Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


563 posts

Ultimate Geek
+1 received by user: 89


Topic # 151247 19-Aug-2014 08:25
Send private message

I've managed to setup pfSense as a Vodafone UFB router running inside VMWare workstation on Windows 8. Also have HG659 connected to LAN in bridged mode.

Looks like this:
pfSense WAN > VMWare Bridge Protocol > Virtual NIC - VLAN 10 (On Windows) > NIC1 > ONT
pfSense LAN > VMWare Bridge Protocol > NIC2 > HG659 (Bridge mode) > STB

The Vodafone TV STB successfully gets an IP etc via DHCP however I can't seem to get multicasting working as constantly getting "service unavailable".

Current IGMP Proxy settings in pfSense are:
WAN | Upstream | 224.0.0.0/4, 184.60.0.0/16, 184.61.0.0/16
LAN | Downstream | 192.168.1.0/24

Also have a firewall rule with (have tried a bunch of others):
ALLOW
Proto: IPv4 UDP
Source: 224.0.0.0/4:*
Destination: *
Allow packets with IP options to pass


Has anyone managed to get Vodafone TV multicasting to work through pfSense or know what the corrects IGMP Proxy settings and firewall rules should be?


I've tried instruction provided for different STB's or routers here:

 

Some firewall logs:

Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ... | 13


563 posts

Ultimate Geek
+1 received by user: 89


  Reply # 1111083 19-Aug-2014 09:37
Send private message

Is anyone able to confirm whether the general setup is correct (with the STB on LAN) or does the STB need to be configured on a different WAN (& possibly VLAN) as described here?:

https://forum.pfsense.org/index.php?topic=77466.msg422514#msg422514


808 posts

Ultimate Geek
+1 received by user: 206


  Reply # 1111135 19-Aug-2014 10:36
Send private message

Just a side question does the multicast service work if you connect up the VF supplied RGW to the ONT and on to the STB - It may be that multicast has been inadvertinly been droped from the connection?  - haveing done a few faults now with this situation I know it does happen.



563 posts

Ultimate Geek
+1 received by user: 89


  Reply # 1111177 19-Aug-2014 11:19
Send private message

InstallerUFB: Just a side question does the multicast service work if you connect up the VF supplied RGW to the ONT and on to the STB - It may be that multicast has been inadvertinly been droped from the connection?  - haveing done a few faults now with this situation I know it does happen.


Yes it worked yesterday on the VF RGW until I reconfigured it to go through pfSense.

121 posts

Master Geek
+1 received by user: 30


  Reply # 1111278 19-Aug-2014 13:29
Send private message

From the firewall logs, it looks like you're dropping outbound multicast traffic to Vodafone - just to prove your multicast config, try adding a temporary rule similar to below:

Source: ANY
Destination: ANY
Proto: IGMP
Action: Allow

Once this is working, you can refine the source and destinations of the rule.



563 posts

Ultimate Geek
+1 received by user: 89


  Reply # 1111377 19-Aug-2014 16:14
Send private message

chrispchikin: From the firewall logs, it looks like you're dropping outbound multicast traffic to Vodafone - just to prove your multicast config, try adding a temporary rule similar to below:

Source: ANY
Destination: ANY
Proto: IGMP
Action: Allow

Once this is working, you can refine the source and destinations of the rule.


I get this:






121 posts

Master Geek
+1 received by user: 30


  Reply # 1111388 19-Aug-2014 16:31
Send private message

Any change in STB behaviour?

Were you seeing those log messages before?

Can you tell me which hosts are using what IP addresses?

192.168.1.1 - ?
192.168.1.254 - ?
192.168.1.24 ?



563 posts

Ultimate Geek
+1 received by user: 89


  Reply # 1111401 19-Aug-2014 16:47
Send private message

chrispchikin: Any change in STB behaviour?

Were you seeing those log messages before?

Can you tell me which hosts are using what IP addresses?

192.168.1.1 - ?
192.168.1.254 - ?
192.168.1.24 ?


192.168.1.1 > pfSense LAN
192.168.1.254 > HG659 Router
192.168.1.7 > Should be Vodafone TV STB (According to STB's network settings)
192.168.1.24 > Unknown, could be STB (has MAC 00:0b:b6:1c:e2:73)

After opening UDP on WAN & LAN and rebooting decoder it shows sightly different but similar error; "..network link down..."

igmpproxy logs seem the same, but not getting any UDP logged now I've opened it up.

Does VFTV by any chance use IPv6 at all?

Also can you confirm whether it should or shouldn't be on the same VLAN in Internet traffic?

Thanks



563 posts

Ultimate Geek
+1 received by user: 89


  Reply # 1111413 19-Aug-2014 16:55
Send private message

It seems the STB has a fixed IP of 192.168.1.7 however pfSense DHCP assigned 192.168.1.24 so I've setup a static mapping to 192.168.1.7. Hasn't gotten it working though. 

'That VDSL Cat'
8117 posts

Uber Geek
+1 received by user: 1694

Trusted
Spark
Subscriber

  Reply # 1111419 19-Aug-2014 17:00
One person supports this post
Send private message

What are you trying to use the HG659 for? it seems your overcomplicating your setup by throwing it into the mix.

It was never confirmed that these settings are 100%, but have you looked at this thread? http://www.geekzone.co.nz/forums.asp?forumid=40&topicid=143367
M
ight give you a bit of an idea what else needs an wack to get it all working.




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.




563 posts

Ultimate Geek
+1 received by user: 89


  Reply # 1111425 19-Aug-2014 17:06
Send private message

hio77: What are you trying to use the HG659 for? it seems your overcomplicating your setup by throwing it into the mix.

It was never confirmed that these settings are 100%, but have you looked at this thread? http://www.geekzone.co.nz/forums.asp?forumid=40&topicid=143367
M
ight give you a bit of an idea what else needs an wack to get it all working.


The HG659 is being used in bridge mode as a simple switch / wireless AP, it works fine with the other devices connected so don't think its causing any issues.

Yes had a look at that page, it seems on the AC66U it's just a matter of enabling IGMP Proxy / Snooping and it takes care of the rest however on pfSense the actual Upstream/Downstream ranges and Firewall rules need to specified individually.

5796 posts

Uber Geek
+1 received by user: 1731

Trusted

  Reply # 1111431 19-Aug-2014 17:14
Send private message

Running that PFSense firewall in the way will have a huge impairment. It wouldn't surprise me if it is also dropping the streams from our servers.
Ill Pm you something to try on a PC to see if Multicast is working.




Steam: Coil (Same photos as profile here)
Origin: Scranax
Currently playing on PC: Rust, Subnautica, CS:GO, AOE2 HD, BeamNG Drive, BF1.


121 posts

Master Geek
+1 received by user: 30


  Reply # 1111432 19-Aug-2014 17:15
Send private message

You're right the HG659 running in bridge mode would effectively stop any sort of IGMP proxy role it would be performing (its WAN interface would be down).

Yes it is definitely a supported configuration to have the STB on the same LAN as your clients, basically pfsense (or the HG659 for other VF users) is acting as a multicast client to Vodafone, sending 'join requests' in order to request the TV stream (on the WAN side).

On the LAN side it should be receiving multicast join requests from the STB and registering the client as a multicast group member.

Your logs are showing that pfsense is actually sending an IGMP join out the em0 interface (I'm assuming that's your WAN), so it is half working.

If you can't get the DHCP reservation working, I'd statically the the IP address on the STB for now and make sure you know what its address is, restart the STB and post the logs that follow :)

121 posts

Master Geek
+1 received by user: 30


  Reply # 1111446 19-Aug-2014 17:18
One person supports this post
Send private message

TimA: Running that PFSense firewall in the way will have a huge impairment. It wouldn't surprise me if it is also dropping the streams from our servers.
Ill Pm you something to try on a PC to see if Multicast is working.


What impairment are you referring to?

IGMP is IGMP (standards based) and should not depend on platform or OS.

5796 posts

Uber Geek
+1 received by user: 1731

Trusted

  Reply # 1111448 19-Aug-2014 17:21
Send private message

chrispchikin:
TimA: Running that PFSense firewall in the way will have a huge impairment. It wouldn't surprise me if it is also dropping the streams from our servers.
Ill Pm you something to try on a PC to see if Multicast is working.


What impairment are you referring to?

IGMP is IGMP (standards based) and should not depend on platform or OS.


I cant comment too far on how the service is delivered. I have seen firewalls stand in its way. Zollymonsta is in more of a position to speak than i am if he is able to..




Steam: Coil (Same photos as profile here)
Origin: Scranax
Currently playing on PC: Rust, Subnautica, CS:GO, AOE2 HD, BeamNG Drive, BF1.


121 posts

Master Geek
+1 received by user: 30


  Reply # 1111457 19-Aug-2014 17:31
Send private message

TimA:
chrispchikin:
TimA: Running that PFSense firewall in the way will have a huge impairment. It wouldn't surprise me if it is also dropping the streams from our servers.
Ill Pm you something to try on a PC to see if Multicast is working.


What impairment are you referring to?

IGMP is IGMP (standards based) and should not depend on platform or OS.


I cant comment too far on how the service is delivered. I have seen firewalls stand in its way. Zollymonsta is in more of a position to speak than i am if he is able to..


Having 'a firewall' sitting as a proxy in front of a multicast client generally speaking shouldn't cause any more issues that using the stock HG659.

In fact, pfsense would do a far better job.



Kenkeniff - can you try changing your multicast config from the US ISP network to the below?

 

 

 

118.92.0.0/15 

(AS7657 VODAFONE-NZ-NGN-AS Vodafone NZ Ltd.,NZ (registered Nov 11, 1997))

 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ... | 13
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Hawaiki Transpacific cable ready-for-service
Posted 20-Jul-2018 11:29


Microsoft Dynamics 365 Business Central launches
Posted 10-Jul-2018 10:40


Spark completes first milestone in voice platform upgrade
Posted 10-Jul-2018 09:36


Microsoft ices heated developers
Posted 6-Jul-2018 20:16


PB Technologies charged for its extended warranties and warned for bait advertising
Posted 3-Jul-2018 15:45


Almost 20,000 people claim credits from Spark
Posted 29-Jun-2018 10:40


Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04


N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.