Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IGMP Proxy конфликт версий

    Scheduled Pinned Locked Moved Russian
    11 Posts 2 Posters 805 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      codriver
      last edited by

      Добрый день. Заранее прошу прощения, тема вроде как в ветке IPTV поднималась, но решения(из тех что я нашел) на версии 2.4.5 не работают. Суть проблемы. Провайдер работает с igmp v2 , но на выходе из pfsense отправляются уже v3 report. В tunables net.inet.igmp.default_version = 2, пробовал так же прописать в /etc/rc - результата ноль. Выключаем фаервол - и pf начинает отправлять репорт 2 версии, включаем обратно, снова тоже самое.

      sysctl -a | grep igmp
net.inet.igmp.gsrdelay: 10
net.inet.igmp.default_version: 2
net.inet.igmp.legacysupp: 1
net.inet.igmp.v2enable: 1
net.inet.igmp.v1enable: 1
net.inet.igmp.sendlocal: 1
net.inet.igmp.sendra: 0
net.inet.igmp.recvifkludge: 1

      tcpdump -i em2 | grep igmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em2, link-type EN10MB (Ethernet), capture size 262144 bytes
13:32:44.674446 IP 192.168.101.1 > all-systems.mcast.net: igmp query v2
13:32:45.971892 IP 192.168.101.100 > 224.0.0.251: igmp v2 report 224.0.0.251
13:32:46.053159 IP 192.168.101.1 > igmp.mcast.net: igmp v2 report igmp.mcast.net

      tcpdump -i em0 | grep igmp | grep ...
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
12:47:01.067170 IP recursor-slave.domain > ....57733: 24636 1/0/0 PTR igmp.mcast.net. (69)
12:47:01.285513 IP recursor-master.domain > ....57733: 24636 1/0/0 PTR igmp.mcast.net. (69)
12:47:14.402841 IP ... > igmp.mcast.net: igmp v3 report, 1 group record(s)
12:47:17.413184 IP ... > igmp.mcast.net: igmp v3 report, 1 group record(s)
      K 1 Reply Last reply Reply Quote 0
      • K
        Konstanti @codriver
        last edited by

        @codriver
        Здр
        в теме igmp не сильно разбираюсь , но попробуйте сделать так ( для диагностики )

        1. останавливате службу IGMP Proxy
        2. из консоли запускаете команду /usr/local/sbin/igmpproxy -d -v -v /var/etc/igmpproxy.conf и смотрите , что происходит
          В идеале выложить 2 файла для анализа ( для 2-х Ваших случаев ) , чтобы попытаться понять в чем разница
        1 Reply Last reply Reply Quote 0
        • C
          codriver
          last edited by

          @Konstanti said in IGMP Proxy конфликт версий:

          /usr/local/sbin/igmpproxy -d -v -v /var/etc/igmpproxy.conf

          Спасибо за ответ.

          Firewall включен

          Current routing table (Insert Route):
-----------------------------------------------------
#0: Dst: 230.200.201.32, Age:2, St: I, OutVifs: 0x00000002
-----------------------------------------------------
RECV V3 member report   from my_ip  to 224.0.0.22
The IGMP message was from myself. Ignoring.
Route activate request from 10.1.70.242 to 230.200.201.32 on VIF[0]
Vif bits : 0x00000002
Setting TTL for Vif 1 to 1
Adding MFC: 10.1.70.242 -> 230.200.201.32, InpVIf: 0

Current routing table (Activate Route):
-----------------------------------------------------
#0: Src0: 10.1.70.242, Dst: 230.200.201.32, Age:2, St: A, OutVifs: 0x00000002
-----------------------------------------------------
RECV V2 member report   from 192.168.101.1   to 224.0.0.2
The IGMP message was from myself. Ignoring.
The IGMP message was local multicast. Ignoring.
RECV V3 member report   from my_ip  to 224.0.0.22
The IGMP message was from myself. Ignoring.
About to call timeout 1 (#0)
Aging routes in table.

Current routing table (Age active routes):
-----------------------------------------------------
#0: Src0: 10.1.70.242, Dst: 230.200.201.32, Age:1, St: A, OutVifs: 0x00000002
-----------------------------------------------------
RECV V2 member report   from 192.168.101.100 to 224.0.0.251
Should insert group 224.0.0.251 (from: 192.168.101.100) to route table. Vif Ix : 1
No existing route for 224.0.0.251. Create new.
Found existing routes. Find insert location.
Inserting after route 230.200.201.32
Inserted route table entry for 224.0.0.251 on VIF #1
Joining group 224.0.0.251 upstream on IF address my_ip
joinMcGroup: 224.0.0.251 on em0

Current routing table (Insert Route):
-----------------------------------------------------
#0: Src0: 10.1.70.242, Dst: 230.200.201.32, Age:1, St: A, OutVifs: 0x00000002
#1: Dst: 224.0.0.251, Age:2, St: I, OutVifs: 0x00000002
-----------------------------------------------------
RECV V3 member report   from my_ip  to 224.0.0.22
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.101.1   to 224.0.0.22
The IGMP message was from myself. Ignoring.
RECV V3 member report   from my_ip  to 224.0.0.22
The IGMP message was from myself. Ignoring.
About to call timeout 2 (#0)
SENT Membership query   from 192.168.101.1   to 224.0.0.1
Sent membership query from 192.168.101.1 to 224.0.0.1. Delay: 10
Created timeout 3 (#0) - delay 10 secs
(Id:3, Time:10) 
Created timeout 4 (#1) - delay 21 secs
(Id:3, Time:10) 
(Id:4, Time:21) 
RECV Membership query   from 192.168.101.1   to 224.0.0.1
RECV V2 member report   from 192.168.101.1   to 224.0.0.22
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.101.1   to 224.0.0.2
The IGMP message was from myself. Ignoring.
The IGMP message was local multicast. Ignoring.
RECV V2 member report   from 192.168.101.200 to 230.200.201.32
Should insert group 230.200.201.32 (from: 192.168.101.200) to route table. Vif Ix : 1
Updated route entry for 230.200.201.32 on VIF #1
Vif bits : 0x00000002
Setting TTL for Vif 1 to 1
Adding MFC: 10.1.70.242 -> 230.200.201.32, InpVIf: 0

          Firewall выключен

          Current routing table (Insert Route):
-----------------------------------------------------
#0: Dst: 230.200.201.32, Age:2, St: I, OutVifs: 0x00000002
-----------------------------------------------------
RECV V2 member report   from my_ip  to 230.200.201.32
The IGMP message was from myself. Ignoring.
Route activate request from 10.1.70.242 to 230.200.201.32 on VIF[0]
Vif bits : 0x00000002
Setting TTL for Vif 1 to 1
Adding MFC: 10.1.70.242 -> 230.200.201.32, InpVIf: 0

Current routing table (Activate Route):
-----------------------------------------------------
#0: Src0: 10.1.70.242, Dst: 230.200.201.32, Age:2, St: A, OutVifs: 0x00000002
-----------------------------------------------------
RECV V2 member report   from 192.168.101.100 to 224.0.0.251
Should insert group 224.0.0.251 (from: 192.168.101.100) to route table. Vif Ix : 1
No existing route for 224.0.0.251. Create new.
Found existing routes. Find insert location.
Inserting after route 230.200.201.32
Inserted route table entry for 224.0.0.251 on VIF #1
Joining group 224.0.0.251 upstream on IF address my_ip
joinMcGroup: 224.0.0.251 on em0

Current routing table (Insert Route):
-----------------------------------------------------
#0: Src0: 10.1.70.242, Dst: 230.200.201.32, Age:2, St: A, OutVifs: 0x00000002
#1: Dst: 224.0.0.251, Age:2, St: I, OutVifs: 0x00000002
-----------------------------------------------------
RECV V2 member report   from my_ip  to 224.0.0.251
The IGMP message was from myself. Ignoring.
The IGMP message was local multicast. Ignoring.
The IGMP message was local multicast. Ignoring.
The IGMP message was local multicast. Ignoring.
The IGMP message was local multicast. Ignoring.
The IGMP message was local multicast. Ignoring.
RECV V2 member report   from 192.168.101.1   to 224.0.0.22
The IGMP message was from myself. Ignoring.
RECV Membership query   from 10.2.148.5      to 224.0.0.1
RECV V2 member report   from 46.163.185.177  to 224.0.0.1
Mebership report was received on the upstream interface. Ignoring.
The IGMP message was local multicast. Ignoring.
About to call timeout 1 (#0)
Aging routes in table.

Current routing table (Age active routes):
-----------------------------------------------------
#0: Src0: 10.1.70.242, Dst: 230.200.201.32, Age:1, St: A, OutVifs: 0x00000002
#1: Dst: 224.0.0.251, Age:1, St: I, OutVifs: 0x00000002
-----------------------------------------------------
RECV V2 member report   from 85.12.210.254   to 224.0.0.9
No interfaces found for source 85.12.210.254
The IGMP message was local multicast. Ignoring.
RECV V2 member report   from my_ip  to 230.200.201.32
The IGMP message was from myself. Ignoring.
RECV Leave message      from 82.151.213.180  to 224.0.0.2
Got leave message from 82.151.213.180 to 224.0.0.251. Starting last member detection.
No interfaces found for source 82.151.213.180
RECV V2 member report   from my_ip  to 224.0.0.251
The IGMP message was from myself. Ignoring.
RECV Membership query   from 10.2.148.5      to 230.200.201.185
RECV Membership query   from 10.2.148.5      to 230.200.201.185
RECV Membership query   from 10.2.148.5      to 230.200.201.185
About to call timeout 2 (#0)
SENT Membership query   from 192.168.101.1   to 224.0.0.1
Sent membership query from 192.168.101.1 to 224.0.0.1. Delay: 10
Created timeout 3 (#0) - delay 10 secs
(Id:3, Time:10) 
Created timeout 4 (#1) - delay 21 secs
(Id:3, Time:10) 
(Id:4, Time:21) 
RECV Membership query   from 192.168.101.1   to 224.0.0.1
RECV Membership query   from 10.2.148.5      to 239.99.17.128
RECV Membership query   from 10.2.148.5      to 239.99.17.128
RECV V2 member report   from 192.168.101.100 to 224.0.0.251
Should insert group 224.0.0.251 (from: 192.168.101.100) to route table. Vif Ix : 1
Updated route entry for 224.0.0.251 on VIF #1
          K 1 Reply Last reply Reply Quote 0
          • K
            Konstanti @codriver
            last edited by

            @codriver

            https://forum.lissyara.su/viewtopic.php?f=4&t=35261

            мб это Вам поможет

            тут почитайте ( особенно последний пост ) , первые посты вряд ли будут решением , хотя и информативно

            1 Reply Last reply Reply Quote 0
            • C
              codriver
              last edited by

              да, я находил эту тему и в /etc/rc прописывал значения, не работает

              K 1 Reply Last reply Reply Quote 0
              • K
                Konstanti @codriver
                last edited by Konstanti

                @codriver
                вот еще что написано в доках

                A firewall rule is also required on the Downstream side (e.g. LAN) to match and pass the multicast traffic. 
In the Advanced Options of the firewall rule, Allow packets with IP Options must be enabled.

                и на всякий случай проверьте логи файрвола , нет ли блокировок IGMP/UDP трафика

                1 Reply Last reply Reply Quote 0
                • C
                  codriver
                  last edited by

                  1cd015fb-7205-4b2d-a0ea-af961a4e4135-image.png
                  пров вещает из сеток 10.1.16.0 и 10.1.70.0 пробовал их добавлять и по отдельности и просто 10.1.0.0/16 , результата нет. Если файервол включен то как я понимаю мультикаст просто не приходит с некоторых серверов, т.е. приставка запрос отправляет, но ответа нет:

                  RECV V2 member report   from 192.168.101.200 to 239.99.17.246
Should insert group 239.99.17.246 (from: 192.168.101.200) to route table. Vif Ix : 1
No existing route for 239.99.17.246. Create new.
No routes in table. Insert at beginning.
Inserted route table entry for 239.99.17.246 on VIF #1
Joining group 239.99.17.246 upstream on IF address my_ip
joinMcGroup: 239.99.17.246 on em0

Current routing table (Insert Route):
-----------------------------------------------------
#0: Dst: 239.99.17.246, Age:2, St: I, OutVifs: 0x00000002
-----------------------------------------------------
RECV V3 member report   from my_ip  to 224.0.0.22
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.101.100 to 224.0.0.251
Should insert group 224.0.0.251 (from: 192.168.101.100) to route table. Vif Ix : 1
No existing route for 224.0.0.251. Create new.
Found existing routes. Find insert location.
Inserting after route 239.99.17.246
Inserted route table entry for 224.0.0.251 on VIF #1
Joining group 224.0.0.251 upstream on IF address my_ip
joinMcGroup: 224.0.0.251 on em0

Current routing table (Insert Route):
-----------------------------------------------------
#0: Dst: 239.99.17.246, Age:2, St: I, OutVifs: 0x00000002
#1: Dst: 224.0.0.251, Age:2, St: I, OutVifs: 0x00000002
-----------------------------------------------------
RECV V3 member report   from my_ip  to 224.0.0.22
The IGMP message was from myself. Ignoring.
RECV Leave message      from 192.168.101.200 to 224.0.0.2
Got leave message from 192.168.101.200 to 239.99.17.246. Starting last member detection.
counted 1 interfaces
Leaving group -166632465 now
Leaving group 239.99.17.246 upstream on IF address my_ip
leaveMcGroup: 239.99.17.246 on em0
Interface id 1 is in group $d
SENT Membership query   from 192.168.101.1   to 239.99.17.246
Sent membership query from 192.168.101.1 to 239.99.17.246. Delay: 10
Created timeout 3 (#1) - delay 3 secs
(Id:1, Time:7) 
(Id:3, Time:3) 
(Id:2, Time:18) 
RECV Membership query   from 192.168.101.1   to 239.99.17.246
RECV V2 member report   from 192.168.101.200 to 239.99.17.246
Should insert group 239.99.17.246 (from: 192.168.101.200) to route table. Vif Ix : 1
Updated route entry for 239.99.17.246 on VIF #1
Joining group 239.99.17.246 upstream on IF address my_ip
joinMcGroup: 239.99.17.246 on em0
                  K 1 Reply Last reply Reply Quote 0
                  • C
                    codriver
                    last edited by

                    у приставки есть свой ip т.е. по идее её можно вынести за nat но в этом случае я не смогу её использовать для просмотра в локальной сети. Сижу вот думаю как можно бы пробросить на неё трафик но при этом чтоб по nfs она видела локальную сеть, но что-то решения не приходит

                    1 Reply Last reply Reply Quote 0
                    • K
                      Konstanti @codriver
                      last edited by Konstanti

                      @codriver said in IGMP Proxy конфликт версий:

                      239.99.17.246

                      Запустите tcpdump при отключенном файрволе и посмотрите на обмен трафиком с приставкой . И поймете , какие сервера и адреса использует провайдер

                      Посмотрите еще тут пример настроек для PF

                      https://weburg.net/forums/weburg-tv/comp-tv/167456

                      C 1 Reply Last reply Reply Quote 0
                      • C
                        codriver
                        last edited by

                        Да, я так и делал составлял список ip, так как если просто в upstream добавить 224.0.0.0/4 то ничего не приходило, после добавления . не могу понять что за адрес 10.2.148.5

                        вот лог проблемного канала
                        wan

                        tcpdump -i em0 | grep igmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:31:06.480223 IP 46.163.185.220 > all-routers.mcast.net: igmp leave 224.0.1.187
20:31:06.564598 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185]
20:31:06.809066 IP 10.2.148.5 > 230.200.201.189: igmp query v2 [max resp time 10] [gaddr 230.200.201.189]
20:31:07.623127 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185]
20:31:07.826781 IP 10.2.148.5 > 230.200.201.189: igmp query v2 [max resp time 10] [gaddr 230.200.201.189]
20:31:08.004816 IP 10.2.148.5 > 230.200.201.4: igmp query v2 [max resp time 10] [gaddr 230.200.201.4]
20:31:13.738765 IP 82.151.211.34 > all-routers.mcast.net: igmp leave 224.0.0.251
20:31:16.442001 IP 10.2.148.5 > 230.200.201.12: igmp query v2 [max resp time 10] [gaddr 230.200.201.12]
20:31:20.347096 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185]
20:31:22.597913 IP 83.167.20.140 > all-routers.mcast.net: igmp leave 224.168.100.1
20:31:22.747240 IP 85.12.231.84 > all-routers.mcast.net: igmp leave 224.0.0.251
20:31:29.645727 IP 10.2.148.5 > 239.99.17.182: igmp query v2 [max resp time 10] [gaddr 239.99.17.182]
20:31:29.659452 IP 10.2.148.5 > 239.99.17.182: igmp query v2 [max resp time 10] [gaddr 239.99.17.182]
20:31:29.789036 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185]
20:31:30.665806 IP 10.2.148.5 > 239.99.17.182: igmp query v2 [max resp time 10] [gaddr 239.99.17.182]
20:31:30.817014 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185]
20:31:32.600702 IP 83.167.20.140 > all-routers.mcast.net: igmp leave 224.168.100.1
20:31:34.278868 IP 10.2.148.5 > 230.200.201.4: igmp query v2 [max resp time 10] [gaddr 230.200.201.4]
20:31:34.291121 IP 10.2.148.5 > 230.200.201.4: igmp query v2 [max resp time 10] [gaddr 230.200.201.4]
20:31:35.321045 IP 10.2.148.5 > 230.200.201.4: igmp query v2 [max resp time 10] [gaddr 230.200.201.4]
20:31:40.323521 IP 85.12.231.73 > all-routers.mcast.net: igmp leave 224.0.0.251
20:31:40.332658 IP 85.12.231.73 > all-routers.mcast.net: igmp leave 224.0.0.252
20:31:40.465332 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185]
20:31:41.484605 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185]
20:31:42.604333 IP 83.167.20.140 > all-routers.mcast.net: igmp leave 224.168.100.1
^C23461 packets captured
28680 packets received by filter
5027 packets dropped by kernel

                        lan

                        0:25:00.079122 IP 192.168.101.200 > 239.99.17.246: igmp v2 report 239.99.17.246
20:25:05.415773 IP 192.168.101.200 > 239.255.255.250: igmp v2 report 239.255.255.250
20:25:20.640707 IP 192.168.101.200 > all-routers.mcast.net: igmp leave 239.99.17.246
20:25:20.870741 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94
20:25:21.863658 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94
20:25:30.330913 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94
20:25:41.728934 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94
20:25:50.685157 IP 192.168.101.200 > 239.255.255.250: igmp v2 report 239.255.255.250
20:26:05.918774 IP 192.168.101.200 > 239.255.255.250: igmp v2 report 239.255.255.250
20:26:06.334852 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94
20:26:20.960480 IP 192.168.101.200 > 239.255.255.250: igmp v2 report 239.255.255.250
20:26:21.504613 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94
20:26:44.099168 IP 192.168.101.200 > 239.255.255.250: igmp v2 report 239.255.255.250
20:26:47.427671 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94
20:27:01.141241 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94
20:27:05.829818 IP 192.168.101.200 > 239.255.255.250: igmp v2 report 239.255.255.250
20:27:46.926093 IP 192.168.101.200 > all-routers.mcast.net: igmp leave 239.99.17.94
20:27:47.152672 IP 192.168.101.200 > 239.99.17.246: igmp v2 report 239.99.17.246
20:27:47.440511 IP 192.168.101.200 > 239.99.17.246: igmp v2 report 239.99.17.246
20:27:53.531242 IP 192.168.101.200 > 239.99.17.246: igmp v2 report 239.99.17.246
                        1 Reply Last reply Reply Quote 0
                        • C
                          codriver @Konstanti
                          last edited by

                          @Konstanti спасибо за участие. Победил. Добавил на wan правило для igmp траффика с 10.2.148.5 и остальные каналы заработали. При этом про данный ip даже сам пров мне ничего не говорил.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.