IPTV IGMP multicast problems with BT YouView on pfSense



  • My ISP (BT) provides additional TV channels via IPTV multicast as part of the YouView service.  I'm trying to configure pfSense to provide IGMP proxying and to forward the UDP streams to my LAN.  My configuration is as follows:

    DEMARC -> VDSL Modem -> pfSense -> Switch (w/ IGMP Snooping enabled) -> IPTV STB/Reciever

    I have replaced the pfSense router in this case with the original ISP supplied equipment and everything functions correctly.  This eliminates all other equipment and configuration from the equation and puts the problem squarely in my configuration of pfSense.

    It proves that there isn't a separate IPTV VLAN coming from the modem, and that IGMP Snooping is configured correctly.

    I took the liberty of doing some packet captures while the ISP equipment was in place and here are the findings:

    All IPTV channels are part of the the 234.81.130.0/24 and the 234.81.131.0/24 IGMP groups.  To be on the safe side I have configured the upstream network of my IGMP Proxy as 224.0.0.0/4.  The downstream is the 192.168.0.0/24 subnet of my LAN.

    I can't see an issue with this configuration, where I think the problem lies is with my NAT/Firewall Rules.  If I'm understanding this correctly, for connections to be made from WAN to LAN they have to be initiated by something on the LAN side.  Otherwise it is just dropped.  As far as the firewall is concerned the UDP streams appear from nowhere as it doesn't understand that they were managed by IGMP. So I think I need to allow UDP past the firewall.  This is where my lack of understanding of multicast is letting me down.

    From my packet analysis they don't hit the firewall addressed to me, but rather they come addressed to the group that the IPTV STB just subscribed to.  With that in mind I created this firewall rule:

    Allow IPv4 UDP w/ IP Options Dest: 224.0.0.0/4:5802

    But no dice.  I'm more confused now.  Have I got the rule wrong?  Is it possible the default "Block Bogon Networks" is also blocking the multicast packets because they have reserved address space?  Is my IGMP configuration wrong?  I know the problem is in pfSense but I don't have enough experience to fix it, at least not without the forums and they are down :( .

    TIA!

    After doing more testing I can provide the following additional information:

    EDIT: Now the forums are back up I can check CYMRU's bogon list https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt and it DOES! include 224.0.0.0/4.

    Anyone know a way to change the list without disabling the whole rule?

    EDIT2: Still no worky.  I think I'll need to fix this AND something else.

    EDIT3: I've found /etc/bogons now after reading rc.update_bogons.sh so I can remove 224.0.0.0/4 I just need the rest of the solution.  Also I could do with knowing if this is even necessary as it won't be permanent if bogons changes in the future.

    EDIT4: Just run a pcap on the WAN interface, IGMP seems to be going out:

    ~SNIP~ 
    15:18:27.594045 IP XXX.XXX.XXX.XXX > 224.0.0.22: igmp 
    15:18:27.932593 IP XXX.XXX.XXX.XXX > 234.81.130.84: igmp 
    ~SNIP~

    Don't know why it reaches out to 224.0.0.22 multiple times but 234.81.130.84 is the group I am requesting to join.

    No replies however.  No UDP or IGMP.  I would still see the traffic on the interface even if it was being blocked by firewall rules right?

    Any help would be appreciated.



  • This thread useful maybe? https://community.bt.com/t5/YouView-Boxes/Extra-IPTV-channels-working-on-Mikrotik-750G-router-a-short/td-p/1137730  It describes the setup for a Mikrotik router, instead of all the other threads which talk about consumer rubbish.

    It describes my setup pretty much exactly, apart from the main difference that it is actually working for him ;) This paragraph is of particular interest though:

    The IGMP traffic won't appear to come through the PPPoE interface instead it will be on the ethernet interface that is physically connected to the Openreach modem, in my case eth1. You'll need to assign an IP address to this interface if you haven't already, making it anything in a private range but outside your LAN ranges, e.g. 10.20.30.1/24, only because RouterOS won't make use of the interface without an address assigned.

    Not sure what he means here, I am using the ethernet interface - presumably WAN.  I know you can see pppoe_WAN in other parts of the config but only WAN or LAN is selectable at the IGMP Proxy stage.

    Also he sticks the STB on a seperate subnet, which I don't mind doing, but shouldn't be necessary.



  • Here's some pictures of firewall rules for your viewing pleasure: https://imgur.com/a/VBgwr (Embedded below)

    To simplify, I'm pretty sure IGMP Proxying is working as intended, so just receiving multicast traffic I am having issues with.  Does the bogon networks rule apply only to packets with a unassigned source address or one with an unassigned destination too (or both?).

    Thanks again.



  • Now I'm really close.  I was right on the money suspecting that paragraph of that Mikrotik post was highly relevant.  I've finally deciphered what that means in this context, and it very nearly works!  I needed to assign a new interface to the actual NIC.  Whereas the WAN is assigned to the PPPoE which is in turn assigned to the NIC, by assigning to the actual NIC the packets are sent bare and unencapsulated and I get UDP replies, from 109.159.247.0/24 which corresponds with my earlier packet captures as to the multicast broadcast router/server.  Now I just need to see why the default "Block all IPv4" rule is dropping them when I have a rule specifically set up to allow them.  Not long now I think!



  • Hi,

    This thread was the close to a solution (at least that I can understand) to fix the issue with BT TV.
    2 days ago I installed PFSense and the BT TV stopped to work (Before that was working fine with my EdgeRouter X –> so all the IGMP proxy and rest of network settings is set correctly).

    Did you managed to get it fixed? what about the last portion of your investigation? what solved the issue in your case?

    thanks!

    Luis



  • I just stumbled across this older thread. Don't know if the OP still requires assistance. Still my 5ct: I suggest you put your Multicast PASS rules as floating rules (instead of the WAN interface). Make this two rules: one rule for UDP and one for IGMP (They cannot go into one rule. It just cannot be selected this way in the GUI.) If I understand that correctly the floating rules are used before the block bogon networks rule is checked. Btw. I also suggest in the beginning you don't limit the ports.



  • Hi, i think it is a bit old indeed, but was the closest i ever found to provide a solution.
    I will try to adopt the floating rule.
    But at the moment I am still not sure if I need to create another interface for the WAN (as the last post from Mech advise).
    seems rather strange to have the WAN interface assigned to nowhere just to make the IGMP to work.

    anyway, if anyone have a good idea on how to make BT TV work with PFsense, I would very much appreciate!

    Luis



  • Hi Luis, sorry the solution wasn't in this thread, I meant to do a bit of a write-up and then got distracted.

    Here's the new thread I made that has the solution. https://forum.pfsense.org/index.php?topic=100464.msg560476#msg560476

    Essentially this is the necessary configuration for the IGMP Proxy:

    Create a brand new interface and assign it to the same physical interface as the PPPoE.  In my case WAN is assigned to PPPoE which is assigned to re0, so I make a new interface called IPTV and assign it to re0 like so:

    This is the configuration of that interface.  The MAC doesn't matter, the static IP doesn't matter.  Use whatever you like, although I used RFC1918 address space anyway for safety.

    Then configure the IGMP Proxy with your local subnet as the downstream interface and 224.0.0.0/4 (Multicast subnet) and 109.159.247.0/24 (BT YouView source IPs) as the upstream subnets.  VERY IMPORTANT. This is where I got stuck.

    Finally you might need a firewall rule to make sure the incoming UDP isn't dropped.  Make sure you allow "IP Options" as this will let it come from a multicast source.  Here's mine, applied to the IPTV interface:

    That should do it.  It's working fine for me and my pfSense install is still pretty vanilla, so I don't see any unexpected problems.  Hope it works ok for you.

    Mech



  • :(

    Did not worked for me….
    I have every configuration identical to yours, but it doesnt show any image.

    I am using an ubiquiti router (which was previously linked directly to the openreach modem) as 1 additional element in my network (between the pfense and the TV box).
    I even try to play the cables and the the TVBOX linked DIRECTLY into the PFsense (and kill all the rest of my home internet) to test it, but nothing!

    I notice that you only have a FW rule on IPTV interface, there is no need to have any other rule anywhere else?
    I just installed PFSense (2 days ago), so it is all pretty standard too (well, except i also added snort, but there is nothing on the logs there).

    any hints of where to look?

    tks!

    Luis



  • Hmm, double natting, that adds a layer of complexity, I'd recommend you continue to try this with just one router for now until you find the problem - just to simplify the configuration.  If you have VLC installed you can open the test channel on a computer to make it easier to generate the IGMP packets and test for the UDP packets. To do that open VLC and go to MEDIA > OPEN NETWORK STREAM… > and paste this into the box "rtp://234.81.130.4:5802" (no quotes).  That's the BT YouView Test Channel.  That way you can connect your computer directly to the router and still have internet access while debugging.

    Then what I did was run a packet capture in pfSense on the IPTV interface by going to DIAGNOSTICS > PACKET CAPTURE set the interface to IPTV and the count to 0. Start a packet capture, then open the test stream for a couple of seconds, close the stream again and then stop the capture.  You should have something that looks like this:

    That's the IPTV traffic being "requested" via IGMP and arriving, you'll see it intermingled with the PPPoE packets.  Only do a short capture because these packets mount up quickly! If you don't see that traffic, then the IGMP traffic isn't making it out to BT, so the problem lies there, if you do, then check the IGMP proxy configuration and the firewall rules.  The source IP of the packet (here it is 109.159.247.1) is the subnet you should use in the upstream category (109.159.247.0/24) it will be different for different ISPs. (We are talking about the same BT right? - British Telecom?)

    See what you get in your capture and have a fiddle.  Post here if no luck.  ;)

    @luismoed:

    I notice that you only have a FW rule on IPTV interface, there is no need to have any other rule anywhere else?

    No that's the only rule I have, and I'm not sure you even need that.

    Mech

    EDIT: Oh, and I use 192.168.0.1 for my local network, but if you use something else, make sure you change that in the proxy settings!



  • Hi,

    Still no luck!
    I tried to get the PFsense linked direct to the BT TV (and kill the internet in my entire place) but no success.
    My network is 192.168.10.X, and I have adjusted accordingly.
    Before Pfsense (which is 4 days old here) I had a Ubiquiti router as a main gateway connected to openreach modem.
    the BTTV device was behind a second router (Netgear), so it was working as "NAT behind NAT" scenario.

    I will try to capture a log from the Pfsense linked direct to the BTTV and will post here.

    thanks for the help!

    Luis



  • So, quite useless tentative.
    i started the package collection, zap down to the cables, linked ONLY the BTTV equipment on PFsense, which was configured as described by Mech (only change was my LAN address, it was 192.168.10.11). So I had it configured as 192.168.10.11/24.
    The BTTV fail to work (again it was openreach modem <-> Pfsense <-> BT TV, nothing else connected).

    the log was pretty useless to me, the only thing that draw my attention was a few ICMP packages lost to amazonWBS and AKATAI (or ATAMAKI, or something similar) technologies.
    a bunch of TCP messages
    a good number of UDP (nearly all of them to DNS servers –> port 53).

    i can see the "frame" working on the TV, with the channels, time, program grade, etc, but there is no content and a few seconds later the message that some problem happen pops in....

    At the moment i dont think the ubiquiti router is the issue, as i took it away to test.

    the PFsense, is the latest version, the only additions i've made were OPENDNS and Snort.

    any ideas of where to look next?

    tks

    luis



  • Hi,

    Just a feedback.
    I made it work.
    your configuration is exactly right.
    I added another NIC on the PFSense box and get rid of the router/double NAT.

    everything is fine now!

    thanks!

    Luis



  • Hello,

    I have configured my pfsense 2.2.6 as per yours above but with 192.168.1.0/24 as the LAN, but no joy with BT TV for the IP channels.

    https://www.dropbox.com/s/xt1r1ccq0lq7gco/IGMP%20Proxy%20Settings.jpg?dl=0

    I have the firewall rule set up as above and have changed the DNS to BT's as I was using Google DNS.

    https://www.dropbox.com/s/wljwikj5or2nw3l/IPTV%20Firewall%20Rules.jpg?dl=0

    https://www.dropbox.com/s/8iqobb752ccxhq5/WAN%20Firewall%20Rules.jpg?dl=0

    Any other suggestions as to troubleshooting? I'm trying to get hold of a HH to bypass the pfsense box and confirm all is ok if using a standard BT setup.

    Only difference is I do not have a switch which has IGMP Snooping on it.



  • Hello,

    Managed to get it working. One thing to add to the above instruction from Mech:-

    • Your DNS must be set to BT's DNS, I was using google DNS

    The problem I have now is that I can not use the internet when watching a IPTV channel. BT Sport HD Europe is taking up about 8 - 10 Mb of bandwidth when watching it. I am on a 45 Mb connection. When watching the IPTV channel I can not do anything else on the internet, timeouts, errors, pages just not loading.

    Any ideas as to what the cause could be?

    ============================================= UPDATES ======================================================

    I have had to rebuild my pfSense router following an upgrade to 3.x.x which has broken the IGMP Proxy. The above config will not currently (24/09/2016) work with any 3.x.x build.

    One other small thing to add…

    • You must modify the "Default allow LAN to any rule" and enable the option "This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic.". It is found under "Advanced Options" near the bottom of the page, when editing this rule.


  • @simpic:

    Hello,

    Managed to get it working. One thing to add to the above instruction from Mech:-

    • Your DNS must be set to BT's DNS, I was using google DNS

    The problem I have now is that I can not use the internet when watching a IPTV channel. BT Sport HD Europe is taking up about 8 - 10 Mb of bandwidth when watching it. I am on a 45 Mb connection. When watching the IPTV channel I can not do anything else on the internet, timeouts, errors, pages just not loading.

    Any ideas as to what the cause could be?

    Good find on the DNS.  I didn't even think to check that.

    My only guess could be that your switch doesn't do IGMP snooping and so that traffic is being broadcast to all ports and swamping your switch.  Doesn't seem very likely though.  If that doesn't work you might be better off starting a new thread and asking there.

    Cheers.



  • Looking for some ideas. Having read about Mech's success in getting this working I thought I'd try.

    I have my BT Openreach HG612 VDSL modem connected to my pfSense box.
    I started with a vanilla install of pfSense.
    I started by configuring a PPPoE connection and the default/quick setup.
    I now have a working LAN that I can access the internet from. All good.
    I am using BT's DNS on pfSense as configured by their DHCP servers - again everything default.
    So next I setup the secondary connection to the HG612 as described by Mech in an earlier post.
    The configuration BT uses call for two logical connections on one physical interface:
    1. PPPoE for Internet
    2. Multicast
    Then I set up IGMP proxy, again following the recipe described by Mech - with one small exception: the default LAN IP is 192.168.1.x which is what I am using, so I use 192.168.1.1/24 in the IGMP Downstream.
    Now I add a rule to the firewall, again as Mech describes to pass UDP on port 5802.

    So this all ought to work… but I still get the dreaded IPC6023 error on the set-top box.

    Looking at the firewall log, it was blocking some IGMP traffic from 0.0.0.0 to 224.0.0.1 so I added a rule to pass this on the IPTV interface. This removed the blocked packets from the log, but does not allow the Set Top box to work.

    What have I missed? What else can I check or try?

    Any ideas greatly appreciated.

    Andrew



  • Hello,

    I've followed the instructions above but I couldn't get it working.

    I have a BT Youview ultraHD box and an PC Engines Apu2c4 device with pfSense 2.3.2-RELEASE (amd64) on it.

    I have 3 network interfaces;

    igb0 : WAN (pppoe)
    igb1 : LAN
    igb2 : IPTV

    Here's the configuration I've set :

    https://gyazo.com/ab1d7e5472e2d93c5386625f640c8d96
    https://gyazo.com/08c10df137b7ee5bb149450f2306f701
    https://gyazo.com/466688bfc4ed35065513900974ac2195

    On my TV I'm getting "Can't Connect to the Internet" error message at the moment. YouView box is connected to igb2 interface.

    Can you please help?

    Thanks
    Omur

    Edit: Do I need to do anything on youview box? I still don't understand how it would get internet from igb2 interface.



  • @rootifera:

    Hello,

    I've followed the instructions above but I couldn't get it working.

    Hey, before I take a look at your exact configuration, it's worth pointing out that in the latest versions of pfSense they've broken IGMP proxy when using vlans, take a look at this issue on the bug tracker: https://redmine.pfsense.org/issues/6099

    So I'm still on version 2.2.6 until this regression is fixed.

    Are you using vlans at all?

    Cheers



  • Updates added to earlier post with extra step and warning around latest versions of pfSense.



  • Thought it might be useful to mention that this approach also works perfectly with YouView TV from Plusnet.

    The only issue I had with the instructions was when setting up the IPTV interface and putting a value into the MAC address field caused my connection to stop working. I found that leaving the MAC address blank worked with no problems.

    UPDATE:
    The setup works with 2.2.6.
    It does NOT work with 2.3.X.
    It does work with 2.4.X although I found that approximately every 5 minutes the stream would drop and I would need to change channels and back again to restart the streaming channel. I found this was corrected by the firewall rule described below by ProxyMoron i.e. allow the IPv4 IGMP protocol from any source…



  • Just an update for anyone else that finds this.

    I found the above instructions would NOT work for my BT UltraHD youview box and that i also needed another pass rule on the IPTV Wan interface we create.

    This should allow IPV4 IGMP, from a source of any, to destination of network 224.0.0.0/4 (with Advanced Options -> "Allow packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic" ticked) otherwise the picture would drop out after 4 minutes.

    In addition i found i did NOT need to use BT's DNS servers - you mileage may vary.

    Finally, If your STILL having problems try https://redmine.pfsense.org/issues/6099#note-112, but this should be fixed as of version 2.4 and I personally did not need it.



  • Hello,

    I have had IPTV on BT working perfectly on version 2.2.6 of PFSense for a while now.

    I have waited for v2.4RC and created a brand new install to test it out. It's configured exactly the same as the 2.2.6 install.

    Nothing, I don't even think it can see the multicast traffic from the WAN.

    Is there any thing I should do different in 2.4?

    Any ideas?



  • @simpic:

    Hello,

    I have had IPTV on BT working perfectly on version 2.2.6 of PFSense for a while now.

    […]

    Is there any thing I should do different in 2.4?

    Not sure if you're using VLANs, but if thats the case, the IGMP Proxy is broken since 2.3.0 if you use it on VLAN interfaces….



  • I've got it working on SG-2220 hardware, on version 2.3 and 2.4rc , on both none vlan and vlan. Just making sure you pass IGMP with IP options enabled firewall rule for your interface . Following the instructions in this post.



  • Hi All,

    I'm having a problem getting this to work using VLAN.

    I'm using version: 2.3.4

    Is the IGMP proxy broken when using it on a VLAN over a NIC?



  • It's works also with that version, and over vlan.

    Make sure you're Firewall rule is passing IGMP on your Lan interface to the Youview, with IP Options enabled!!!!!!.

    If your Network switch can toggle Multicast IGMP snooping on and off try both to see if that makes any difference.

    Try Restarting the IGMP server after any changes, I've found this is needed in some scenarios.

    Post your settings so I can check and advise????



  • Hi casualsix,

    Thank you for your fast reply.

    Please see attached screen shots of my settings. Hopefully these will make more sense than my typing.

    I really appreciate any help as the other half isn't happy…

    ![Screenshot (15).png](/public/imported_attachments/1/Screenshot (15).png)
    ![Screenshot (15).png_thumb](/public/imported_attachments/1/Screenshot (15).png_thumb)
    ![Screenshot (16).png](/public/imported_attachments/1/Screenshot (16).png)
    ![Screenshot (16).png_thumb](/public/imported_attachments/1/Screenshot (16).png_thumb)
    ![Screenshot (17).png](/public/imported_attachments/1/Screenshot (17).png)
    ![Screenshot (17).png_thumb](/public/imported_attachments/1/Screenshot (17).png_thumb)
    ![Screenshot (19).png](/public/imported_attachments/1/Screenshot (19).png)
    ![Screenshot (19).png_thumb](/public/imported_attachments/1/Screenshot (19).png_thumb)
    ![Screenshot (20).png](/public/imported_attachments/1/Screenshot (20).png)
    ![Screenshot (20).png_thumb](/public/imported_attachments/1/Screenshot (20).png_thumb)
    ![Screenshot (22).png](/public/imported_attachments/1/Screenshot (22).png)
    ![Screenshot (22).png_thumb](/public/imported_attachments/1/Screenshot (22).png_thumb)
    ![Screenshot (23).png](/public/imported_attachments/1/Screenshot (23).png)
    ![Screenshot (23).png_thumb](/public/imported_attachments/1/Screenshot (23).png_thumb)



  • Hi,
    Not sure you need all the NAT-OUT rules for the BT Vision, mine doesn't need it.

    Firewall rules look O.K to me.

    Can you screenshot the interface assignments please(hide the mac add's).

    I take it your hardwired between your vlan interface and the BT Vision/Youview box, as I've found some wifi configs block multicasting?

    Also have you used the test stream rtp://234.81.130.4:5802 with VLC player on your PC?

    What does your System > General Logging say? IGMP system messages

    ![Screen Shot 2017-10-02 at 14.23.14.png](/public/imported_attachments/1/Screen Shot 2017-10-02 at 14.23.14.png)
    ![Screen Shot 2017-10-02 at 14.23.14.png_thumb](/public/imported_attachments/1/Screen Shot 2017-10-02 at 14.23.14.png_thumb)



  • casualsix,

    Thank you for taking the time to look through my config.

    I've tried VLC streaming on the same network as the BT Vision box and via another LAN. Both just show no image and no seconds counting on the video time.

    I created the NAT rules as before the BT Vision box couldn't connect to the internet at all.

    The BT Vision box is hired wired straight into the TP-LINK TL-SG108 with IGMP snooping enabled.

    I can only see one entry from this morning UK BST time in the system general log regarding IGMPproxy: Oct 2 10:45:49 igmpproxy 73792 select() failure; Errno(4): Interrupted system call

    Please see attached interface assignments.

    Thank you for taking the time to help.




  • Thats No problem, I've been through the same pain!!

    What hardware have you got for your router?

    Have you tried it in different hardware (sounds extreme, but thats what I have done and found incorrect settings in my managed switch.

    I've seen that error message before on a NIC card which wasn't compatible. I also had it working on the SG-1000 netgate, then updated the firmware and it never worked again, so changed to the SG-2220 now after getting a refund for the SG-1000, and i've not had any further problems with 2.4, I've also ran it on an old Acer Revo 3610 with one NIC and the community edition of pfsense 2.3 and all vlans like yours and it ran a treat with that, no issues. So thats why I put it down to the NIC make causing that error.

    Thanks, Jeremy



  • Thankfully the other half is very patient and puts up with my network issues :).

    Sorry I probably should have mentioned the setup sooner.

    Host running KVM (Ubuntu 16.04)
    Onboard NIC runs the HOST / Mail server in KVM.
    2 X TP-Link Gigabit PCI Express PCI-E for the PfSense VM.
    TP-LINK TL-SG108E - Managed switch - The LAN interface from the PfSense box connects directly to this. Trunk port 8.
    The WAN side is connected directly to the BT FTTC VDSL (HUAWEI) unit.

    That's the setup.

    I've had a bit more of a play but no joy sadly. I found that if I removed the NAT-OUT rules the BT Vision box would complain that there was no Internet connection.

    Not really sure what else to try.



  • Did you try rebooting the youview box after removing the nat out rules to get it to recognise the internet again? I had same problem and that cured it.



  • Hi casualsix,

    Actually I don't think I did. (I did unplug the network cable).

    This morning I removed the NAT-OUT rules and rebooted the YouView BT Vision box. I'm afraid that no Internet connection was detected until I setup the NAT-OUT rules (was worth a try though).

    I had another play around this morning but sadly nothing has helped.

    I've attached a picture of the error message and network settings from the YouView BT Vision box.






  • I take it you've got DHCP server and "DHCP" firewalls rules setup for the BTVision Vlan?



  • The error message is to do with the IGMP multicast not working, not due to the Youview Box not getting internet. I would recommend deleting your out nat rules to keep things simpler, unless there's another need for them.

    You could try this…

    Under System -> Advanced -> System Tunables, add a new entry with the Tunable as "net.link.ether.inet.allow_multicast" and the Value as "1".



  • casualsix,

    Thank you for the pointers. I have removed all outbound NAT rules for 192.168.0.0/24 WAN,BT_VLAN,EXTERNAL_BT :).

    I have also added the tunable you supplied.

    For good measure I rebooted everything (PfSense, BT box) but sadly I now receive that the box can't see any broadband connection. This error seems to go away with the NAT rules.

    Regarding the BT Vision VLAN: I've attached a screenshot of the rules, yes it has a DHCP server :).

    As always thank you for taking the time to assist!

    ![Screenshot from 2017-10-03 15-01-14.png](/public/imported_attachments/1/Screenshot from 2017-10-03 15-01-14.png)
    ![Screenshot from 2017-10-03 15-01-14.png_thumb](/public/imported_attachments/1/Screenshot from 2017-10-03 15-01-14.png_thumb)
    ![Screenshot from 2017-10-03 15-01-43.png](/public/imported_attachments/1/Screenshot from 2017-10-03 15-01-43.png)
    ![Screenshot from 2017-10-03 15-01-43.png_thumb](/public/imported_attachments/1/Screenshot from 2017-10-03 15-01-43.png_thumb)
    ![Screenshot from 2017-10-03 15-02-01.png](/public/imported_attachments/1/Screenshot from 2017-10-03 15-02-01.png)
    ![Screenshot from 2017-10-03 15-02-01.png_thumb](/public/imported_attachments/1/Screenshot from 2017-10-03 15-02-01.png_thumb)



  • Also, in your "BT Vision vlan" firewall rule, wildcard "any" the source, Instead of the strict rule.



  • My IPTV WAN rules

    ![Screen Shot 2017-10-03 at 15.17.00.png](/public/imported_attachments/1/Screen Shot 2017-10-03 at 15.17.00.png)
    ![Screen Shot 2017-10-03 at 15.17.00.png_thumb](/public/imported_attachments/1/Screen Shot 2017-10-03 at 15.17.00.png_thumb)



  • My vLan (Internal lan) rules

    ![Screen Shot 2017-10-03 at 15.18.17.png](/public/imported_attachments/1/Screen Shot 2017-10-03 at 15.18.17.png)
    ![Screen Shot 2017-10-03 at 15.18.17.png_thumb](/public/imported_attachments/1/Screen Shot 2017-10-03 at 15.18.17.png_thumb)