Netgate SG-1000 microFirewall

Author Topic: IGMP stops working after 4 minutes  (Read 159 times)

0 Members and 1 Guest are viewing this topic.

Offline ibm_new

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-1
    • View Profile
IGMP stops working after 4 minutes
« on: November 15, 2017, 06:39:28 am »
HI,

I was wondering if someone could help out since I have tried almost everything to solve my igmp issue. Maybe it is something else but my guess is that it is the IGMP proxy because when I restart it, everything works fine again for 4 minutes and 30 seconds.

So the problem is the following:

I do have 3 network interfaces configured in PfSense 2.4.1

WAN --> VMX0 --> 86.87.224.29
LAN  --> VMX1 --> 192.168.10.1
IPTV --> VMX2 --> 10.144.164.131

The internet connection just works fine. Also Netflix streams without any problem.

For IPTV to get working i have configured the IGMP proxy with

TV   upstream   192.168.10.0/24, 10.0.0.0/8, 213.0.0.0/8, 224.0.0.0/4, 213.75.167.0/24
LAN  downstream   192.168.10.0/24

If put in 192.168.10.0 in upstream because I had error messages on the IGMP proxy and the internal lan IP's. This solved the issue. 213x 224x and 231x.x.x. was just for testing purpose but didn't solve the problem.

My Ruls are:

On IPTV

IPv4 UDP   213.75.167.0/24   *   224.0.0.0/4   *   *   none                                 <-- seems to be the only rule generating traffic             
IPv4 UDP   213.75.167.0/24   *   224.0.0.0/4   6543   *   none       IGMP IPTV      
IPv4 UDP   213.75.167.0/24   *   225.0.0.0/4   6543   *   none       IGMP IPTV      
IPv4 UDP   213.75.167.0/24   *   239.0.0.0/4   6543   *   none       IGMP IPTV      
IPv4 UDP   213.75.167.0/24   *   239.0.0.0/4   2000   *   none       IGMP IPTV      
IPv4 UDP   213.75.167.0/24   *   225.0.0.0/4   2000   *   none       IGMP IPTV      
IPv4 UDP   213.75.167.0/24   *   224.0.0.0/4   2000   *   none       IGMP IPTV      
IPv4 UDP   213.75.167.0/24   *   224.0.0.0/4   5802   *   none       IGMP IPTV      
IPv4 UDP   213.75.167.0/24   *   225.0.0.0/4   5802   *   none       IGMP IPTV      
IPv4 UDP   213.75.167.0/24   *   239.0.0.0/4   5802   *   none       IGMP IPTV      
IPv4 IGMP   *   *   239.0.0.0/4   *   *   none       IGMP IPTV      
IPv4 IGMP   *   *   225.0.0.0/4   *   *   none       IGMP IPTV      
IPv4 IGMP   *   *   224.0.0.0/4   *   *   none       IGMP IPTV      

On LAN

IPv4 *   LAN net   *   *   *   *   none       Default allow LAN to any rule      
IPv6 *   LAN net   *   *   *   *   none       Default allow LAN IPv6 to any rule   

On WAN

IPv4 UDP   *   *   224.0.0.0/4   *   *   none             
IPv4 *   *   *   *   *   *   none       All allowed known IP addresses          

Note that on all rules the setting "Allow packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic." is selected.

My TV adapter settings are with the settings:

dhcp-class-identifier "IPTV_RG"
and
dhcp-class-identifier "IPTV_RG"
Reversed Networks are both off.

I have tried everything to get the stream going but somehow the stream disconnects at 4:30 or 4:20 minutes. Sometimes it comes up again after 5 seconds but most of the time the stream stops and I have to restart IGMP proxy.

When I do sap channels on the box within the 4:30 the stream keeps going. So somehow there is a timer in which an invitation takes place but isn't working.

Has someone any idea what is going on? I have spend hours and hours on that but cannot see any trees in the woods anymore!

Note that I have tested and switch off and on IGMP Snooping on all switches in the network without any effect.

Any help is overmuch appreciated. If I have choose the wrong topic, please take my apologies for that.

Best regards,

Chris
« Last Edit: November 15, 2017, 06:59:47 am by ibm_new »

Offline Rai80

  • Newbie
  • *
  • Posts: 8
  • Karma: +1/-0
    • View Profile
Re: IGMP stops working after 4 minutes
« Reply #1 on: November 27, 2017, 09:22:14 am »
I use almost same config. I guess you use KPN or XS4ALL?

For upstream networks in IGMPProxy only use:    213.75.0.0/16, 10.196.0.0/16 or 10.0.0.0/8
Do not include the 192.168.x.x (Lan IP range).

For Firewall rules you need to enable:

On IPTV WAN interface:
IPv4 UDP   *   *   224.0.0.0/4   *   *   none        UDP Multicast stream from any to 224.0.0.0/4
IPv4 IGMP   *   *   *   *   *   none       IGMP IPTV allow all     [Also enable advanced IP options on this one]

*Remove the other rules

On LAN interface:
IPv4 *   LAN net   *   *   *   *   none       Default allow LAN to any rule     [Enable advanced IP options on this one]     
IPv6 *   LAN net   *   *   *   *   none       Default allow LAN IPv6 to any rule