Multicast is not working with net.link.bridge.pfil_bridge

zorrox

Hi

I have a bridge interface for my IPTV and it is working fine. However I would like to create a firewall rule on the bridge interface and based on my reading I need to enable it by setting net.link.bridge.pfil_bridge to 1. I did that but now my IPTV could not work with that setting. I have created a rule that permits everything on the bridge interface but it has not yet worked. It works fine again if I set net.link.bridge.pfil_bridge to 0. My IPTV has a network diagnostic feature and when I run it, all network tests are successful until the Multicast test. So I believe this is a Multicast issue. Is there any other setting required for Multicast? Firewall details are shown below.

Please help. Thanks.

Version 2.4.4-RELEASE-p2 (amd64)
built on Wed Dec 12 07:40:18 EST 2018
FreeBSD 11.2-RELEASE-p6

The system is on the latest version.
Version information updated at Sat May 4 8:09:11
CPU Type Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
4 CPUs: 1 package(s) x 4 core(s)
AES-NI CPU Crypto: No
Kernel PTI Enabled
Uptime 04 Hours 34 Minutes 12 Seconds
Current date/time
Sat May 4 8:35:01

Last config change Sat May 4 8:17:21
State table size
0% (132/188000) Show states
MBUF Usage
3% (3046/117206)
Temperature
26.9°C
Load average
0.08, 0.08, 0.08
CPU usage
3%
Memory usage
15% of 1881 MiB
SWAP usage
0% of 4095 MiB
Disk usage:
/
10% of 112GiB - ufs
/var/run
3% of 3.4MiB - ufs in RAM

zorrox

Hi

I have solved the problem by following this recommendation:

https://www.reddit.com/r/PFSENSE/comments/89sfw4/pfsense_and_iptv_igmp_proxy/

I've skimmed the Ubiquiti thread and it looks like this is what you need to do to adapt my CenturyLink guide to Fioptics:

1. Now to configure the IGMP proxy
2. Go into the pfSense Web UI and navigate to "Services" -> "IGMP proxy"
3. Click the "+" button to add a new upstream proxy as follows:
   Interface: WAN
   Description: Fioptics Upstream
   Type: Upstream Interface
   Threshold: Leave empty
   Networks: 10.0.0.0/8
   Save the changes
4. Back at the IGMP proxy screen, click the "+" button to add a new downstream proxy as follows:
   Interface: LAN
   Description: Fioptics Downstream
   Type: Downstream Interface
   Threshold: Leave empty
   Networks: 239.0.0.0/8
   Save the changes
   In the "WAN Rules" section, add the first two and also this one (not sure if it's necessary, but I don't think it will hurt):
   Action: Pass
   Interface: WAN
   TCP/IP Version: IPv4
   Protocol: UDP
   Source: Network, 10.0.0.0/8
   Destination: any
   Log: unchecked
   Description: Fioptics Multicast UDP
   Advanced features -> Advanced options -> Check the box next to "This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic."
   On your WAN interface, you will likely need to uncheck the Block private networks and loopback addresses and Block bogon networks options.
   You don't need to do any fiddling with the igmpproxy package or editing services.inc anymore on the 2.4 series. Everything else should still apply.
   I think (hope) that's all. Good luck! Let us know how it goes.