I would still see the traffic on the interface even if it was being blocked by firewall rules right? Also I could do with knowing if this is even necessary as it won't be permanent if bogons changes in the future.ĮDIT4: Just run a pcap on the WAN interface, IGMP seems to be going out:ġ5:18:27.594045 IP > 224.0.0.22: igmpġ5:18:27.932593 IP > 234.81.130.84: igmpĭon't know why it reaches out to 224.0.0.22 multiple times but 234.81.130.84 is the group I am requesting to join. I think I'll need to fix this AND something else.ĮDIT3: I've found /etc/bogons now after reading rc.update_bogons.sh so I can remove 224.0.0.0/4 I just need the rest of the solution. Īfter doing more testing I can provide the following additional information:ĮDIT: Now the forums are back up I can check CYMRU's bogon list and it DOES! include 224.0.0.0/4.Īnyone know a way to change the list without disabling the whole rule?ĮDIT2: Still no worky.
Have I got the rule wrong? Is it possible the default "Block Bogon Networks" is also blocking the multicast packets because they have reserved address space? Is my IGMP configuration wrong? I know the problem is in pfSense but I don't have enough experience to fix it, at least not without the forums and they are down :(.
.png "bt youview forum")
With that in mind I created this firewall rule:Īllow IPv4 UDP w/ IP Options Dest: 224.0.0.0/4:5802īut no dice. This is where my lack of understanding of multicast is letting me down.įrom my packet analysis they don't hit the firewall addressed to me, but rather they come addressed to the group that the IPTV STB just subscribed to. So I think I need to allow UDP past the firewall. As far as the firewall is concerned the UDP streams appear from nowhere as it doesn't understand that they were managed by IGMP. If I'm understanding this correctly, for connections to be made from WAN to LAN they have to be initiated by something on the LAN side. I can't see an issue with this configuration, where I think the problem lies is with my NAT/Firewall Rules. The downstream is the 192.168.0.0/24 subnet of my LAN. To be on the safe side I have configured the upstream network of my IGMP Proxy as 224.0.0.0/4. I took the liberty of doing some packet captures while the ISP equipment was in place and here are the findings:Īll IPTV channels are part of the the 234.81.130.0/24 and the 234.81.131.0/24 IGMP groups. It proves that there isn't a separate IPTV VLAN coming from the modem, and that IGMP Snooping is configured correctly.
.png "bt youview forum")
This eliminates all other equipment and configuration from the equation and puts the problem squarely in my configuration of pfSense. I have replaced the pfSense router in this case with the original ISP supplied equipment and everything functions correctly. My configuration is as follows:ĭEMARC -> VDSL Modem -> pfSense -> Switch (w/ IGMP Snooping enabled) -> IPTV STB/Reciever I'm trying to configure pfSense to provide IGMP proxying and to forward the UDP streams to my LAN.
#Bt youview forum tv
My ISP (BT) provides additional TV channels via IPTV multicast as part of the YouView service.
0 kommentar(er)
