How to get Bell Fibe in Quebec/Ontario (Internet and IPTV) working with pfSense
-
I am using VLAN7 for my iptv LAN network.
So 4 interfaces:
WAN – tagged 35
IPTV WAN – tagged 34
LAN – no tag
IPTV LAN – tagged 7IPTV WAN has a gateway assigned statically because DHCP doesn’t provide it. We got this from a packet capture, it is likely different for other people.
- Disable the Gateway that was created by default for IPTV WAN interface. we will create a new one manually
Because I’m using multiple “virtual interfaces” for one physical interface, we also set up a static Route to use the IPTV WAN Gateway for the IGMP addresses, and IPTV addresses (239.0.0.0/8, 10.0.0.0/8).
From the DHCP request in the packet capture…
Relay agent IP address: 10.194.192.2Set this as the IPTV WAN Gateway address.
We also spoofed the HH3K MAC address on our WAN adapter – this picks up an IP faster instead of waiting for the IPTV lease to expire (up to 18 hours I believe).
In DHCP for the IPTV LAN I set the Bell DNS servers:
47.55.55.55
142.166.166.166Set up an IGMP proxy:
Upstream: 10.0.0.0/8
Downstream: 239.0.0.0/8
If you cant get the gateway via the packet capture, let me know and i will give you a example and steps. Once you get this part we can talk about getting your box connected. do you want lan or wireless for the IPTV boxes? i have one running on unifi AC-Lite and one on lan using a tp-link smart switch (40.00 from amazon that allows for vlans)
-
Thanks for the write up. So your IPTV LAN is on a different interface and not your regular LAN then?
regarding the packet capture, did you use wireshark or pfsense?
I do have a Unifi Access Point AC Lite as well as the controller running on my LAN. So my understanding is that you are not using the Bell VAP?
In the meantime, I am currently setting things up as per your write up...
-
@idscomm I have two interfaces coming into PF sense, One for Wan and one for LAN. My lan connects to a switch This is a five port switch from TP link where I have one port with a PVid of 7 for the hardwired pvr. Another port K’NEX to unify access point where I have two Wi-Fi SSIDs is create it. 1 SSID is called IPTV and has a VLAN of 7 tagged.
Ill get you steps to cap from pfsense after I get out of the hot tub :)
-
Sounds good to me lol! I hear ya, we have a hot tub too!!! A must!
-
Would my gateway be there:
-
@idscomm I would open two pages for pfsense, one on pcap and one on Status -> Interfaces. Find your IPTV WAN and release the IP. Start the pcap and renew the WAN IPTV interface again
Stop the pcap and download the capture to open in wireshark. Filter by dhcp and look for "relay agent ip". This if your IPTV WAN gateway.
-
got it!
For testing purposes, I will use a second switch and put that IPTV LAN on another separate network like 192.168.2.x like the default one they use... I have 4 interfaces in that box...
-
The Next thing you need to do is create a VLAN LAN adapter. right now you likely have three
WAN host with mac from hh3k (not used)
WAN vlan 35 for internet
WAN vlan 34 for IPTV
LAN likely no vlan for your internal devicesCreate a new LAN with a vlan of something. I used vlan 7 for mine.
Setup a DHCP for this. Since its vlan 7, i used 192.168.7.x
Its this LAN interface that you need to used for your IGMP
Here is my IPTV LAN firewall rules
on your unifi AP, create IPTV SSID and give it your internal vlan. Connect your device to this and see if you get the 192.168.7.x ip not your standard IP for your reg LAN. This will ensure your new IPTV ssid is routing to pfsense with the correct vlan and getting a correct dhcp address.
If you have a TP-link switch and also want to get a local port set for this vlan as well you can do something like this. port 8 is pvid 7 thus will get forced a vlan 7 id
-
I have three of these switches. one for Living room, Rec room and one in the garage with the pfsense router. They work great for vlans
https://www.amazon.ca/TP-Link-Ethernet-Unmanaged-Replacement-TL-SG108E/dp/B00K4DS5KU/ref=sr_1_4?keywords=tp-link+easy+switch&qid=1575157953&sr=8-4
-
ok, I have a Cisco 3750G, port 1 is my Trunk carrying a few VLAN for my internal network. I will add VLAN7 and also add VLAN 7 as Trunk for my Access Point ports. So you are using your own access point for the IPTV and not the VAP? The wireless receivers will ask for an IP but what make them go on VLAN7, pfsense will route them to VLAN 7?
-
also, install Avahi in pfsense so you can cut your other networks from accessing your main LAN but allows your main lan to access these other networks. Mainly for IOT ssid but can be used for the LAN network for IPTV boxes as well.
Vid: https://www.youtube.com/watch?v=HW9mUrF1ZgU
-
@idscomm said in How to get Bell Fibe in Quebec/Ontario (Internet and IPTV) working with pfSense:
also add VLAN 7 as Trunk for my Access Point ports. So you are using your own access point for the IPTV and not the VAP? The wireless receivers will ask for an IP but what make them go on VLAN7, pfsense will route them to
Yea, I am using my unifi for the WIFI. i grabbed a cheap tplink access point with a bush button WPS. on that device I created a SSID that matched my unifi ssid. (unifi will start sending you alerts that you have a rouge AP). i booted my PVR and when it did not see the hh3k anymore, it asked me to press ok to connect to WPS. start wps on the tplink box and wait till it connects. after it connected, i disconnected the wps ap and it started connecting to unifi AP right away. not sure what a VAP is but if thats from Bell, i am not using it.
-
on your VLAN7, you use Bell DNS, your gateway is it your DHCP gatewan from your VLAN7 or the IPTV gateway?
-
@idscomm sorry about that. I use the bell dns on my vlan7 lan dhcp server.
47.55.55.55
142.166.166.166 -
@rcmpayne ok, so I tested everything and I'd say I am almost there. The TV works but I lost connection after 10 sec ish. I remember seeing this issue earlier... any idea?
-
Are you sure your box is getting a IP from the correct lan dhcp? I recall getting that as well but the box was not on my vlan7 ip
-
for testing purposes tonight I used a separate NIC and setup a different Network for the IPTV
-
@idscomm looks like it might be your IGMP Proxy or multicast being filtered
https://www.dslreports.com/forum/r31118482-Yes-you-CAN-bypass-the-HomeHub-3000~start=330
-
Seems like I lost my internet now ......
-
hummm, that's odd! Here are a few more screenshots
WAN IPTV
LAN IPTV
LAN IPTV Rules: Ensure the IGMP rule has "Allow packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic." enabled
