How to get Bell Fibe in Quebec/Ontario (Internet and IPTV) working with pfSense



  • My two cents…

    For those having IGMP flooding issue, you should probably look into a switch that supports IGMP snooping. This feature will learn which port joined which multicast group and will forward packets properly. Of course the Home Hub has this feature.

    Also I had the chance to analyze a Home Hub configuration file (don't ask me how I got this) and found out RIPv1/v2 is enabled on the WAN IPTV interface. Might be worth to look into this, as it would probably remove the need for static routes.



  • Would you be willing to share that configuration file? It could help to improve our setup. Thanks!



  • There you go, here is a config file taken from a Sagemcom 2864. It was running on FTTN, but FTTH stuff is there too.

    I also included the OpenRG Configuration Guide to help understand how this thing works.

    cfg_2864.txt
    openrg_configuration_guide.zip



  • Wow that's pretty complex. :)  I don't know why I expected it to be easier to interpret… maybe there is an interpreter out there.  I'm just wondering if I'm missing something in my pfSense config, but I'm not sure I'll be able to figure this all out.

    Thanks though! :)



  • Great topic ! Thanks to all posters for sharing.

    All system working smoothly here since couple of days.
    One wired pvr (VIP-2622)
    One wired stb (VIP-2502)
    One wireless transmitter (VAP-2500)
    Two wireless stb (VIP-2502)

    The igmpproxy is broken on 2.2.5 and had to be updated according to this post https://forum.pfsense.org/index.php?topic=93293.0
    The igmpproxy version on 2.3 is up to date and works https://forum.pfsense.org/index.php?topic=102729.msg572837#msg572837

    Regards,



  • Thanks so much for posting this!

    I'll definitely wait till 2.3 then before upgrading.  I'm at 2.2.4 right now and all is good.

    I'm about to upgrade my box to a Jetway quad Celeron (just waiting on a Black Friday deal) because my little APU box can't handle my GB fiber. :)  So I'll have to run 2.2.4 on the new box until they release 2.3.  Any idea when that might be?



  • Hi

    I got everything working great, but for some reason I loose 1 channel after a couple days, I have the reboot my pfsense and it works fine again, any ideas why it's only 1 channel losing signal?



  • I have the same issue (with TLC).



  • Are you guys running pfSense 2.2.4 or 2.2.5?  I heard there are bugs in igmproxy in 2.2.5…



  • I am running 2.2.5

    Can you downgrade to 2.2.4?



  • I had same issue before updating the broken igmpproxy on 2.2.5, and had to update it according to :
    https://forum.pfsense.org/index.php?topic=93293.0n

    The igmpproxy version on 2.3 is up to date and works flawlessly :
    https://forum.pfsense.org/index.php?topic=102729.msg572837#msg572837

    Regards,



  • Just updated to 0.1 and rebooted looks like it's working

    how do I check if it was upgraded, I put the igmpproxy in the command line and it asked for the conf file.

    under services it's running but just want to make sure it's now 0.1

    thanks I am new to all this



  • If you go into diagnostics > command prompt and type "pkg info" into "command" it shows:

    igmpproxy-0.1_2,1 Multicast forwarding IGMP proxy



  • Awesome

    All upgraded

    Thanks



  • So I tried following this guide to get my Bell Fibe TV and Internet working.  Internet obviously was easy enough but my PVR boots up with a message saying Network Connection error every time.  The PVR does receive an IP from pfSense but I guess it's not able to communicate with Bell servers?



  • @surrealillusion:

    So I tried following this guide to get my Bell Fibe TV and Internet working.  Internet obviously was easy enough but my PVR boots up with a message saying Network Connection error every time.  The PVR does receive an IP from pfSense but I guess it's not able to communicate with Bell servers?

    What version of pfSense are you using?  You might want to use 2.2.4 as IGMP proxy doesn't work well in 2.2.5 (and I suspect 2.2.6 as well).  Read up thread about that.



  • Yeah I saw that earlier in the thread and also read that in the 2.3 alpha the igmpproxy package was updated.  The only thing showing up currently is:

    Dec 30 11:20:38 igmpproxy 89210 RECV Membership query from 192.168.1.1 to 224.0.0.1

    For my proxies I added:

    224.0.0.0/4
    10.0.0.0/8
    192.168.1.0/24 (since the default lan is not contained in either subnet for upstream

    downstream of course is the default pfSense LAN subnet.

    The IPTV WAN does get a dhcp address (but it's not exactly the one listed in the original thread, but that's likely that there are numerous servers based on location).  What else should I be looking for in my wireshark dumps to understand if the PVR is communicating properly?



  • I would think that you probably have something missing in your rules or IGMP proxy settings.  Have you compared them to the original post?  Do you have other rules that could conflict?



  • Ah just noticed I needed to set the advcanced option in both the LAN and IPTV_WAN firewall rules.  Still no luck so far after applying that setting.



  • Even if IGMP proxy isn't working, you should still get a few seconds of video when you change channel.  If you aren't getting that, I would suspect the problem is with your VLAN setup.



  • Yeah I'm not even getting that, the PVR boots up and displays a Network Connection error message so I don't even get to the apps.  I've got vlans 35 and 36  created and put the IPTV_WAN on vlan 36 on my ethernet that connects to the ONT.  VLAN35 works for Internet as I'm posting this message but 36 doesn't seem to work.  The DHCP address I'm getting for the Fibe TV appears to be correct (though in my logs it's saying it can't ping the gateway that has been provided for the interface, not sure if that is normal).



  • Where do you see that you can't ping the gateway?

    My gateway IP is 10.240.112.1, is yours something similar?



  • @zax123:

    Where do you see that you can't ping the gateway?

    My gateway IP is 10.240.112.1, is yours something similar?

    In the gateway logs I believe it's using the monitor IP to check the health of the link

    Dec 30 14:21:14 dpinger send_interval 250ms loss_interval 1000ms time_period 25000ms report_interval 0ms alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 10.227.32.1 bind_addr 10.227.43.30 identifier "WAN_IPTV_DHCP "
    Dec 30 14:21:16 dpinger WAN_IPTV_DHCP 10.227.32.1: Alarm latency 0us stddev 0us loss 100%

    Yeah my IPTV gateway is different … hmm



  • I see you're using dpinger.  I believe they switched to dpinger in pfSense 2.3.  Are you using 2.3?



  • Yes last night's snapshot, I know it's still in Alpha but it's always good to provide feedback



  • I haven't tested it with 2.3… so I'm not sure if any settings need to change with it. :(



  • Will try grabbing 2.2.4 and reload the firewall.  I'll report back with findings



  • Doesn't have appeared to worked, still getting the same message.  Going to see if I can speak with an egineer about this



  • Which of course is pointless as they say they don't know how to troubleshoot their own network unless it's with a homehub 2000.  They kept saying that the PVR should receive an IP in the 192.168.2.11-17 range (but what if the PVR is plugged into a router that offers its a completely different address)? :)  I wish there was at least 1 or 2 lvl 2 desk support agents that were at least curious as to how a network they support actually functions (perhaps when pigs fly).

    Anyhow one though occurred to me while on hold, for those that it worked for was your PVR connected via the HPNA connector or via LAN before moving to pfSense?  Either way  I have to hook up my homehub again because they had me soft reset it when caused it to get a red x on the screen.



  • @surrealillusion:

    Which of course is pointless as they say they don't know how to troubleshoot their own network unless it's with a homehub 2000.  They kept saying that the PVR should receive an IP in the 192.168.2.11-17 range (but what if the PVR is plugged into a router that offers its a completely different address)? :)  I wish there was at least 1 or 2 lvl 2 desk support agents that were at least curious as to how a network they support actually functions (perhaps when pigs fly).

    Anyhow one though occurred to me while on hold, for those that it worked for was your PVR connected via the HPNA connector or via LAN before moving to pfSense?  Either way  I have to hook up my homehub again because they had me soft reset it when caused it to get a red x on the screen.

    .



  • Well this is going to sound strange but after leaving the whole setup alone and doing some more traffic captures I plugged everything back in and it now works.  I didn't make any changes to the pfSense config, very odd.  Finally I can enjoy the PVR and be rid of this homehub.  Thanks for the help!



  • @surrealillusion:

    Well this is going to sound strange but after leaving the whole setup alone and doing some more traffic captures I plugged everything back in and it now works.  I didn't make any changes to the pfSense config, very odd.  Finally I can enjoy the PVR and be rid of this homehub.  Thanks for the help!

    First of all, thanks to the OP, and everyone else in this thread.

    I had everything working in a virtual machine to test, except I had a dedicated subnet/interface for the LAN side of the IPTV, everything worked.

    So I decided to move to an APU unit and now I am receiving the same network connection error on the dvr unit as surrealillusion… my Wireless Receiver works fine to watch tv.

    Tried DVR on HomeHub again, works fine, moved back same issue.

    I am wondering if there is a timeout or something that needs to drop as I have made many changes/tests, so I guess I am waiting it out as I can see nothing getting blocked.



  • Is there anyway to set this up with non-FTTH? I can't seem to get a gateway IP, just says "Dynamic' and no internet activity. Was hoping to have my pfSense and my Coax to Ethernet box replace the HH2000.



  • Hello,

    I followed the tutorial step by step:

    Internet works totally
    TV Works partially: Multicast work but not Replay, VOD and APP

    Any idea ?

    PfSense Router Configuration:
    Config: Intel Atom Processor C2750, Supermicro A1SAi-2750F, 4gb ram, 120gb ssd
    Version: 2.2.6-RELEASE (amd64)



  • @iscy:

    @zax103, thanks a lot for this post. I recently switched from Videotron to Bell FTTH recently and after reading what you've done, I was sure I could also replicate such a setup. I didn't have a pfSense box at home (only at the office), so I was wondering if I could get this working on cheaper hardware (Linksys E4200 with custom firmware). In the process, I went through several issues that I had to debug, but actually got it fully working. I've wrote about it on a different forum and you can find my post if you search for 'Tossing the Home Hub 2000 while keeping TV', but I wanted to highlight a few things in your setup.

    Bell also uses VLAN 37 for what it seemed, some IPv6 traffic. Anyone thinking about simply bridging their WAN port to connect the HH2000 on it should also bring that VLAN on it. However, if you aren't using that HH2000 device, you don't have to worry about it at all.

    When my setup was completed, I could watch TV, but once in a while, it would simply cut off for a very short period of time, then resume. I tracked this down to a timeout mechanism used by Bell (upstream), or it could even be coming from the ONT. The interface on VLAN36 will receive an IGMP request to report the current subscription from 192.168.1.1. If the IGMP proxy doesn't answer that request, the multicast membership will be evicted. So you should add "192.168.1.0/24" to your upstream configuration to handle this.

    As for the 'Apps' and 'On Demand' features, you need to hijack the DNS queries that are going to "*.iptv.bell.ca". I didn't take any chance, and did hijack the entire "bell.ca" and "bell.com" domains redirecting these queries to one of the DNS servers I was getting back from the DHCP Ack. I'm not sure if you are using dnsmasq on your setup, but if you do, the configuration change is simple:
    rebind-domain-ok=bell.ca
    rebind-domain-ok=bell.com
    server=/bell.ca/10.2.127.228
    server=/bell.com/10.2.127.228

    The 'rebind-domain-ok' is only needed if you have 'stop-dns-rebind' in your configuration, which prohibits upstream servers from returning private addresses. For instance, "mdsfe001.iptv.bell.ca" has to resolve to "10.2.121.4".

    With all of this, an STB user wouldn't even noticed that the HH 2000 device isn't used anymore.

    Thanks again for your great post!

    Hi,
    Where exactly enter the dns changes (rebind-domain-ok=bell.ca, rebind-domain-ok=bell.com, server=/bell.ca/10.2.127.228, server=/bell.com/10.2.127.228) on the web configurator ?

    thank you,
    Nabolito.



  • @nabolito:

    @iscy:

    @zax103, thanks a lot for this post. I recently switched from Videotron to Bell FTTH recently and after reading what you've done, I was sure I could also replicate such a setup. I didn't have a pfSense box at home (only at the office), so I was wondering if I could get this working on cheaper hardware (Linksys E4200 with custom firmware). In the process, I went through several issues that I had to debug, but actually got it fully working. I've wrote about it on a different forum and you can find my post if you search for 'Tossing the Home Hub 2000 while keeping TV', but I wanted to highlight a few things in your setup.

    Bell also uses VLAN 37 for what it seemed, some IPv6 traffic. Anyone thinking about simply bridging their WAN port to connect the HH2000 on it should also bring that VLAN on it. However, if you aren't using that HH2000 device, you don't have to worry about it at all.

    When my setup was completed, I could watch TV, but once in a while, it would simply cut off for a very short period of time, then resume. I tracked this down to a timeout mechanism used by Bell (upstream), or it could even be coming from the ONT. The interface on VLAN36 will receive an IGMP request to report the current subscription from 192.168.1.1. If the IGMP proxy doesn't answer that request, the multicast membership will be evicted. So you should add "192.168.1.0/24" to your upstream configuration to handle this.

    As for the 'Apps' and 'On Demand' features, you need to hijack the DNS queries that are going to "*.iptv.bell.ca". I didn't take any chance, and did hijack the entire "bell.ca" and "bell.com" domains redirecting these queries to one of the DNS servers I was getting back from the DHCP Ack. I'm not sure if you are using dnsmasq on your setup, but if you do, the configuration change is simple:
    rebind-domain-ok=bell.ca
    rebind-domain-ok=bell.com
    server=/bell.ca/10.2.127.228
    server=/bell.com/10.2.127.228

    The 'rebind-domain-ok' is only needed if you have 'stop-dns-rebind' in your configuration, which prohibits upstream servers from returning private addresses. For instance, "mdsfe001.iptv.bell.ca" has to resolve to "10.2.121.4".

    With all of this, an STB user wouldn't even noticed that the HH 2000 device isn't used anymore.

    Thanks again for your great post!

    Hi,
    Where exactly enter the dns changes (rebind-domain-ok=bell.ca, rebind-domain-ok=bell.com, server=/bell.ca/10.2.127.228, server=/bell.com/10.2.127.228) on the web configurator ?

    thank you,
    Nabolito.

    you can juste go to your 'dns resolver' page, and add the dns and domain manualy from there. it's at the bottom of the page.



  • @singerie:

    @nabolito:

    @iscy:

    @zax103, thanks a lot for this post. I recently switched from Videotron to Bell FTTH recently and after reading what you've done, I was sure I could also replicate such a setup. I didn't have a pfSense box at home (only at the office), so I was wondering if I could get this working on cheaper hardware (Linksys E4200 with custom firmware). In the process, I went through several issues that I had to debug, but actually got it fully working. I've wrote about it on a different forum and you can find my post if you search for 'Tossing the Home Hub 2000 while keeping TV', but I wanted to highlight a few things in your setup.

    Bell also uses VLAN 37 for what it seemed, some IPv6 traffic. Anyone thinking about simply bridging their WAN port to connect the HH2000 on it should also bring that VLAN on it. However, if you aren't using that HH2000 device, you don't have to worry about it at all.

    When my setup was completed, I could watch TV, but once in a while, it would simply cut off for a very short period of time, then resume. I tracked this down to a timeout mechanism used by Bell (upstream), or it could even be coming from the ONT. The interface on VLAN36 will receive an IGMP request to report the current subscription from 192.168.1.1. If the IGMP proxy doesn't answer that request, the multicast membership will be evicted. So you should add "192.168.1.0/24" to your upstream configuration to handle this.

    As for the 'Apps' and 'On Demand' features, you need to hijack the DNS queries that are going to "*.iptv.bell.ca". I didn't take any chance, and did hijack the entire "bell.ca" and "bell.com" domains redirecting these queries to one of the DNS servers I was getting back from the DHCP Ack. I'm not sure if you are using dnsmasq on your setup, but if you do, the configuration change is simple:
    rebind-domain-ok=bell.ca
    rebind-domain-ok=bell.com
    server=/bell.ca/10.2.127.228
    server=/bell.com/10.2.127.228

    The 'rebind-domain-ok' is only needed if you have 'stop-dns-rebind' in your configuration, which prohibits upstream servers from returning private addresses. For instance, "mdsfe001.iptv.bell.ca" has to resolve to "10.2.121.4".

    With all of this, an STB user wouldn't even noticed that the HH 2000 device isn't used anymore.

    Thanks again for your great post!

    Hi,
    Where exactly enter the dns changes (rebind-domain-ok=bell.ca, rebind-domain-ok=bell.com, server=/bell.ca/10.2.127.228, server=/bell.com/10.2.127.228) on the web configurator ?

    thank you,
    Nabolito.

    you can juste go to your 'dns resolver' page, and add the dns and domain manualy from there. it's at the bottom of the page.

    Use this from now on:
    dhcp-option=br1,6,10.2.127.228

    Since my PVR is setup on 'br1', when it sends the DHCP request, the router will return Bell's DNS resolver and all DNS requests from the PVR will now succeed.

    There was a firmware update on these machines that are now trying to resolve:
    discovery.iptv.microsoft.com. 300 IN    A      10.2.76.132

    If this doesn't resolve properly, the PVR doesn't boot anymore.



  • Hello everyone,

    I have a question, will this kind of setup also work with Bell "Take the Hill - FTTB" ?

    my Client has a Bell Connection Hub with Internet Only. The Router has limited control / functionality so i finally bought a pfSense SG4860 router.

    I have been trying to get it to work but i am unable to, Bell Customer support people are not helping… When i asked them if i need to configure VLANs or anything else they said no.

    Currently I have the connection going like this...

    Fiber Box > Connection Hub > Switches > Desktops & servers

    I would like to replace the connection hub with the pfSense router.

    Does anyone have any idea on how do i get this done? Does the FTTB follow the same configuration as FTTH which the OP has setup? am i asking in the wrong section  :-X

    Thanks in Advance.

    Aasim



  • Trying to accomplish this with a Cisco ASA and a pair of Cisco 3850s

    Any pointerS?



  • @zax123:

    Hi all,

    I thought I'd post this for all to see as others may be interested in how I finally got this working.

    My mission was to replace the Bell Home Hub 2000 router which is a rather in-flexible device considering that I have 175mbps/175mbps service.  I wanted to replace it with a pfSense box I built on an APU.

    After doing some reading, I realized that Bell passes both internet and IPTV on one network wire using VLANs coming off the ONT (Optical Network Terminator) box.

    They use VLAN 35 for internet and PPPoE authentication on this VLAN and VLAN 36 for IPTV with DHCP.

    The steps to get internet working are quite simple.  You create a VLAN at 35 on the external interface that connects to the one active port on the ONT:
    .

    While you're in there, create a VLAN at 36 on the same interface for the IPTV connection.

    Then assign that VLAN to an interface and enable it and set it to use PPPoE authentication:

    That's pretty much all you need to do for internet.  pfSense does the NATing and routing setup for you automatically.

    Getting IPTV to work is a little more involved.

    First assign the VLAN 36 to an interface, and set it to DHCP:

    Your automatic gateways will look like this:

    Then set up a static route for 10.0.0.0/8 to go to the gateway discovered by DHCP on the IPTV WAN interface:

    Then set an advanced option on the LAN interface and the WAN-IPTV interface in the pass all firewall rules:


    Finally, set up IGMP proxying as such:

    If you've done everything correctly, you likely don't even need to restart pfSense, it'll just start working!

    If anyone has any questions about this, let me know.

    Robert

    Is this setup still working for you? I just got my Fibe Internet and TV yesterday and trying to set this up as you do but I can't get the PPPoE interface to come up. Has anything changed at all in the setup?


Log in to reply