I have substituted the Zyxel home gate way from my isp with a Bubba|two server and router. I'm running NAT between eth0 and eth1 on the Bubba. I'm testing the isp's multicast iptv solution and have a set-top box from the isp. When running the zyxel in NAT mode there is no problems with the multicast, but the Bubba will not forward any multicast traffic at all. No IGMP v2 joins from devices at eth1 are going trough the Bubba towards eth0 and of course no multicast streams comming down from the isp to eth0. I've googled and it seems I have have to enable multicast on the interfaces and tell iptables to forward multicast. I have also added a route.
This is what I've done so far:
ifconfig eth0 multicast
ifconfig eth0 allmulti
ifconfig eth1 multicast
ifconfig eth1 allmulti
iptables -A INPUT -m addrtype --src-type MULTICAST -j ACCEPT
iptables -A FORWARD -m addrtype --src-type MULTICAST -j ACCEPT
route add -net 224.0.0.0 netmask 240.0.0.0 dev eth0
I guess I have to load a multicast module in the kernel and run some kind of multicast routing. Has anybody done anything like this? Any instructions about how to do this?
New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
Multicast forward?
Re: Multicast forward?
Hi.
I know this is an old thread, and reviving could seem a mistake, however this is the only thread that comes on the list with you search the forum for IGMP and this is exactly what I intended to write a post about, and why I don't start a new. I also think that this subject will have to come relevant in the future as I'm sure the faster the internet gets bandwith-wise, more tv will start being broadcasted thru igmp. My isp have started broadcasting of tv channels digitally.
About the first post:
The short answer to your problem is IGMPproxy. http://sourceforge.net/projects/igmpproxy/
One of the many opensource projects out there. You might want to know that this require you to compile it yourself. - but its very easy and this source has only few dependics.
The procedure is the same as alot of 'os' projects, make clean, ./configure, make, make install
The igmpproxy get installed at /usr/local/sbin and the conf is at /usr/local/etc - incase you didnt change it.
You need to add the debian repos, you can find a howto do that in the wiki.
igmpproxy.conf:
Shortly an example of the config of the igmpproxy, the config that follow the tar.gz has explainations of what the diffrent things mean. Basicly you just need to change the altnet ipadresses to whatever ip sends you the udp packets containing the iptv.
These can be found with tcpdump on your b3 (as root):for it to do so you would however need a igmp join packet to be sent to enable the multicast stream, and you may need to start out with a router with an igmpproxy enabled or a computer directly connected to the wan port.
If there is any questions about this just ask them in the thread and I will be more specific.
Might be nessecary to force an igmp version, Ive done this in my /etc/rc.local file
Show the current version (eth1):
Firewall, if you want the udp video/audio packets on your lan you need to forward the packets:
I always aim at letting as few packets as possible thru my firewall, however you can omit the source (-s) option.
This is the act of a paranoid man, to only let sources and destinations pass that you deside, however is the most secure setup, but it also mean you might have to open op more later or change the rules, if you deside to specify sources as well as you can't know if changes to servers is made by the isp.
Igmpproxy also need to get igmp replies from the multicast router, otherwise it will close the udp stream after 3 minuts.
You want to listen to the igmp packets with tcpdump to dertime the correct ipadresses. The destination is correct as it allow 224.0.0.0-224.0.1.255 to passthru. Its reserved traffic area for igmp.
Remeber to save your firewall settings when done, otherwise a reboot of the B3 will discard your rules.
Additionaly:
If you have a Set-top box that boots over the network from your isp, you can use dnsmasq, thats installed on the Bubba by default to specify the boot-ip.
If you need specific advise or something seems unclear or badly explained let me know.
I know this is an old thread, and reviving could seem a mistake, however this is the only thread that comes on the list with you search the forum for IGMP and this is exactly what I intended to write a post about, and why I don't start a new. I also think that this subject will have to come relevant in the future as I'm sure the faster the internet gets bandwith-wise, more tv will start being broadcasted thru igmp. My isp have started broadcasting of tv channels digitally.
About the first post:
These commands should not be nessecary as a linux box / kernel handle these switches as needed, I know I tried to adjust them on my B3 with no diffrence, I left the settings as found and my IPTV works as a charm.ifconfig eth0 multicast
ifconfig eth0 allmulti
ifconfig eth1 multicast
ifconfig eth1 allmulti
The short answer to your problem is IGMPproxy. http://sourceforge.net/projects/igmpproxy/
One of the many opensource projects out there. You might want to know that this require you to compile it yourself. - but its very easy and this source has only few dependics.
The procedure is the same as alot of 'os' projects, make clean, ./configure, make, make install
The igmpproxy get installed at /usr/local/sbin and the conf is at /usr/local/etc - incase you didnt change it.
You need to add the debian repos, you can find a howto do that in the wiki.
igmpproxy.conf:
Code: Select all
quickleave
phyint eth0 upstream ratelimit 0 threshold 1
altnet 10.0.0.0/8
altnet 192.168.0.0/24
phyint eth1 downstream ratelimit 0 threshold 1
These can be found with tcpdump on your b3 (as root):
Code: Select all
tcpdump -i eth0 -n udpIf there is any questions about this just ask them in the thread and I will be more specific.
Might be nessecary to force an igmp version, Ive done this in my /etc/rc.local file
Code: Select all
echo "2" > /proc/sys/net/ipv4/conf/eth0/force_igmp_version
echo "2" > /proc/sys/net/ipv4/conf/eth1/force_igmp_version
Code: Select all
cat /proc/sys/net/ipv4/conf/eth1/force_igmp_version
Code: Select all
sudo iptables -A FORWARD -p udp -m udp -s 192.168.0.0/24 -d 239.0.0.0/16 --dport 5001 -j ACCEPT
sudo iptables -A FORWARD -p udp -m udp -s 10.0.0.0/8 -d 239.0.0.0/16 --dport 5001 -j ACCEPT
Code: Select all
sudo iptables -A FORWARD -p udp -m udp -d 239.0.0.0/16 --dport 5001 -j ACCEPT
Igmpproxy also need to get igmp replies from the multicast router, otherwise it will close the udp stream after 3 minuts.
Code: Select all
iptables -A INPUT -s 172.16.0.0/32 -d 224.0.0.0/23 -p igmp -j ACCEPT
Remeber to save your firewall settings when done, otherwise a reboot of the B3 will discard your rules.
Code: Select all
/etc/init.d/bubba-firewall restartIf you have a Set-top box that boots over the network from your isp, you can use dnsmasq, thats installed on the Bubba by default to specify the boot-ip.
If you need specific advise or something seems unclear or badly explained let me know.
Re: Multicast forward?
Sorry for again ressurecting this thread, but it is the only relevant one here I could find.
I am trying to make multicast forwarding work with by B2.
I was able to get igmpproxy to work (basically in the same way as the poster above) and it works fine provided I do not want to use WIFI. The moment I turn it on and start watching TV on my LAN connected PC, the wireless goes completely down. Apparently igmpproxy floods wlan with multicast packets which drops connection for all wlan connected clients.
I've read suggestions that unbridging wlan and lan may help, as well as using subnets, however I am a total noob when it comes to network configuration and fear to change these settings since I can easily make bubba inaccessible if I screw something up. If you have any suggestions here, please do share.
I also tried using udpxy (for some reason the forum won't allow me to post a link to it, but you can find it on Sourceforge) which should help with the multicast flooding, since it transforms multicasts into unicast streams and serves only the individual clients. I was able to compile and run it, but it does not work for me. Even if I temporarily turn off firewall, I get the following problem if I run it as listening for multicast on eth0 and relaying the stream to br0 (the problematic part is the EOF near the end of the log):
It would seem that udpxy has some issue reading multicast data from the eth0, but I have no idea why.
Any ideas what could be wrong?
Did anyone here successfully get multicast forwarding working with B2 including WIFI?
Thanks!
I am trying to make multicast forwarding work with by B2.
I was able to get igmpproxy to work (basically in the same way as the poster above) and it works fine provided I do not want to use WIFI. The moment I turn it on and start watching TV on my LAN connected PC, the wireless goes completely down. Apparently igmpproxy floods wlan with multicast packets which drops connection for all wlan connected clients.
I've read suggestions that unbridging wlan and lan may help, as well as using subnets, however I am a total noob when it comes to network configuration and fear to change these settings since I can easily make bubba inaccessible if I screw something up. If you have any suggestions here, please do share.
I also tried using udpxy (for some reason the forum won't allow me to post a link to it, but you can find it on Sourceforge) which should help with the multicast flooding, since it transforms multicasts into unicast streams and serves only the individual clients. I was able to compile and run it, but it does not work for me. Even if I temporarily turn off firewall, I get the following problem if I run it as listening for multicast on eth0 and relaying the stream to br0 (the problematic part is the EOF near the end of the log):
Code: Select all
bubba:/home/annun/udpxy# ./udpxy -vT -a br0 -p 4022 -m eth0
2011-09-03 13:06:11.171060 CEST 8862 udpxy 1.0-Chipmunk (build 20) standard: ./udpxy -vT -a br0 -p 4022 -m eth0
2011-09-03 13:06:11.171712 CEST 8862 Starting server [8862]; capacity=[3] clients
2011-09-03 13:06:11.172380 CEST 8862 Setting up listener for [192.168.10.1:4022]
2011-09-03 13:06:11.172791 CEST 8862 Server socket=[7] is set up
2011-09-03 13:06:11.173023 CEST 8862 Entering server loop
2011-09-03 13:06:11.173231 CEST 8862 Server is waiting for input: socket=[7], pipe=[5]
2011-09-03 13:06:16.742444 CEST 8862 Accepted socket=[8]
2011-09-03 13:06:16.742926 CEST 8862 socket 8: RCV timeout set to 1 sec, 0 usec
2011-09-03 13:06:16.743169 CEST 8862 socket 8: SEND timeout set to 1 sec, 0 usec
2011-09-03 13:06:16.743394 CEST 8862 Reading command from socket [8]
2011-09-03 13:06:16.743798 CEST 8862 HTTP buffer [62 bytes] received
GET /udp/232.232.64.1:5004 HTTP/1.1
Host: 192.168.10.1:4022
2011-09-03 13:06:16.744131 CEST 8862 Request=[udp/232.232.64.1:5004], length=[21]
2011-09-03 13:06:16.744368 CEST 8862 Command [udp] with params [232.232.64.1:5004] read from socket=[8]
2011-09-03 13:06:16.744605 CEST 8862 udp_relay : new_socket=[8] param=[232.232.64.1:5004]
2011-09-03 13:06:16.747571 CEST 8862 Added client: pid=[8863], maddr=[232.232.64.1], mport=[5004], saddr=[192.168.10.74], sport=[61067]
2011-09-03 13:06:16.748329 CEST 8862 Closed accepted socket [8]
2011-09-03 13:06:16.748566 CEST 8862 Server is waiting for input: socket=[7], pipe=[5]
2011-09-03 13:06:16.748916 CEST 8862 Client process=[8863] started for socket=[8]
2011-09-03 13:06:16.749545 CEST 8863 min socket buffer = [65536], max space to use = [1500], Rmsgs = [1]
2011-09-03 13:06:16.749805 CEST 8863 Setting up multicast listener
2011-09-03 13:06:16.751074 CEST 8863 current receive buffer size is [112640] bytes for socket [5]
2011-09-03 13:06:16.751616 CEST 8863 multicast-group [ADD]
2011-09-03 13:06:16.751853 CEST 8863 Mcast listener socket=[5] set up
2011-09-03 13:06:16.752240 CEST 8863 min socket buffer = [65536], max space to use = [1500], Rmsgs = [1]
2011-09-03 13:06:16.752511 CEST 8863 Data buffer will hold up to [1] messages
2011-09-03 13:06:16.752746 CEST 8863 UDP stream, RTP check enabled
2011-09-03 13:06:16.753049 CEST 8863 socket 5: RCV timeout set to 5 sec, 0 usec
2011-09-03 13:06:16.753281 CEST 8863 socket 5: SEND timeout set to 5 sec, 0 usec
2011-09-03 13:06:16.753509 CEST 8863 current send buffer size is [16384] bytes for socket [8]
2011-09-03 13:06:16.753735 CEST 8863 current receive buffer size is [112640] bytes for socket [5]
2011-09-03 13:06:16.754992 CEST 8863 send buffer size set to [112640] bytes for socket [8]
2011-09-03 13:06:16.755514 CEST 8863 Sent HTTP response code=[200], reason=[OK] to socket=[8]
HTTP/1.1 200 OK
Content-Type:application/octet-stream
2011-09-03 13:06:16.755943 CEST 8863 Relaying traffic from socket[5] to socket[8], buffer size=[2048], Rmsgs=[1], pauses=[0]
2011-09-03 13:06:21.754665 CEST 8863 read_buf: read: Resource temporarily unavailable
2011-09-03 13:06:21.755259 CEST 8863 read_data - EOF
2011-09-03 13:06:21.755485 CEST 8863 Exited relay loop: received=[-1], sent=[0], quit=[0]
2011-09-03 13:06:21.756286 CEST 8863 multicast-group [DROP]
2011-09-03 13:06:21.757662 CEST 8863 Mcast listener socket=[5] closed
2011-09-03 13:06:21.759153 CEST 8863 Child process=[8863] exits with rc=[0]
2011-09-03 13:06:21.759967 CEST 8862 *** Caught SIGCHLD in process=[8862] ***
2011-09-03 13:06:21.760354 CEST 8862 Client [8863] has exited.
2011-09-03 13:06:21.760760 CEST 8862 Deleted client: pid=[8863]
Any ideas what could be wrong?
Did anyone here successfully get multicast forwarding working with B2 including WIFI?
Thanks!
Last edited by annun on 04 Sep 2011, 14:54, edited 1 time in total.
Re: Multicast forward?
Hi
This is also a problem with other routers, especially people running dd-wrt, open-wrt and other opensource firmware on their respective routers. You are right on the multicast traffic spamming your wireless network jamming it up making it completely useless.
I have a b3 with wireless, but currently I do not use it for the same reason, I knew it to be a problem and did at the time not have the correct solution to make it work. I already knew that the br0 making a bridge between eth1 and wlan0 was bad carma.
Currently I have the b3 eth0 at my wan connection and the eth1 on my lan and the wireless disabled, but after the b3 I have a 8 port managed switch with igmp snooping enabled, making only the ports that request igmp traffic receive the multicast stream. And I have another AP that runs my wireless connected to one of the ports.
However yesterday a friend of mine pointed me to what I think might be the most promising solution I have seen. The problem with the bridge is that all the traffic remains in layer2 and iptables does not take effect until you are at layer3 making it impossible to drop or filter the packets with iptables.
Details about the routing problem is explained on this forum: https://forum.openwrt.org/viewtopic.php?id=23130
The last post holds the answer to the problem. http://ebtables.sourceforge.net/
Installing the ebtables on the bubba should not be a major problem, tho its required to download the source and compile it yourself, or it might be available thru the repos but when it is installed you should run the command shown in the openwrt forum:
Few problems related to this could be that your kernel / the std B2 kernel is not a 2.6 kernel of which I do not know if it is, I know that it is on the B3.
I hope this will help you but I would not wait to post this, because it might be a while before I implement it myself and again as my B3 setup can't foresee what you might run into of problems. I will offer to help you to the best of my abilities.
I know that investing in new hardware is a bummer when having a cool piece of hardware like the Bubba, but if you get stuck and have a ap just lying around consider getting a managed switch if you can't get the ebtables working. This will at least give you a working setup as the last resort.
This is also a problem with other routers, especially people running dd-wrt, open-wrt and other opensource firmware on their respective routers. You are right on the multicast traffic spamming your wireless network jamming it up making it completely useless.
I have a b3 with wireless, but currently I do not use it for the same reason, I knew it to be a problem and did at the time not have the correct solution to make it work. I already knew that the br0 making a bridge between eth1 and wlan0 was bad carma.
Currently I have the b3 eth0 at my wan connection and the eth1 on my lan and the wireless disabled, but after the b3 I have a 8 port managed switch with igmp snooping enabled, making only the ports that request igmp traffic receive the multicast stream. And I have another AP that runs my wireless connected to one of the ports.
However yesterday a friend of mine pointed me to what I think might be the most promising solution I have seen. The problem with the bridge is that all the traffic remains in layer2 and iptables does not take effect until you are at layer3 making it impossible to drop or filter the packets with iptables.
Details about the routing problem is explained on this forum: https://forum.openwrt.org/viewtopic.php?id=23130
The last post holds the answer to the problem. http://ebtables.sourceforge.net/
Code: Select all
The ebtables program is a filtering tool for a Linux-based bridging firewall. It enables transparent filtering of network traffic passing through a Linux bridge. The filtering possibilities are limited to link layer filtering and some basic filtering on higher network layers. Advanced logging, MAC DNAT/SNAT and brouter facilities are also included.
The ebtables tool can be combined with the other Linux filtering tools (iptables, ip6tables and arptables) to make a bridging firewall that is also capable of filtering these higher network layers. This is enabled through the bridge-netfilter architecture which is a part of the standard Linux kernel.Code: Select all
ebtables -A FORWARD -o wlan0 -d Multicast -j DROPI hope this will help you but I would not wait to post this, because it might be a while before I implement it myself and again as my B3 setup can't foresee what you might run into of problems. I will offer to help you to the best of my abilities.
I know that investing in new hardware is a bummer when having a cool piece of hardware like the Bubba, but if you get stuck and have a ap just lying around consider getting a managed switch if you can't get the ebtables working. This will at least give you a working setup as the last resort.
Re: Multicast forward?
Hi sortsnak,
thanks for the heads up about the ebtables, I was not aware of that!
I was actually able to install it from the debian etch repository, so no compiling was necessary. Unfortunately I am now away from home and cannot fully test if it works or not.
I will perform a few tests after I get back home later this week and let you know if it helped.
I am carefully optimistic.
thanks for the heads up about the ebtables, I was not aware of that!
I was actually able to install it from the debian etch repository, so no compiling was necessary. Unfortunately I am now away from home and cannot fully test if it works or not.
I will perform a few tests after I get back home later this week and let you know if it helped.
I am carefully optimistic.
Re: Multicast forward?
Well, it seems I was optimistic a little too soon.
Even though ebtables were installed, the kernel does not support them (the message just says "The kernel doesn't support the ebtables filter table.").
uname -r does return 2.6.32.13, which should be fine and supported, but something is missing.
I also ran lsmod to check if the ebtables kernel modules are loaded and apparently they are not. I tried loading them with modprobe (modprobe ebtables), but that just reported tha no such module exists.
I don't feel confident enough to compile my own kernel (do not even know where I would start), I think I am slowly running out of options.
Even though ebtables were installed, the kernel does not support them (the message just says "The kernel doesn't support the ebtables filter table.").
uname -r does return 2.6.32.13, which should be fine and supported, but something is missing.
I also ran lsmod to check if the ebtables kernel modules are loaded and apparently they are not. I tried loading them with modprobe (modprobe ebtables), but that just reported tha no such module exists.
I don't feel confident enough to compile my own kernel (do not even know where I would start), I think I am slowly running out of options.