Using pfSense as the gateway for Bell Fibe bonded DSL
-
Packet Capture, with the default settings, will not display VLAN tags. You have to change the Level of Detail from Normal. I used Full.
-
You may also have to assign the parent interface so you can pcap on that directly.
I would then open the resulting cap file in Wireshark where it's much easier to see what's in there.
The actual captured file is the same whatever the display detail level is set to in the pfSense gui.
Steve
-
I analyzed the pcap in WireShark and didn't find any VLAN-tagged packets. This pcap was performed on the WAN interface but not in promiscuous mode. I left all defaults on the pcap page as-is.
This WAN interface is configured as an IPv4 PPPoE. All traffic save that of the STBs goes through this interface.
In all 100 packets that were captured there was not one with a VLAN tag. There were also no IGMP packets.
@stephenw10, what do you mean by "assign the parent interface"?
-
Did you enable the VLAN ID column in Wireshark? It makes it easier to spot VLAN frames. Otherwise you have to read the frame details.
-
Assign and enable the interface the PPPoE is running on. Leave the IP settings as none.
Run the pcap there, in promiscuous mode. You should then see any VLAN tagged traffic coming into it.
Steve
-
@JKnott
Thanks for the tip! I was inspecting each packet individually.@stephenw10
The interface was assigned and configured with PPPoE as well as enabled for the prior pcap. I enabled promiscuous mode for this run but still don't see any VLAN traffic.Is there a way to pcap the traffic from one of the STBs if I run it through my switch instead of directly to the HH3000? I don't mind if it doesn't manage to connect, but it may be worthwhile to understand how it expects to connect back to the IPTV services.
-
Not the the WAN interface which will be configure as PPPoE. You need to assign the interface that is running on. So it might be igb0 etc.
Then you can pcap on that and see all the incoming traffic including the PPPoE traffic and any VLAN tags.
Steve
-
@stephenw10
Steve! You're a genius!I have VLANs 40 and 41 coming up now. I'm also seeing broadcast packets.
One of the ARRIS set-top boxes is broadcasting pretty regularly (every 0.5s). I haven't seen any broadcast traffic from the other STB, which is the PVR. My suspicion is that the STB which is broadcasting is looking for the PVR STB.
The HH3000 (Sagemcom) is broadcasting spanning-tree packets to VLANs 40, 41, and default (no VLAN).
Both ARRIS set-top boxes are sending multicast UDP packets to 239.255.255.250. These are the only UDP packets in the pcap. I tried running a traceroute to 239.255.255.250 from my workstation but it has no route to that address, indicating that there's some static routing going on that I'd need to replicate, I think.
-
@jerfer said in Using pfSense as the gateway for Bell Fibe bonded DSL:
239.255.255.250 from my workstation but it has no route to that address
That's a multicast address, so there should never be an interface with, let alone a route to that address. With mulitcast, it's up to the router and sometimes switch, to decide whether to pass multicast.
-
Yeah, that will be the set-top boxes trying to subscribe to multicast streams I imagine.
You might need some IGMP proxy config (or something in pimd) if you want to have them connect directly through pfSense.
Steve
-
Hey,
I have a guide that may help you, but it involves eliminating your HH3K. Take a look and let me know if it helps. I don't have Bell TV, but from what I am aware you need to establish a 2nd WAN vLan36 to your Bell Fibe. TV boxes will need to route to vLan36 in order for them to work. Sorry, don't have much more info than that on the TV side.
https://drive.google.com/file/d/1A661DBQYLh8LdSkuoABJXwqFSfCDMInC/view?usp=sharing
Karl
-
@kjoseph
Hi Karl,Thanks, but I'm in a different situation. Not being served by Bell's FTTH (fibre to the home) service, my HH3K is both the VDSL modem and switch. The HH3K internally handles the VLAN switching for the TV boxes and I've not been able to figure out how to replicate that with a pfSense box in the DMZ.
To be honest, I've given up on the whole endeavour. Just when I thought I had it figured out, with TV working on the PVR, I realized that it was only working because the non-PVR TV box was bridging its WiFi and Ethernet connections and the PVR box was being routed over Ethernet to the non-PVR box over then over its WiFi to the HH3K. Everything stopped working the minute I unplugged the non-PVR box. I was actually quite impressed at the level of resilience that was designed into these boxes, they're quite opportunistic.
In any case, I've shelved the project until FTTH becomes available here.
-
@jerfer For your internet connexion to work, did you have to change the MAC address in pfsense ?
-
No, I didn't have to spoof the HH3K MAC address for the internet to work. I tried it using the real MAC and the HH3K MAC and was able to get internet access in both cases.
