Multicast is not working with net.link.bridge.pfil_bridge
-
Hi
I have a bridge interface for my IPTV and it is working fine. However I would like to create a firewall rule on the bridge interface and based on my reading I need to enable it by setting net.link.bridge.pfil_bridge to 1. I did that but now my IPTV could not work with that setting. I have created a rule that permits everything on the bridge interface but it has not yet worked. It works fine again if I set net.link.bridge.pfil_bridge to 0. My IPTV has a network diagnostic feature and when I run it, all network tests are successful until the Multicast test. So I believe this is a Multicast issue. Is there any other setting required for Multicast? Firewall details are shown below.
Please help. Thanks.
Version 2.4.4-RELEASE-p2 (amd64)
built on Wed Dec 12 07:40:18 EST 2018
FreeBSD 11.2-RELEASE-p6The system is on the latest version.
Version information updated at Sat May 4 8:09:11
CPU Type Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
4 CPUs: 1 package(s) x 4 core(s)
AES-NI CPU Crypto: No
Kernel PTI Enabled
Uptime 04 Hours 34 Minutes 12 Seconds
Current date/time
Sat May 4 8:35:01Last config change Sat May 4 8:17:21
State table size
0% (132/188000) Show states
MBUF Usage
3% (3046/117206)
Temperature
26.9°C
Load average
0.08, 0.08, 0.08
CPU usage
3%
Memory usage
15% of 1881 MiB
SWAP usage
0% of 4095 MiB
Disk usage:
/
10% of 112GiB - ufs
/var/run
3% of 3.4MiB - ufs in RAM -
Hi
I have solved the problem by following this recommendation:
https://www.reddit.com/r/PFSENSE/comments/89sfw4/pfsense_and_iptv_igmp_proxy/
I've skimmed the Ubiquiti thread and it looks like this is what you need to do to adapt my CenturyLink guide to Fioptics:
- Now to configure the IGMP proxy
- Go into the pfSense Web UI and navigate to "Services" -> "IGMP proxy"
- Click the "+" button to add a new upstream proxy as follows:
Interface: WAN
Description: Fioptics Upstream
Type: Upstream Interface
Threshold: Leave empty
Networks: 10.0.0.0/8
Save the changes - Back at the IGMP proxy screen, click the "+" button to add a new downstream proxy as follows:
Interface: LAN
Description: Fioptics Downstream
Type: Downstream Interface
Threshold: Leave empty
Networks: 239.0.0.0/8
Save the changes
In the "WAN Rules" section, add the first two and also this one (not sure if it's necessary, but I don't think it will hurt):
Action: Pass
Interface: WAN
TCP/IP Version: IPv4
Protocol: UDP
Source: Network, 10.0.0.0/8
Destination: any
Log: unchecked
Description: Fioptics Multicast UDP
Advanced features -> Advanced options -> Check the box next to "This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic."
On your WAN interface, you will likely need to uncheck the Block private networks and loopback addresses and Block bogon networks options.
You don't need to do any fiddling with the igmpproxy package or editing services.inc anymore on the 2.4 series. Everything else should still apply.
I think (hope) that's all. Good luck! Let us know how it goes.