Multicast routing.
-
Hi,
first at all. I'm in the same situation like you.
I searched many days in the internet for a solution. But there is no one with freebsd. Freebsd has no IGMP Proxy what is needed for the way of routing that igmpv3 traffic. Linux has a pretty old one but it works. So atm I use another linux box as my WAN Gateway for the IGMP routing and the pfSense Box behind.
-
On latest builds of 2.0 there should be igmpproxy daemon included.
######################################################## # # Example configuration file for the IgmpProxy # -------------------------------------------- # # The configuration file must define one upstream # interface, and one or more downstream interfaces. # # If multicast traffic originates outside the # upstream subnet, the "altnet" option can be # used in order to define legal multicast sources. # (See example...) # # The "quickleave" should be used to avoid saturation # of the upstream link. The option should only # be used if it's absolutely necessary to # accurately imitate just one Client. # ######################################################## ##------------------------------------------------------ ## Enable Quickleave mode (Sends Leave instantly) ##------------------------------------------------------ quickleave ##------------------------------------------------------ ## Configuration for em0 (Upstream Interface) ##------------------------------------------------------ phyint em0 upstream ratelimit 0 threshold 1 altnet 10.0.0.0/8 # altnet 132.185.0.0/16 # BBC multicast trial # altnet 217.0.119.0/24 # T-Home Entertain # altnet 193.158.35.0/24 # T-Home Entertain ##------------------------------------------------------ ## Configuration for ipw0 (Downstream Interface) ##------------------------------------------------------ phyint ipw0 downstream ratelimit 0 threshold 1 ##------------------------------------------------------ ## Configuration for lo0 (Disabled Interface) ##------------------------------------------------------ phyint lo0 disabled
This is a configuration sample file try it out and tell me how it did go.
I will try to add a simple GUI as time permits. For now just the daemon is ok.
You need to run it with igmpproxy -c $path_to_config_file
to see the logging on console just append -d to the options so it doesn't detaches.You need to create even rules that express the ones below
pass in on $WAN inet proto udp to 224.0.0.0/4 pass out on $WAN inet proto igmp from $WANIP to 224.0.0.0/4 allow-opts pass in on $LANINT inet proto igmp from $SETBOX to 224.0.0.0/4 allow-opts pass in on $LANINT inet proto udp from $SETBOX pass in on $LANINT inet proto tcp from $SETBOX
Beaware that the rules are a little to permissibe if you know the ip/net that you multicast traffic uses specify it instead of the whole multicast reserved range.
-
@ermal:
Beaware that the rules are a little to permissibe if you know the ip/net that you multicast traffic uses specify it instead of the whole multicast reserved range.
You got them already in your config:
# altnet 217.0.119.0/24 # T-Home Entertain
# altnet 193.158.35.0/24 # T-Home EntertainThat are german Telekom's IP-TV subnets (known as T-mobile in the US as well). FWIW
-
Does it work for those having that service is what i want to know :)
-
hi,
this may sound stupid but i can't start the proxy…
if i run "igmpproxy -c /var/etc/igmproxy.conf" via ssh shell all i get is:
igmpproxy -c /var/etc/igmproxy.conf
igmpproxy: not found
;)
Edit: i just found the reason why its not "working" the igmpproxy was added on 2008-Dec-30 but the last snapshot is from Dec-26 :P
-
hi,
since there are finally new snapshots:
according to this: http://cvstrac.pfsense.org/chngview?cn=26831
the igmpproxy bin file should be /usr/local/sbin/igmpproxy
but in the latest build(20090105-1233) that file is missing, which leads to the same error message:
igmpproxy -c /var/etc/igmproxy.conf
igmpproxy: not found
-
hi again,
since the bin file is finally there:
i can start the igmpproxy now but sadly either I'm doing something wrong or it has a bug, since its not routing any multicasts all…
might be related to this debug info from igmpproxy -d
Debu: About to call timeout 6 (#0)
Info: sendto to 224.0.0.1 on 192.168.0.10; Errno(22): Invalid argument
Debu: SENT Membership query from 192.168.0.10 to 224.0.0.1
Debu: Sent membership query from 192.168.0.10 to 224.0.0.1. Delay: 10
Debu: Created timeout 7 (#0) - delay 10 secsI believe i got the firewall routes part right, since there are no blocked entrys in the firewall log…
igmp config:
######################################################## # # Example configuration file for the IgmpProxy # -------------------------------------------- # # The configuration file must define one upstream # interface, and one or more downstream interfaces. # # If multicast traffic originates outside the # upstream subnet, the "altnet" option can be # used in order to define legal multicast sources. # (See example...) # # The "quickleave" should be used to avoid saturation # of the upstream link. The option should only # be used if it's absolutely necessary to # accurately imitate just one Client. # ######################################################## ##------------------------------------------------------ ## Enable Quickleave mode (Sends Leave instantly) ##------------------------------------------------------ quickleave ##------------------------------------------------------ ## Configuration for em0 (Upstream Interface) ##------------------------------------------------------ phyint pppoe0 upstream ratelimit 0 threshold 1 altnet 217.0.119.0/24 # T-Home Entertain altnet 193.158.35.0/24 # T-Home Entertain altnet 192.168.0.0/24 # test ##------------------------------------------------------ ## Configuration for ipw0 (Downstream Interface) ##------------------------------------------------------ phyint em0 downstream ratelimit 0 threshold 1 ##------------------------------------------------------ ## Configuration for lo0 (Disabled Interface) ##------------------------------------------------------ phyint lo0 disabled
some more debug info:
# igmpproxy -d igmpproxy, Version 0.1 beta2, Build 090105 Copyright 2005 by Johnny Egeland <johnny@rlo.org> Distributed under the GNU GENERAL PUBLIC LICENSE, Version 2 - check GPL.txt Debu: Searching for config file at '/etc/igmpproxy.conf' Debu: Config: Quick leave mode enabled. Debu: Config: Got a phyint token. Debu: Config: IF: Config for interface pppoe0. Debu: Config: IF: Got upstream token. Debu: Config: IF: Got ratelimit token '0'. Debu: Config: IF: Got threshold token '1'. Debu: Config: IF: Got altnet token 217.0.119.0/24. Debu: Config: IF: Altnet: Parsed altnet to 217.0.119/24. Debu: Config: IF: Got altnet token 193.158.35.0/24. Debu: Config: IF: Altnet: Parsed altnet to 193.158.35/24. Debu: Config: IF: Got altnet token 192.168.0.0/24. Debu: Config: IF: Altnet: Parsed altnet to 192.168.0/24. Debu: IF name : pppoe0 Debu: Next ptr : 0 Debu: Ratelimit : 0 Debu: Threshold : 1 Debu: State : 1 Debu: Allowednet ptr : 2820c040 Debu: Config: Got a phyint token. Debu: Config: IF: Config for interface em0. Debu: Config: IF: Got downstream token. Debu: Config: IF: Got ratelimit token '0'. Debu: Config: IF: Got threshold token '1'. Debu: IF name : em0 Debu: Next ptr : 0 Debu: Ratelimit : 0 Debu: Threshold : 1 Debu: State : 2 Debu: Allowednet ptr : 0 Debu: Config: Got a phyint token. Debu: Config: IF: Config for interface lo0. Debu: IF name : lo0 Debu: Next ptr : 0 Debu: Ratelimit : 0 Debu: Threshold : 1 Debu: State : 2 Debu: Allowednet ptr : 0 Debu: Adding Physical Index value of IF 'em0' is 1 Debu: buildIfVc: Interface em0 Addr: 192.168.0.10, Flags: 0xffff8843, Network: 192.168.0/24 Debu: Adding Physical Index value of IF 'lo0' is 6 Debu: buildIfVc: Interface lo0 Addr: 127.0.0.1, Flags: 0xffff8049, Network: 127/8 Debu: Adding Physical Index value of IF 'pppoe0' is 9 Debu: buildIfVc: Interface pppoe0 Addr: 87.144.192.239, Flags: 0xffff88d1, Network: 87.144.192.239/32 Debu: Found config for em0 Debu: Found config for pppoe0 Note: adding VIF, Ix 0 Fl 0x0 IP 0x0a00a8c0 em0, Threshold: 1, Ratelimit: 0 Debu: Network for [em0] : 192.168.0/24 Note: adding VIF, Ix 1 Fl 0x0 IP 0xefc09057 pppoe0, Threshold: 1, Ratelimit: 0 Debu: Network for [pppoe0] : 87.144.192.239/32 Debu: Network for [pppoe0] : 217.0.119/24 Debu: Network for [pppoe0] : 193.158.35/24 Debu: Network for [pppoe0] : 192.168.0/24 Debu: Got 232448 byte buffer size in 8 iterations Debu: Joining all-routers group 224.0.0.2 on vif 192.168.0.10 Note: joinMcGroup: 224.0.0.2 on em0 Info: sendto to 224.0.0.1 on 192.168.0.10; Errno(22): Invalid argument Debu: SENT Membership query from 192.168.0.10 to 224.0.0.1 Debu: Sent membership query from 192.168.0.10 to 224.0.0.1\. Delay: 10 Debu: Created timeout 1 (#0) - delay 10 secs Debu: (Id:1, Time:10) Debu: Created timeout 2 (#1) - delay 21 secs Debu: (Id:1, Time:10) Debu: (Id:2, Time:21) Debu: About to call timeout 1 (#0) Debu: Aging routes in table. Debu: Current routing table (Age active routes); ----------------------------------------------------- Debu: No routes in table... Debu: -----------------------------------------------------</johnny@rlo.org>
-
Hi,
I stumbled across the same problem as the6thday, but was able to solve the issue.
The vital part of his configuration file again:
##------------------------------------------------------ ## Configuration for em0 (Upstream Interface) ##------------------------------------------------------ phyint pppoe0 upstream ratelimit 0 threshold 1 altnet 217.0.119.0/24 # T-Home Entertain altnet 193.158.35.0/24 # T-Home Entertain altnet 192.168.0.0/24 # test ##------------------------------------------------------ ## Configuration for ipw0 (Downstream Interface) ##------------------------------------------------------ phyint em0 downstream ratelimit 0 threshold 1
In the description for the first interface, it says "Configuration for em0", while you configure pppoe0. For the second interface it says "Configuration for ipw0", while you configure em0. To me it seems you bound em0 to the ADSL connection, so pppoe0. The LAN part, 192.168.0.0/24 has to be bound to another device, which I assume to be ipw0 in your case.
Please note that ANY interface except pppoe0 and the corresponding network card (e.g. em0) has to be disabled to let igmpproxy work correctly. So if you apparently use the ipw0 interface or any other, you have to disable it in the configuration file with "phyint [device] disabled" - this is mandatory!
Now the bad news: For me, it made the error disappear, though I still couldn't make it work.
IGMPPROXY works 100% on my Ubuntu machine for T-Entertain, though I will not give up supporting you guys until the Multicast issue is resolved.
If I have any news, I will keep you updated - would appreciate if you you guys would do the same.
Cheers,
Frank LaVerne
-
I'm not sure i really understand what you did to solve the error but this is my new config file (still not working and still showing the same error message):
######################################################## # # Example configuration file for the IgmpProxy # -------------------------------------------- # # The configuration file must define one upstream # interface, and one or more downstream interfaces. # # If multicast traffic originates outside the # upstream subnet, the "altnet" option can be # used in order to define legal multicast sources. # (See example...) # # The "quickleave" should be used to avoid saturation # of the upstream link. The option should only # be used if it's absolutely necessary to # accurately imitate just one Client. # ######################################################## ##------------------------------------------------------ ## Enable Quickleave mode (Sends Leave instantly) ##------------------------------------------------------ quickleave ##------------------------------------------------------ ## Configuration for WAN (pppoe0) (Upstream Interface) ##------------------------------------------------------ phyint pppoe0 upstream ratelimit 0 threshold 1 altnet 217.0.119.0/24 # T-Home Entertain altnet 193.158.35.0/24 # T-Home Entertain altnet 192.168.0.0/24 # LAN IP SUBNET ##------------------------------------------------------ ## Configuration for your LAN (em0) (Downstream Interface) ##------------------------------------------------------ phyint em0 downstream ratelimit 0 threshold 1 ##------------------------------------------------------ ## Configuration for anything else (Disabled Interfaces) ##------------------------------------------------------ phyint lo0 disabled phyint em1 disabled phyint em2 disabled phyint ath0 disabled phyint pfsync0 disabled phyint enc0 disabled phyint pflog0 disabled
-
After checking it with my linux router again, I have to say: What I did was effective, yet quite stupid :) I have disabled my LAN device, so it won't try to send multicast membership queries bump
So we both are in the same situation again.
I have read about the problem before here, where you can get quite detailed information on the subject:
http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2008-06/msg00344.html
I seriously think that the line
Info: sendto to 224.0.0.1 on x.x.x.x; Errno(22): Invalid argument
tells us that the membership queries are not successfully sent to it's destination. At the current moment I assume that the sendto routine that is used by *BSD is different to the Linux one, and therefore might produce a problem, though I better keep my big fat mouth shut after my assumptions made earlier ;D
I will keep trying and will write as soon as I have news again.
Cheers,
Frank
-
Hi again,
iirc the igmpproxy version included in the ALPHA builds is the one from the OpenBSD ports (correct me if I am wrong), which not only I seem to have a big problem with, since it's not working correctly.
As far as I have read, there is new port for FreeBSD coming up that has been reported to have been tested:
http://www.freebsd.org/cgi/query-pr.cgi?pr=130174
Could anybody check this and, if possible, include this version in the ALPHA builds? I would be glad to get my hands on this one for testing, since it sounds quite promising.
Cheers,
Frank
-
pass in on $WAN inet proto udp to 224.0.0.0/4 pass out on $WAN inet proto igmp from $WANIP to 224.0.0.0/4 allow-opts pass in on $LANINT inet proto igmp from $SETBOX to 224.0.0.0/4 allow-opts pass in on $LANINT inet proto udp from $SETBOX pass in on $LANINT inet proto tcp from $SETBOX
I have searched files and found similar strings like this in /etc/inc/filter.inc but am unsure if this is the right file to plug into. Where else other than the gui can I create these rules?
Dzieki
-
Ok can everybody try the latest snapshot it has improvements and you can set the allow-opts option under "Advanced options" selections.
It is presented as a checkbox. -
would this work to route multicast through a vpn or am i still dreaming?
-
It should help if you have correct spd for the ipsec
-
Hmm seems still not to work. Some explanation:
10.123.104.100 -> Media Receiver
10.123.104.0/24 -> IPTV Subnet on VLAN8# igmpproxy -d -c /var/etc/igmpproxy.conf igmpproxy, Version 0.1 beta2, Build 090105 Copyright 2005 by Johnny Egeland <johnny@rlo.org>Distributed under the GNU GENERAL PUBLIC LICENSE, Version 2 - check GPL.txt Debu: Searching for config file at '/var/etc/igmpproxy.conf' Debu: Config: Quick leave mode enabled. Debu: Config: Got a phyint token. Debu: Config: IF: Config for interface pppoe0. Debu: Config: IF: Got upstream token. Debu: Config: IF: Got ratelimit token '0'. Debu: Config: IF: Got threshold token '1'. Debu: Config: IF: Got altnet token 217.0.119.0/24. Debu: Config: IF: Altnet: Parsed altnet to 217.0.119/24. Debu: Config: IF: Got altnet token 193.158.35.0/24. Debu: Config: IF: Altnet: Parsed altnet to 193.158.35/24. Debu: IF name : pppoe0 Debu: Next ptr : 0 Debu: Ratelimit : 0 Debu: Threshold : 1 Debu: State : 1 Debu: Allowednet ptr : 2820c040 Debu: Config: Got a phyint token. Debu: Config: IF: Config for interface vlan8. Debu: Config: IF: Got downstream token. Debu: Config: IF: Got ratelimit token '0'. Debu: Config: IF: Got threshold token '1'. Debu: IF name : vlan8 Debu: Next ptr : 0 Debu: Ratelimit : 0 Debu: Threshold : 1 Debu: State : 2 Debu: Allowednet ptr : 0 Debu: Config: Got a phyint token. Debu: Config: IF: Config for interface lo0. Debu: Config: IF: Got disabled token. Debu: IF name : lo0 Debu: Next ptr : 0 Debu: Ratelimit : 0 Debu: Threshold : 1 Debu: State : 0 Debu: Allowednet ptr : 0 Debu: Config: Got a phyint token. Debu: Config: IF: Config for interface vlan1. Debu: Config: IF: Got disabled token. Debu: IF name : vlan1 Debu: Next ptr : 0 Debu: Ratelimit : 0 Debu: Threshold : 1 Debu: State : 0 Debu: Allowednet ptr : 0 Debu: Config: Got a phyint token. Debu: Config: IF: Config for interface vlan7. Debu: Config: IF: Got disabled token. Debu: IF name : vlan7 Debu: Next ptr : 0 Debu: Ratelimit : 0 Debu: Threshold : 1 Debu: State : 0 Debu: Allowednet ptr : 0 Debu: Config: Got a phyint token. Debu: Config: IF: Config for interface vlan3. Debu: Config: IF: Got disabled token. Debu: IF name : vlan3 Debu: Next ptr : 0 Debu: Ratelimit : 0 Debu: Threshold : 1 Debu: State : 0 Debu: Allowednet ptr : 0 Debu: Config: Got a phyint token. Debu: Config: IF: Config for interface vlan4. Debu: IF name : vlan4 Debu: Next ptr : 0 Debu: Ratelimit : 0 Debu: Threshold : 1 Debu: State : 2 Debu: Allowednet ptr : 0 Debu: Adding Physical Index value of IF 'lo0' is 6 Debu: buildIfVc: Interface lo0 Addr: 127.0.0.1, Flags: 0xffff8049, Network: 127/8 Debu: Adding Physical Index value of IF 'vlan0' is 9 Debu: buildIfVc: Interface vlan0 Addr: 10.123.101.254, Flags: 0xffff8843, Network: 10.123.101/24 Debu: buildIfVc: Interface vlan0 Addr: 10.123.101.254, Flags: 0xffff8843, Network: 10.123.100.8/29 Debu: buildIfVc: Interface vlan0 Addr: 10.123.101.254, Flags: 0xffff8843, Network: 10.123.100.24/29 Debu: Adding Physical Index value of IF 'vlan2' is 11 Debu: buildIfVc: Interface vlan2 Addr: 172.20.43.136, Flags: 0xffff8843, Network: 172.20/16 Debu: Adding Physical Index value of IF 'vlan3' is 12 Debu: buildIfVc: Interface vlan3 Addr: 10.123.102.254, Flags: 0xffff8843, Network: 10.123.102/24 Debu: buildIfVc: Interface vlan3 Addr: 10.123.102.254, Flags: 0xffff8843, Network: 10.123.100.16/29 Debu: Adding Physical Index value of IF 'vlan4' is 13 Debu: buildIfVc: Interface vlan4 Addr: 10.123.104.254, Flags: 0xffff8843, Network: 10.123.104/24 Debu: Adding Physical Index value of IF 'pppoe0' is 14 Debu: buildIfVc: Interface pppoe0 Addr: 87.154.197.225, Flags: 0xffff88d1, Network: 87.154.197.225/32 Debu: Found config for vlan3 Debu: Found config for vlan4 Debu: Found config for pppoe0 Note: adding VIF, Ix 0 Fl 0x0 IP 0xfe657b0a vlan0, Threshold: 1, Ratelimit: 0 Debu: Network for [vlan0] : 10.123.100.24/29 Debu: Network for [vlan0] : 10.123.100.8/29 Debu: Network for [vlan0] : 10.123.101/24 Note: adding VIF, Ix 1 Fl 0x0 IP 0x882b14ac vlan2, Threshold: 1, Ratelimit: 0 Debu: Network for [vlan2] : 172.20/16 Note: adding VIF, Ix 2 Fl 0x0 IP 0xfe667b0a vlan3, Threshold: 1, Ratelimit: 0 Debu: Network for [vlan3] : 10.123.100.16/29 Debu: Network for [vlan3] : 10.123.102/24 Note: adding VIF, Ix 3 Fl 0x0 IP 0xfe687b0a vlan4, Threshold: 1, Ratelimit: 0 Debu: Network for [vlan4] : 10.123.104/24 Note: adding VIF, Ix 4 Fl 0x0 IP 0xe1c59a57 pppoe0, Threshold: 1, Ratelimit: 0 Debu: Network for [pppoe0] : 87.154.197.225/32 Debu: Network for [pppoe0] : 217.0.119/24 Debu: Network for [pppoe0] : 193.158.35/24 Debu: Got 232448 byte buffer size in 8 iterations Debu: Joining all-routers group 224.0.0.2 on vif 10.123.101.254 Note: joinMcGroup: 224.0.0.2 on vlan0 Debu: Joining all-routers group 224.0.0.2 on vif 172.20.43.136 Note: joinMcGroup: 224.0.0.2 on vlan2 Debu: Joining all-routers group 224.0.0.2 on vif 10.123.104.254 Note: joinMcGroup: 224.0.0.2 on vlan4 Info: sendto to 224.0.0.1 on 10.123.101.254; Errno(22): Invalid argument Debu: SENT Membership query from 10.123.101.254 to 224.0.0.1 Debu: Sent membership query from 10.123.101.254 to 224.0.0.1\. Delay: 10 Info: sendto to 224.0.0.1 on 172.20.43.136; Errno(22): Invalid argument Debu: SENT Membership query from 172.20.43.136 to 224.0.0.1 Debu: Sent membership query from 172.20.43.136 to 224.0.0.1\. Delay: 10 Info: sendto to 224.0.0.1 on 10.123.104.254; Errno(22): Invalid argument Debu: SENT Membership query from 10.123.104.254 to 224.0.0.1 Debu: Sent membership query from 10.123.104.254 to 224.0.0.1\. Delay: 10 Debu: Created timeout 1 (#0) - delay 10 secs Debu: (Id:1, Time:10) Debu: Created timeout 2 (#1) - delay 21 secs Debu: (Id:1, Time:10) Debu: (Id:2, Time:21) Warn: received packet from 10.123.104.100 shorter (40 bytes) than hdr+data length (24+4072) Warn: received packet from 10.123.104.100 shorter (40 bytes) than hdr+data length (24+4072) Warn: received packet from 10.123.104.100 shorter (40 bytes) than hdr+data length (24+4072) Debu: About to call timeout 1 (#0) Debu: Aging routes in table. Debu: Current routing table (Age active routes); ----------------------------------------------------- Debu: No routes in table... Debu: ----------------------------------------------------- Warn: received packet from 10.123.104.100 shorter (40 bytes) than hdr+data length (24+4072) Warn: received packet from 10.123.104.100 shorter (40 bytes) than hdr+data length (24+4072)</johnny@rlo.org>
And here my config:
##------------------------------------------------------ ## Enable Quickleave mode (Sends Leave instantly) ##------------------------------------------------------ quickleave ##------------------------------------------------------ ## Configuration for em0 (Upstream Interface) ##------------------------------------------------------ phyint pppoe0 upstream ratelimit 0 threshold 1 # altnet 10.0.0.0/8 # altnet 132.185.0.0/16 # BBC multicast trial altnet 217.0.119.0/24 # T-Home Entertain altnet 193.158.35.0/24 # T-Home Entertain ##------------------------------------------------------ ## Configuration for ipw0 (Downstream Interface) ##------------------------------------------------------ phyint vlan8 downstream ratelimit 0 threshold 1 ##------------------------------------------------------ ## Configuration for lo0 (Disabled Interface) ##------------------------------------------------------ phyint lo0 disabled phyint vlan1 disabled phyint vlan7 disabled phyint vlan3 disabled phyint vlan4 disabled
-
Can you pose a packet trace with tcpdump on the interface that you are supposed to get igmp traffic with tcpdump -i $interface -s 0 proto igmp or without the traffic filter 'proto igmp'.
-
http://www.file-upload.net/download-1408907/iptv.dump.html
Okay this is the dump.
-
Hmm can any of you try setting the interfaces where multicast should pass in promisous mode with
ifconfig $interface promiscand after that start the proxy?
If it does not work ok in the latest snapshot which have an update on igmpproxy. -
the last 2 snapshots i've tried are now missing igmpproxy