Multicast is not working with net.link.bridge.pfil_bridge



  • Hi

    I have a bridge interface for my IPTV and it is working fine. However I would like to create a firewall rule on the bridge interface and based on my reading I need to enable it by setting net.link.bridge.pfil_bridge to 1. I did that but now my IPTV could not work with that setting. I have created a rule that permits everything on the bridge interface but it has not yet worked. It works fine again if I set net.link.bridge.pfil_bridge to 0. My IPTV has a network diagnostic feature and when I run it, all network tests are successful until the Multicast test. So I believe this is a Multicast issue. Is there any other setting required for Multicast? Firewall details are shown below.

    Please help. Thanks.

    Version 2.4.4-RELEASE-p2 (amd64)
    built on Wed Dec 12 07:40:18 EST 2018
    FreeBSD 11.2-RELEASE-p6

    The system is on the latest version.
    Version information updated at Sat May 4 8:09:11
    CPU Type Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
    4 CPUs: 1 package(s) x 4 core(s)
    AES-NI CPU Crypto: No
    Kernel PTI Enabled
    Uptime 04 Hours 34 Minutes 12 Seconds
    Current date/time
    Sat May 4 8:35:01

    Last config change Sat May 4 8:17:21
    State table size
    0% (132/188000) Show states
    MBUF Usage
    3% (3046/117206)
    Temperature
    26.9°C
    Load average
    0.08, 0.08, 0.08
    CPU usage
    3%
    Memory usage
    15% of 1881 MiB
    SWAP usage
    0% of 4095 MiB
    Disk usage:
    /
    10% of 112GiB - ufs
    /var/run
    3% of 3.4MiB - ufs in RAM



  • Hi

    I have solved the problem by following this recommendation:

    https://www.reddit.com/r/PFSENSE/comments/89sfw4/pfsense_and_iptv_igmp_proxy/

    I've skimmed the Ubiquiti thread and it looks like this is what you need to do to adapt my CenturyLink guide to Fioptics:

    1. Now to configure the IGMP proxy
    2. Go into the pfSense Web UI and navigate to "Services" -> "IGMP proxy"
    3. Click the "+" button to add a new upstream proxy as follows:
      Interface: WAN
      Description: Fioptics Upstream
      Type: Upstream Interface
      Threshold: Leave empty
      Networks: 10.0.0.0/8
      Save the changes
    4. Back at the IGMP proxy screen, click the "+" button to add a new downstream proxy as follows:
      Interface: LAN
      Description: Fioptics Downstream
      Type: Downstream Interface
      Threshold: Leave empty
      Networks: 239.0.0.0/8
      Save the changes
      In the "WAN Rules" section, add the first two and also this one (not sure if it's necessary, but I don't think it will hurt):
      Action: Pass
      Interface: WAN
      TCP/IP Version: IPv4
      Protocol: UDP
      Source: Network, 10.0.0.0/8
      Destination: any
      Log: unchecked
      Description: Fioptics Multicast UDP
      Advanced features -> Advanced options -> Check the box next to "This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic."
      On your WAN interface, you will likely need to uncheck the Block private networks and loopback addresses and Block bogon networks options.
      You don't need to do any fiddling with the igmpproxy package or editing services.inc anymore on the 2.4 series. Everything else should still apply.
      I think (hope) that's all. Good luck! Let us know how it goes.

Log in to reply