I have no idea how this can work…VLANS + IPTV

  • Hey everyone ,

    I recently (two months ago) started using pfSense . I switched from IPCOP because of the vast feature differences. I am now running into a bunch of issues I cannot seem to solve.

    Basically , my ISP runs fibre op into my home and the connections are as follows:

    VLAN 35 is internet
    VLAN 34 is TV
    VLAN 33 is remote management ( the ISP can remotely upgrade firmware etc etc)

    The modem/router they provided me with is a complete piece of s*** but I NEED to use it because I have IPTV . The IPTV runs over coax throughout my home to set top boxes (STB's) and the modem has a coax output for this reason. The routers MAC address is needed to access an internet connection , if I do not use the modem/router provided then I need to spoof the MAC using pfSense. This would be great if I didnt need the IPTV but I do … so here is my setup.

    port1      ----->fibre op (incoming)
    FIBRE OP BOX------>VLAN 35/34/33----->5 PORT SWITCH port 3----->modem/router in pppoe mode-----> IPTV's
                                                                                            port 5----->pfSense----->WAN(VLAN35)----->LAN--->OPT1

    The modem/router is in PPPOE mode with the wireless turned off. The only thing the router does is provide a MAC address to the ISP for authentication and then just passes through all the TV traffic (IGMP brodcasts) off to the STB's.

    PfSense is getting an external DHCP address (142.174..) and everything works fine.

    The problem I am having is that my ISP decided today that they want to upgrade the firmware and it completely erased all of the routers settings. When I woke up the wireless from the router was broadcasting and pfSense was not getting an external IP. The modem/router was now acting as the internet connection.

    Since the modem is not connected directly to pfSense I cannot seem to find a way to block the management port (VLAN 33) and I am wondering if anyone knows how this could be done. I dont want the ISP to ever send me these firmware upgrades. I called the ISP and they said that they cannot turn it off but I have free range to do whatever I want as long  as I DO NOT tamper with the actual devices hardware.

    Can anyone suggest a fix for this? I just want to block VLAN 33 from my home!

    Thanks , if anyone has any questions I will reply very quickly ... It is possible I have left out some important details so I will post more specifics if needed.

Log in to reply