    I seriously think that the line

    
    Info: sendto to 224.0.0.1 on x.x.x.x; Errno(22): Invalid argument
    
    

    tells us that the membership queries are not successfully sent to it's destination. At the current moment I assume that the sendto routine that is used by *BSD is different to the Linux one, and therefore might produce a problem, though I better keep my big fat mouth shut after my assumptions made earlier ;D

    I will keep trying and will write as soon as I have news again.

    Cheers,

    Frank



  • Hi again,

    iirc the igmpproxy version included in the ALPHA builds is the one from the OpenBSD ports (correct me if I am wrong), which not only I seem to have a big problem with, since it's not working correctly.

    As far as I have read, there is new port for FreeBSD coming up that has been reported to have been tested:

    http://www.freebsd.org/cgi/query-pr.cgi?pr=130174

    Could anybody check this and, if possible, include this version in the ALPHA builds? I would be glad to get my hands on this one for testing, since it sounds quite promising.

    Cheers,

    Frank



  • 
    pass in on $WAN inet proto udp  to 224.0.0.0/4
    pass out on $WAN inet proto igmp from $WANIP to 224.0.0.0/4 allow-opts
    
    pass in on $LANINT inet proto igmp from $SETBOX to 224.0.0.0/4 allow-opts
    pass in on $LANINT inet proto udp  from $SETBOX
    pass in on $LANINT inet proto tcp  from $SETBOX
    
    

    I have searched files and found similar strings like this in /etc/inc/filter.inc but am unsure if this is the right file to plug into. Where else other than the gui can I create these rules?

    Dzieki



  • Ok can everybody try the latest snapshot it has improvements and you can set the allow-opts option under "Advanced options" selections.
    It is presented as a checkbox.



  • would this work to route multicast through a vpn or am i still dreaming?



  • It should help if you have correct spd for the ipsec



  • Hmm seems still not to work. Some explanation:

    10.123.104.100 -> Media Receiver
    10.123.104.0/24 -> IPTV Subnet on VLAN8

    
    # igmpproxy -d -c /var/etc/igmpproxy.conf
    igmpproxy, Version 0.1 beta2, Build 090105 
    Copyright 2005 by Johnny Egeland <johnny@rlo.org>Distributed under the GNU GENERAL PUBLIC LICENSE, Version 2 - check GPL.txt
    
    Debu: Searching for config file at '/var/etc/igmpproxy.conf'
    Debu: Config: Quick leave mode enabled.
    Debu: Config: Got a phyint token.
    Debu: Config: IF: Config for interface pppoe0.
    Debu: Config: IF: Got upstream token.
    Debu: Config: IF: Got ratelimit token '0'.
    Debu: Config: IF: Got threshold token '1'.
    Debu: Config: IF: Got altnet token 217.0.119.0/24.
    Debu: Config: IF: Altnet: Parsed altnet to 217.0.119/24.
    Debu: Config: IF: Got altnet token 193.158.35.0/24.
    Debu: Config: IF: Altnet: Parsed altnet to 193.158.35/24.
    Debu: IF name : pppoe0
    Debu: Next ptr : 0
    Debu: Ratelimit : 0
    Debu: Threshold : 1
    Debu: State : 1
    Debu: Allowednet ptr : 2820c040
    Debu: Config: Got a phyint token.
    Debu: Config: IF: Config for interface vlan8.
    Debu: Config: IF: Got downstream token.
    Debu: Config: IF: Got ratelimit token '0'.
    Debu: Config: IF: Got threshold token '1'.
    Debu: IF name : vlan8
    Debu: Next ptr : 0
    Debu: Ratelimit : 0
    Debu: Threshold : 1
    Debu: State : 2
    Debu: Allowednet ptr : 0
    Debu: Config: Got a phyint token.
    Debu: Config: IF: Config for interface lo0.
    Debu: Config: IF: Got disabled token.
    Debu: IF name : lo0
    Debu: Next ptr : 0
    Debu: Ratelimit : 0
    Debu: Threshold : 1
    Debu: State : 0
    Debu: Allowednet ptr : 0
    Debu: Config: Got a phyint token.
    Debu: Config: IF: Config for interface vlan1.
    Debu: Config: IF: Got disabled token.
    Debu: IF name : vlan1
    Debu: Next ptr : 0
    Debu: Ratelimit : 0
    Debu: Threshold : 1
    Debu: State : 0
    Debu: Allowednet ptr : 0
    Debu: Config: Got a phyint token.
    Debu: Config: IF: Config for interface vlan7.
    Debu: Config: IF: Got disabled token.
    Debu: IF name : vlan7
    Debu: Next ptr : 0
    Debu: Ratelimit : 0
    Debu: Threshold : 1
    Debu: State : 0
    Debu: Allowednet ptr : 0
    Debu: Config: Got a phyint token.
    Debu: Config: IF: Config for interface vlan3.
    Debu: Config: IF: Got disabled token.
    Debu: IF name : vlan3
    Debu: Next ptr : 0
    Debu: Ratelimit : 0
    Debu: Threshold : 1
    Debu: State : 0
    Debu: Allowednet ptr : 0
    Debu: Config: Got a phyint token.
    Debu: Config: IF: Config for interface vlan4.
    Debu: IF name : vlan4
    Debu: Next ptr : 0
    Debu: Ratelimit : 0
    Debu: Threshold : 1
    Debu: State : 2
    Debu: Allowednet ptr : 0
    Debu: Adding Physical Index value of IF 'lo0' is 6
    Debu: buildIfVc: Interface lo0 Addr: 127.0.0.1, Flags: 0xffff8049, Network: 127/8
    Debu: Adding Physical Index value of IF 'vlan0' is 9
    Debu: buildIfVc: Interface vlan0 Addr: 10.123.101.254, Flags: 0xffff8843, Network: 10.123.101/24
    Debu: buildIfVc: Interface vlan0 Addr: 10.123.101.254, Flags: 0xffff8843, Network: 10.123.100.8/29
    Debu: buildIfVc: Interface vlan0 Addr: 10.123.101.254, Flags: 0xffff8843, Network: 10.123.100.24/29
    Debu: Adding Physical Index value of IF 'vlan2' is 11
    Debu: buildIfVc: Interface vlan2 Addr: 172.20.43.136, Flags: 0xffff8843, Network: 172.20/16
    Debu: Adding Physical Index value of IF 'vlan3' is 12
    Debu: buildIfVc: Interface vlan3 Addr: 10.123.102.254, Flags: 0xffff8843, Network: 10.123.102/24
    Debu: buildIfVc: Interface vlan3 Addr: 10.123.102.254, Flags: 0xffff8843, Network: 10.123.100.16/29
    Debu: Adding Physical Index value of IF 'vlan4' is 13
    Debu: buildIfVc: Interface vlan4 Addr: 10.123.104.254, Flags: 0xffff8843, Network: 10.123.104/24
    Debu: Adding Physical Index value of IF 'pppoe0' is 14
    Debu: buildIfVc: Interface pppoe0 Addr: 87.154.197.225, Flags: 0xffff88d1, Network: 87.154.197.225/32
    Debu: Found config for vlan3
    Debu: Found config for vlan4
    Debu: Found config for pppoe0
    Note: adding VIF, Ix 0 Fl 0x0 IP 0xfe657b0a vlan0, Threshold: 1, Ratelimit: 0
    Debu:         Network for [vlan0] : 10.123.100.24/29
    Debu:         Network for [vlan0] : 10.123.100.8/29
    Debu:         Network for [vlan0] : 10.123.101/24
    Note: adding VIF, Ix 1 Fl 0x0 IP 0x882b14ac vlan2, Threshold: 1, Ratelimit: 0
    Debu:         Network for [vlan2] : 172.20/16
    Note: adding VIF, Ix 2 Fl 0x0 IP 0xfe667b0a vlan3, Threshold: 1, Ratelimit: 0
    Debu:         Network for [vlan3] : 10.123.100.16/29
    Debu:         Network for [vlan3] : 10.123.102/24
    Note: adding VIF, Ix 3 Fl 0x0 IP 0xfe687b0a vlan4, Threshold: 1, Ratelimit: 0
    Debu:         Network for [vlan4] : 10.123.104/24
    Note: adding VIF, Ix 4 Fl 0x0 IP 0xe1c59a57 pppoe0, Threshold: 1, Ratelimit: 0
    Debu:         Network for [pppoe0] : 87.154.197.225/32
    Debu:         Network for [pppoe0] : 217.0.119/24
    Debu:         Network for [pppoe0] : 193.158.35/24
    Debu: Got 232448 byte buffer size in 8 iterations
    Debu: Joining all-routers group 224.0.0.2 on vif 10.123.101.254
    Note: joinMcGroup: 224.0.0.2 on vlan0
    Debu: Joining all-routers group 224.0.0.2 on vif 172.20.43.136
    Note: joinMcGroup: 224.0.0.2 on vlan2
    Debu: Joining all-routers group 224.0.0.2 on vif 10.123.104.254
    Note: joinMcGroup: 224.0.0.2 on vlan4
    Info: sendto to 224.0.0.1 on 10.123.101.254; Errno(22): Invalid argument
    Debu: SENT Membership query   from 10.123.101.254  to 224.0.0.1
    Debu: Sent membership query from 10.123.101.254 to 224.0.0.1\. Delay: 10
    Info: sendto to 224.0.0.1 on 172.20.43.136; Errno(22): Invalid argument
    Debu: SENT Membership query   from 172.20.43.136   to 224.0.0.1
    Debu: Sent membership query from 172.20.43.136 to 224.0.0.1\. Delay: 10
    Info: sendto to 224.0.0.1 on 10.123.104.254; Errno(22): Invalid argument
    Debu: SENT Membership query   from 10.123.104.254  to 224.0.0.1
    Debu: Sent membership query from 10.123.104.254 to 224.0.0.1\. Delay: 10
    Debu: Created timeout 1 (#0) - delay 10 secs
    Debu: (Id:1, Time:10) 
    Debu: Created timeout 2 (#1) - delay 21 secs
    Debu: (Id:1, Time:10) 
    Debu: (Id:2, Time:21) 
    Warn: received packet from 10.123.104.100 shorter (40 bytes) than hdr+data length (24+4072)
    Warn: received packet from 10.123.104.100 shorter (40 bytes) than hdr+data length (24+4072)
    Warn: received packet from 10.123.104.100 shorter (40 bytes) than hdr+data length (24+4072)
    Debu: About to call timeout 1 (#0)
    Debu: Aging routes in table.
    Debu: 
    Current routing table (Age active routes);
    -----------------------------------------------------
    
    Debu: No routes in table...
    Debu: 
    -----------------------------------------------------
    
    Warn: received packet from 10.123.104.100 shorter (40 bytes) than hdr+data length (24+4072)
    Warn: received packet from 10.123.104.100 shorter (40 bytes) than hdr+data length (24+4072)</johnny@rlo.org> 
    

    And here my config:

    
    ##------------------------------------------------------
    ## Enable Quickleave mode (Sends Leave instantly)
    ##------------------------------------------------------
    quickleave
    
    ##------------------------------------------------------
    ## Configuration for em0 (Upstream Interface)
    ##------------------------------------------------------
    phyint  pppoe0  upstream  ratelimit 0  threshold 1
    #       altnet 10.0.0.0/8
    #       altnet 132.185.0.0/16   # BBC multicast trial
           altnet 217.0.119.0/24   # T-Home Entertain
           altnet 193.158.35.0/24  # T-Home Entertain
    
    ##------------------------------------------------------
    ## Configuration for ipw0 (Downstream Interface)
    ##------------------------------------------------------
    phyint vlan8 downstream  ratelimit 0  threshold 1
    
    ##------------------------------------------------------
    ## Configuration for lo0 (Disabled Interface)
    ##------------------------------------------------------
    phyint lo0 disabled
    phyint vlan1 disabled
    phyint vlan7 disabled
    phyint vlan3 disabled
    phyint vlan4 disabled
    
    


  • Can you pose a packet trace with tcpdump on the interface that you are supposed to get igmp traffic with tcpdump -i $interface -s 0 proto igmp or without the traffic filter 'proto igmp'.





  • Hmm can any of you try setting the interfaces where multicast should pass in promisous mode with
    ifconfig $interface promisc

    and after that start the proxy?
    If it does not work ok in the latest snapshot which have an update on igmpproxy.



  • the last 2 snapshots i've tried are now missing igmpproxy



  • try next snapshots.



  • There is a GUI now for igmpproxy under Services -> IGMP proxy.

    Please report your findings.



  • Hi ermal,

    first of all: Thanks for all the efforts so far.

    2.) The IGMP proxy menu looks nice, but as soon as I want to save a device's configuration (any combination whatsoever), I am redirected to a page saying something like "Page does not exist for user. Logout" - I assume that the configuration file is not written correctly? After that (when I logout), I cannot login anymore and can only reset pfSense to factory settings. So to anyone who wants to test it: Please be aware that your configuration file might be destroyed.

    If I can help regarding this matter, please instruct what I should do.

    3.) I assume that you have included the FreeBSD patched version if igmpproxy? I have included it in an older ALPHA myself by patching and compiling it on another machine and have transferred it to the pfSense machine. Actually, using the new version manually (due to the webConfig flaw), I have encountered that the ErrNo(22) FINALLY is gone - also with the version that is included in the latest ALPHAs.

    So far, so good - igmpproxy seems to work perfect on first sight, though igmpproxy does not report any connection tries from the T-Entertain SetTopBox via IGMP. To be brief: My SetTopBox behaves as if igmpproxy is not running and freezes after 10 seconds of any program start / change.

    What I did try then was your hint regarding the promisc mode.

    I finally seemed to have succeeded, because the SetTopBox was trying to connect, but still the picture freezed. When I was checking in debug mode, I found the following debugging message which seemed to be suspicious:

    "Eliminate compiler warning for field type = 22"

    22 …? Sounds familiar ...

    Any ideas of what I could do or how I could help to trace the possible error?

    Cheers,

    Frank



  • Well if you see even a message like
    "Should insert group %s (from: %s) to route table. Vif Ix : %d" before that message than everything should be ok AFAIK.

    Even a traffic capture on the lan(downstream) side to know if the group is joined correctly and some traffic is passing should help.

    Check you have the allow-opts as is needed on the rules and if you need to permit any other traffic for the service to work.

    For the GUI should be ok on next snapshot i forgot to merge something for the parser.



  • hi,

    i'm back to using pfsense and I noticed that now there is a igmpproxy package for 1.2.2 & .3rcX, I assume that the package is based on this thread…

    So could somebody please look into this: http://forum.pfsense.org/index.php/topic,16943.0.html



  • I got igmp working by correctly adding rules, and correctly assigning interfaces.

    1. You want to first set up the interfaces.

    a) Your upstream interface will be the origin of the multicast packets. (in my case it was a fuppes server on a different network)

    Interface - LAN
          Description - "upstream" (or whatever you want)
          Type - Upstream Interface
          Network - 192.168.0.0      CIDR - 24

    b) Your downstream interface will be the destination or what is asking for multicast packets. (in my case it was the wireless where my ps3 was on)

    Interface - WLAN
          Description - "downstream" (or whatever you want)
          Type - Downstream Interface
          Network - 192.168.1.0      CIDR - 24

    1. The rules can get a little tricky. Leave anything not specified blank or at its default setting. Lets start with the upstream interface (LAN).

    a) Create a new rule for the IGMP packets on the upstream interface (LAN)

    Action - Pass
          Interface - LAN
          Protocol - IGMP
          Source -
            Type: Single host or alias
            Address: 192.168.0.32 (my fuppes/multicast server)
          Destination -
            Type: Network
            Address: 224.0.0.0 / 4 (multicast)
          Advanced Options -
            Check the box for allowing packets to pass, leave the fields blank
          Description - "Multicast IGMP" (or anything you want)

    b) Create a second rule for the UDP packets on the upstream interface (LAN)

    Action - Pass
          Interface - LAN
          Protocol - UDP
          Source -
            Type: any
          Destination -
            Type: Network
            Address: 224.0.0.0 / 4 (multicast)
          Description - "Multicast UDP" (or anything you want)

    1. Now we setup rules for the downstream interface (WLAN). Also leave anything not specified blank or at its default setting.

    a) Create a new rule for the IGMP packets on the downstream interface (WLAN)

    Action - Pass
          Interface - WLAN
          Protocol - IGMP
          Source -
            Type: Single host or alias
            Address: 192.168.1.75 (ps3)
          Destination -
            Type - any
          Advanced Options -
            Check the box for allowing packets to pass, leave the fields blank
          Description - "ps3 Multicast UDP" (or anything you want)

    b) Create a second rule for the UDP packets on the downstream interface (WLAN)

    Action - Pass
          Interface - WLAN
          Protocol - UDP
          Source -
            Type: Single host or alias
            Address: 192.168.1.75 (ps3)
          Destination -
            Type: any
          Description - "ps3 Multicast UDP" (or anything you want)

    c) Create a third rule for the TCP packets on the downstream interface (WLAN)

    Action - Pass
          Interface - WLAN
          Protocol - TCP
          Source -
            Type: Single host or alias
            Address: 192.168.1.75 (ps3)
          Destination -
            Type: any
          Description - "ps3 Multicast TCP" (or anything you want)

    That's how I got multicast to work on my network. I am not sure if creating the rules for UDP and TCP packets are completely necessary, or if this may cause any security risks yet. Maybe someone can read this and further tweak the settings.
    Good luck!  ;)

    buddah



  • Well its not working here (using 1.2.3-RC2 built on Thu Jul 23 17:25:52 EDT 2009)

    /tmp/igmpproxy.conf(as created by the gui):

    
    ##------------------------------------------------------
    ## Enable Quickleave mode (Sends Leave instantly)
    ##------------------------------------------------------
    quickleave
    phyint ng0 upstream ratelimit 0 threshold 1
    altnet 239.35.0.0/16
    altnet 217.0.119.0/24
    altnet 193.158.35.0/24
    
    phyint em0 downstream ratelimit 0 threshold 1
    altnet 192.168.0.0/24
    
    

    rules on wan interface (upstream):

    rules on lan interface (downstream):

    Advanced Options-> Checkbox is enabled and fields are blank on all rules.

    Debug output from igmpproxy:

    
    # igmpproxy -d -c /tmp/igmpproxy.conf
    igmpproxy, Version 0.1 beta2, Build 090427
    Copyright 2005 by Johnny Egeland <johnny@rlo.org>Distributed under the GNU GENERAL PUBLIC LICENSE, Version 2 - check GPL.txt
    
    Debu: Searching for config file at '/tmp/igmpproxy.conf'
    Debu: Config: Quick leave mode enabled.
    Debu: Config: Got a phyint token.
    Debu: Config: IF: Config for interface ng0.
    Debu: Config: IF: Got upstream token.
    Debu: Config: IF: Got ratelimit token '0'.
    Debu: Config: IF: Got threshold token '1'.
    Debu: Config: IF: Got altnet token 239.35.0.0/16.
    Debu: Config: IF: Altnet: Parsed altnet to 239.35/16.
    Debu: Config: IF: Got altnet token 217.0.119.0/24.
    Debu: Config: IF: Altnet: Parsed altnet to 217.0.119/24.
    Debu: Config: IF: Got altnet token 193.158.35.0/24.
    Debu: Config: IF: Altnet: Parsed altnet to 193.158.35/24.
    Debu: IF name : ng0
    Debu: Next ptr : 0
    Debu: Ratelimit : 0
    Debu: Threshold : 1
    Debu: State : 1
    Debu: Allowednet ptr : 2820c030
    Debu: Config: Got a phyint token.
    Debu: Config: IF: Config for interface em0.
    Debu: Config: IF: Got downstream token.
    Debu: Config: IF: Got ratelimit token '0'.
    Debu: Config: IF: Got threshold token '1'.
    Debu: Config: IF: Got altnet token 192.168.0.0/24.
    Debu: Config: IF: Altnet: Parsed altnet to 192.168.0/24.
    Debu: IF name : em0
    Debu: Next ptr : 0
    Debu: Ratelimit : 0
    Debu: Threshold : 1
    Debu: State : 2
    Debu: Allowednet ptr : 2820c060
    Debu: Adding Physical Index value of IF 'em0' is 1
    Debu: buildIfVc: Interface em0 Addr: 192.168.0.10, Flags: 0xffff8843, Network: 192.168.0/24
    Debu: Adding Physical Index value of IF 'lo0' is 8
    Debu: buildIfVc: Interface lo0 Addr: 127.0.0.1, Flags: 0xffff8049, Network: 127/8
    Debu: Adding Physical Index value of IF 'ng0' is 10
    Debu: buildIfVc: Interface ng0 Addr: 79.238.127.78, Flags: 0xffff88d1, Network: 79.238.127.78/32
    Debu: Found config for em0
    Debu: Found config for ng0
    Note: adding VIF, Ix 0 Fl 0x0 IP 0x0a00a8c0 em0, Threshold: 1, Ratelimit: 0
    Debu:         Network for [em0] : 192.168.0/24
    Debu:         Network for [em0] : 192.168.0/24
    Note: adding VIF, Ix 1 Fl 0x0 IP 0x4e7fee4f ng0, Threshold: 1, Ratelimit: 0
    Debu:         Network for [ng0] : 79.238.127.78/32
    Debu:         Network for [ng0] : 239.35/16
    Debu:         Network for [ng0] : 217.0.119/24
    Debu:         Network for [ng0] : 193.158.35/24
    Debu: Got 262144 byte buffer size in 0 iterations
    Debu: Joining all-routers group 224.0.0.2 on vif 192.168.0.10
    Note: joinMcGroup: 224.0.0.2 on em0
    Debu: SENT Membership query   from 192.168.0.10    to 224.0.0.1
    Debu: Sent membership query from 192.168.0.10 to 224.0.0.1\. Delay: 10
    Debu: Created timeout 1 (#0) - delay 10 secs
    Debu: (Id:1, Time:10)
    Debu: Created timeout 2 (#1) - delay 21 secs
    Debu: (Id:1, Time:10)
    Debu: (Id:2, Time:21)
    Debu: Packet from 192.168.0.10: proto: 2 hdrlen: 24 iplen: 8 or 2048
    Note: RECV V2 member report   from 192.168.0.10    to 224.0.0.2 (ip_hl 24, data 8)
    Note: The IGMP message was from myself. Ignoring.
    Debu: Packet from 192.168.0.10: proto: 2 hdrlen: 20 iplen: 8 or 2048
    Note: RECV Membership query   from 192.168.0.10    to 224.0.0.1 (ip_hl 20, data 8)
    Debu: Packet from 192.168.0.1: proto: 2 hdrlen: 24 iplen: 8 or 2048
    Note: RECV V2 member report   from 192.168.0.1     to 239.255.255.250 (ip_hl 24, data 8)
    Debu: Should insert group 239.255.255.250 (from: 192.168.0.1) to route table. Vif Ix : 0
    Debu: No existing route for 239.255.255.250\. Create new.
    Debu: No routes in table. Insert at beginning.
    Info: Inserted route table entry for 239.255.255.250 on VIF #0
    Debu: Joining group 239.255.255.250 upstream on IF address 79.238.127.78
    Note: joinMcGroup: 239.255.255.250 on ng0
    Debu:
    Current routing table (Insert Route);
    -----------------------------------------------------
    
    Debu: #0: Dst: 239.255.255.250, Age:2, St: I, OutVifs: 0x00000001
    Debu:
    -----------------------------------------------------
    
    Debu: Eliminate compiler warning for field type = 22
    Debu: Packet from 79.238.127.78: proto: 2 hdrlen: 24 iplen: 8 or 2048
    Note: RECV V2 member report   from 79.238.127.78   to 239.255.255.250 (ip_hl 24, data 8)
    Note: The IGMP message was from myself. Ignoring.
    Debu: Packet from 192.168.0.2: proto: 2 hdrlen: 24 iplen: 8 or 2048
    Note: RECV V2 member report   from 192.168.0.2     to 239.35.129.11 (ip_hl 24, data 8)
    Debu: Should insert group 239.35.129.11 (from: 192.168.0.2) to route table. Vif Ix : 0
    Debu: No existing route for 239.35.129.11\. Create new.
    Debu: Found existing routes. Find insert location.
    Debu: Inserting at beginning, before route 239.255.255.250
    Info: Inserted route table entry for 239.35.129.11 on VIF #0
    Debu: Joining group 239.35.129.11 upstream on IF address 79.238.127.78
    Note: joinMcGroup: 239.35.129.11 on ng0
    Debu:
    Current routing table (Insert Route);
    -----------------------------------------------------
    
    Debu: #0: Dst: 239.35.129.11, Age:2, St: I, OutVifs: 0x00000001
    Debu: #1: Dst: 239.255.255.250, Age:2, St: I, OutVifs: 0x00000001
    Debu:
    -----------------------------------------------------
    
    Debu: Eliminate compiler warning for field type = 22
    Debu: Packet from 79.238.127.78: proto: 2 hdrlen: 24 iplen: 8 or 2048
    Note: RECV V2 member report   from 79.238.127.78   to 239.35.129.11 (ip_hl 24, data 8)
    Note: The IGMP message was from myself. Ignoring.
    Debu: Packet from 192.168.0.2: proto: 2 hdrlen: 24 iplen: 8 or 2048
    Note: RECV V2 member report   from 192.168.0.2     to 239.35.129.11 (ip_hl 24, data 8)
    Debu: Should insert group 239.35.129.11 (from: 192.168.0.2) to route table. Vif Ix : 0
    Info: Updated route entry for 239.35.129.11 on VIF #0
    Debu:
    Current routing table (Insert Route);
    -----------------------------------------------------
    
    Debu: #0: Dst: 239.35.129.11, Age:2, St: I, OutVifs: 0x00000001
    Debu: #1: Dst: 239.255.255.250, Age:2, St: I, OutVifs: 0x00000001
    Debu:
    -----------------------------------------------------
    
    Debu: Eliminate compiler warning for field type = 22
    Debu: Packet from 192.168.0.2: proto: 2 hdrlen: 24 iplen: 8 or 2048
    Note: RECV V2 member report   from 192.168.0.2     to 224.0.0.251 (ip_hl 24, data 8)
    Debu: Should insert group 224.0.0.251 (from: 192.168.0.2) to route table. Vif Ix : 0
    Debu: No existing route for 224.0.0.251\. Create new.
    Debu: Found existing routes. Find insert location.
    Debu: Inserting after route 239.255.255.250
    Info: Inserted route table entry for 224.0.0.251 on VIF #0
    Debu: Joining group 224.0.0.251 upstream on IF address 79.238.127.78
    Note: joinMcGroup: 224.0.0.251 on ng0
    Debu:
    Current routing table (Insert Route);
    -----------------------------------------------------
    
    Debu: #0: Dst: 239.35.129.11, Age:2, St: I, OutVifs: 0x00000001
    Debu: #1: Dst: 239.255.255.250, Age:2, St: I, OutVifs: 0x00000001
    Debu: #2: Dst: 224.0.0.251, Age:2, St: I, OutVifs: 0x00000001
    Debu:
    -----------------------------------------------------
    
    Debu: Eliminate compiler warning for field type = 22
    Debu: Packet from 79.238.127.78: proto: 2 hdrlen: 24 iplen: 8 or 2048
    Note: RECV V2 member report   from 79.238.127.78   to 224.0.0.251 (ip_hl 24, data 8)
    Note: The IGMP message was from myself. Ignoring.
    Debu: Packet from 79.238.127.78: proto: 2 hdrlen: 24 iplen: 8 or 2048
    Note: RECV V2 member report   from 79.238.127.78   to 239.35.129.11 (ip_hl 24, data 8)
    Note: The IGMP message was from myself. Ignoring.
    Debu: Packet from 192.168.0.10: proto: 2 hdrlen: 24 iplen: 8 or 2048
    Note: RECV V2 member report   from 192.168.0.10    to 224.0.0.2 (ip_hl 24, data 8)
    Note: The IGMP message was from myself. Ignoring.
    Debu: Packet from 192.168.0.2: proto: 2 hdrlen: 24 iplen: 8 or 2048
    Note: RECV Leave message      from 192.168.0.2     to 224.0.0.2 (ip_hl 24, data 8)
    Debu: Got leave message from 192.168.0.2 to 239.35.129.11\. Starting last member detection.
    Debu: Leaving group 239.35.129.11 upstream on IF address 79.238.127.78
    Note: leaveMcGroup: 239.35.129.11 on ng0
    Debu: SENT Membership query   from 192.168.0.10    to 239.35.129.11
    Debu: Sent membership query from 192.168.0.10 to 239.35.129.11\. Delay: 10
    Debu: Created timeout 3 (#1) - delay 8 secs
    Debu: (Id:1, Time:2)
    Debu: (Id:3, Time:8)
    Debu: (Id:2, Time:13)
    Debu: Packet from 192.168.0.2: proto: 2 hdrlen: 24 iplen: 8 or 2048
    Note: RECV V2 member report   from 192.168.0.2     to 239.35.140.11 (ip_hl 24, data 8)
    Debu: Should insert group 239.35.140.11 (from: 192.168.0.2) to route table. Vif Ix : 0
    Debu: No existing route for 239.35.140.11\. Create new.
    Debu: Found existing routes. Find insert location.
    Debu: Inserting after route 239.35.129.11
    Info: Inserted route table entry for 239.35.140.11 on VIF #0
    Debu: Joining group 239.35.140.11 upstream on IF address 79.238.127.78
    Note: joinMcGroup: 239.35.140.11 on ng0
    Debu:
    Current routing table (Insert Route);
    -----------------------------------------------------
    
    Debu: #0: Dst: 239.35.129.11, Age:2, St: I, OutVifs: 0x00000001
    Debu: #1: Dst: 239.35.140.11, Age:2, St: I, OutVifs: 0x00000001
    Debu: #2: Dst: 239.255.255.250, Age:2, St: I, OutVifs: 0x00000001
    Debu: #3: Dst: 224.0.0.251, Age:2, St: I, OutVifs: 0x00000001
    Debu:
    -----------------------------------------------------
    
    Debu: Eliminate compiler warning for field type = 22
    Debu: Packet from 79.238.127.78: proto: 2 hdrlen: 24 iplen: 8 or 2048
    Note: RECV V2 member report   from 79.238.127.78   to 239.35.140.11 (ip_hl 24, data 8)
    Note: The IGMP message was from myself. Ignoring.
    Debu: Packet from 192.168.0.2: proto: 2 hdrlen: 24 iplen: 8 or 2048
    Note: RECV V2 member report   from 192.168.0.2     to 239.35.140.11 (ip_hl 24, data 8)
    Debu: Should insert group 239.35.140.11 (from: 192.168.0.2) to route table. Vif Ix : 0
    Info: Updated route entry for 239.35.140.11 on VIF #0
    Debu:
    Current routing table (Insert Route);
    -----------------------------------------------------
    
    Debu: #0: Dst: 239.35.129.11, Age:2, St: I, OutVifs: 0x00000001
    Debu: #1: Dst: 239.35.140.11, Age:2, St: I, OutVifs: 0x00000001
    Debu: #2: Dst: 239.255.255.250, Age:2, St: I, OutVifs: 0x00000001
    Debu: #3: Dst: 224.0.0.251, Age:2, St: I, OutVifs: 0x00000001
    Debu:
    -----------------------------------------------------
    
    Debu: Eliminate compiler warning for field type = 22
    Debu: Packet from 79.238.127.78: proto: 2 hdrlen: 24 iplen: 8 or 2048
    Note: RECV V2 member report   from 79.238.127.78   to 239.255.255.250 (ip_hl 24, data 8)
    Note: The IGMP message was from myself. Ignoring.
    Debu: About to call timeout 1 (#0)
    Debu: Aging routes in table.
    Debu:
    Current routing table (Age active routes);
    -----------------------------------------------------
    
    Debu: #0: Dst: 239.35.129.11, Age:2, St: I, OutVifs: 0x00000001
    Debu: #1: Dst: 239.35.140.11, Age:2, St: I, OutVifs: 0x00000001
    Debu: #2: Dst: 239.255.255.250, Age:1, St: I, OutVifs: 0x00000001
    Debu: #3: Dst: 224.0.0.251, Age:1, St: I, OutVifs: 0x00000001
    Debu:
    -----------------------------------------------------
    
    Debu: Packet from 79.238.127.78: proto: 2 hdrlen: 24 iplen: 8 or 2048
    Note: RECV V2 member report   from 79.238.127.78   to 224.0.0.251 (ip_hl 24, data 8)
    Note: The IGMP message was from myself. Ignoring.
    Debu: Packet from 217.0.119.33: proto: 2 hdrlen: 24 iplen: 12 or 3072
    Note: RECV Membership query   from 217.0.119.33    to 224.0.0.1 (ip_hl 24, data 12)
    Debu: Packet from 79.238.127.78: proto: 2 hdrlen: 24 iplen: 8 or 2048
    Note: RECV V2 member report   from 79.238.127.78   to 224.0.0.251 (ip_hl 24, data 8)
    Note: The IGMP message was from myself. Ignoring.
    Debu: Packet from 79.238.127.78: proto: 2 hdrlen: 24 iplen: 8 or 2048
    Note: RECV V2 member report   from 79.238.127.78   to 239.255.255.250 (ip_hl 24, data 8)
    Note: The IGMP message was from myself. Ignoring.
    ^CWarn: select() failure; Errno(4): Interrupted system call
    Note: Got a interupt signal. Exiting.
    Debu: clean handler called
    Debu: Removing route entry for 239.35.129.11
    Note: Route is not active. No kernel updates done.
    Debu: Leaving group 239.35.129.11 upstream on IF address 79.238.127.78
    Note: leaveMcGroup: 239.35.129.11 on ng0
    Warn: MRT_DROP_MEMBERSHIP failed; Errno(49): Can't assign requested address
    Debu: Removing route entry for 239.35.140.11
    Note: Route is not active. No kernel updates done.
    Debu: Leaving group 239.35.140.11 upstream on IF address 79.238.127.78
    Note: leaveMcGroup: 239.35.140.11 on ng0
    Debu: Removing route entry for 239.255.255.250
    Note: Route is not active. No kernel updates done.
    Debu: Leaving group 239.255.255.250 upstream on IF address 79.238.127.78
    Note: leaveMcGroup: 239.255.255.250 on ng0
    Debu: Removing route entry for 224.0.0.251
    Note: Route is not active. No kernel updates done.
    Debu: Leaving group 224.0.0.251 upstream on IF address 79.238.127.78
    Note: leaveMcGroup: 224.0.0.251 on ng0
    Note: All routes removed. Routing table is empty.
    Info: Shutdown complete....
    #</johnny@rlo.org> 
    

Log in to reply