Rubin Shrestha
Zend certified PHP/Magento developer
Rubin Shrestha
Blog

Configuring pfSense for IPTV delivered via separate VLAN on WAN link

by |Published

I am trying to set up pfSense as my primary Internet router, replacing the provider router.

Basic Internet connectivity works as it should: configure the external interface as a DHCP client, configure a DHCP server for the internal clients, configure NAT – all fine.

However, I would also like to use IPTV over the device. My ISP delivers IPTV using a separate VLAN on the WAN line. (Internet traffic uses the native VLAN, so no messing with VLANs required here.)

The ISP router is configured as follows:

  • A bridge whose members are the internal ports for connecting the IPTV receiver and termination of the IPTV VLAN on the WAN interface
  • The bridge has an IP address bound to it. It is a static RFC1918 address, with apparently no default gateway configured on that interface.
  • Furthermore, the device runs an IGMP proxy which has the bridge as its upstream interfaces and the LAN interfaces (even those not intended for IPTV) as downstream interfaces. Fast Leave is enabled, IGMP version 2 is forced on upstream and downstream, and multicast groups are skipped for one particular IP address. Though I do find it strange that upstream is configured to be the whole bridge, not just the VLAN interface – might have to do with the router supporting other uplink conections as well (I am on optical fiber with the ONT connected via Ethernet, apparently the device also supports ATM over Ethernet as well as ADSL).

What I have done in pfSense:

  • In Interfaces > VLANs, added a new interface (WANIPTV) with the WAN interface as its parent and the appropriate VLAN ID.
  • In Interfaces > Bridges, created a bridge with the WANIPTV interface and an otherwise unused physical interface as its members. The bridge is called BRIDGE0.
  • In Interfaces > Assignments, assigned BRIDGE0 as an interface of its own (IPTVBRIDGE) and enabled it, with no IP configuration.
  • In System > Advanced > Tunables, set net.link.bridge.pfil_member to 0 and net.link.bridge.pfil_bridge to 1. For net.link.bridge.pfil_onlyip I left the default of 0 in order to allow non-IP traffic through.
  • In Firewall > Rules, I added a pass rule for the IPTVBRIDGE interface, matching IPv4+IPv6, with everything else set to ANY.
  • In Services > IGMP Proxy, I have enabled IGMP, added IPTVBRIDGE as the upstream interface and the physical port for the receiver as downstream. I have no idea what I need to enter for Networks on the interfaces; I have just added 0.0.0.0/1 and 128.0.0.0/1 for both.

With these setting, I have been able to get a picture for a short period by running the receiver on the ISP router, then plugging the WAN cable and the IPTV receiver into my pfSense. After some time, though, the image froze, and when I rebooted the receiver, it reported that no network connection was available.

How can I find out what networks I have to configure for the IGMP proxy? Or is the issue somewhere else?

You may also like