Hello,
- My fiber network ISP (Movistar Spain) uses VID 6 for Internet and VID 2 for IPTV, and VID 3 for VOIP (but I do not care about it)
- I have an Asus AX88U router which has an hardware limitation with IGMP proxy and VLAN usage for IPTV at the same time. https://www.snbforums.com/threads/d...roxy-cannot-co-exist-with-iptv-function.59839
So I bought the Netgear GS105Ev2 as mentioned in this comment by @miroco https://www.snbforums.com/threads/d...o-exist-with-iptv-function.59839/#post-524386 in order to enable IGMP snooping and proxy on my AX88U, leveraging the VLAN untagging to the GS105Ev2
So here I am asking questions in order to make this work, I am quite a newbie in networking, I need to understand better how to make this work
Previous setup that works
- the ISP router is managing the VID 6 and VID 2
- AX88U (router mode) has IGMP snooping enabled so I can watch the TV remotely over WIFI, that works wonderfully
What I want to achieve
I want to replace the ISP router, basically
The VLAN untagging is done by the GS105Ev2, I successfully setup WAN PPOE on the AX88U and using Internet correctly.
What I miss now is how to make the IPTV work without using VLAN
I think that this should be possible using bridge on eth1/LAN4 using some commands found here https://wu.renjie.im/blog/network/ax88u-vlan/
My beginning of attempt to do that... But I am seriously lacking network knowledge:
What I miss are surely the routes and the iptables rules.
I extracted from the "Movistar Triple VLAN"profile in LAN > IPTV those routes:
On the above the 172.* routes are dynamically created somehow, but I can't find which script/process created it
github.com
It looks like the WAN IP is static but also using DHCP, how can I do that too in my scripts? ifconfig dhcp does not work....
I tried udhcpc but that does not seem to work
Relevant part of iptables-save
Summary
1. The TV box need to access to internet AND the IPTV at the same time otherwise on-demand content cannot be viewed
2. How do I get the dynamic routes 172.* ? Through dhcp?
3. What am I missing here?
Thank you for anybody who could help me with that.
- My fiber network ISP (Movistar Spain) uses VID 6 for Internet and VID 2 for IPTV, and VID 3 for VOIP (but I do not care about it)
- I have an Asus AX88U router which has an hardware limitation with IGMP proxy and VLAN usage for IPTV at the same time. https://www.snbforums.com/threads/d...roxy-cannot-co-exist-with-iptv-function.59839
So I bought the Netgear GS105Ev2 as mentioned in this comment by @miroco https://www.snbforums.com/threads/d...o-exist-with-iptv-function.59839/#post-524386 in order to enable IGMP snooping and proxy on my AX88U, leveraging the VLAN untagging to the GS105Ev2
So here I am asking questions in order to make this work, I am quite a newbie in networking, I need to understand better how to make this work
Previous setup that works
- the ISP router is managing the VID 6 and VID 2
- AX88U (router mode) has IGMP snooping enabled so I can watch the TV remotely over WIFI, that works wonderfully
What I want to achieve
I want to replace the ISP router, basically
The VLAN untagging is done by the GS105Ev2, I successfully setup WAN PPOE on the AX88U and using Internet correctly.
What I miss now is how to make the IPTV work without using VLAN
I think that this should be possible using bridge on eth1/LAN4 using some commands found here https://wu.renjie.im/blog/network/ax88u-vlan/
My beginning of attempt to do that... But I am seriously lacking network knowledge:
Bash:
brctl delif br0 eth1
brctl addbr br2
brctl addif br2 eth1
ifconfig br2 $PUBLIC_IP netmask $PUBLIC_NETMASKWhat I miss are surely the routes and the iptables rules.
I extracted from the "Movistar Triple VLAN"profile in LAN > IPTV those routes:
Code:
# route -e
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default 192.168.144.1 0.0.0.0 UG 0 0 0 ppp0
10.128.0.0 * 255.128.0.0 U 0 0 0 vlan2
$DNS1 192.168.144.1 255.255.255.255 UGH 0 0 0 ppp0
$DNS2 192.168.144.1 255.255.255.255 UGH 0 0 0 ppp0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
169.254.0.0 * 255.255.0.0 U 0 0 0 vlan6
172.23.96.0 10.128.0.1 255.255.248.0 UG 0 0 0 vlan2
172.26.22.0 10.128.0.1 255.255.255.192 UG 0 0 0 vlan2
172.26.23.0 10.128.0.1 255.255.255.224 UG 0 0 0 vlan2
172.26.80.0 10.128.0.1 255.255.248.0 UG 0 0 0 vlan2
192.168.50.0 * 255.255.255.0 U 0 0 0 br0
192.168.144.1 * 255.255.255.255 UH 0 0 0 ppp0
239.0.0.0 * 255.0.0.0 U 0 0 0 br0On the above the 172.* routes are dynamically created somehow, but I can't find which script/process created it
asuswrt-merlin.ng/release/src/router/www/Advanced_IPTV_Content.asp at 6b60627c8c9c5c0271e956c914afb5277f81f9c4 · RMerl/asuswrt-merlin.ng
Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng
github.com
I tried udhcpc but that does not seem to work
Code:
# udhcpc -i br2
udhcpc: sending discover
udhcpc: sending discover
udhcpc: sending discover
udhcpc: sending discover
Code:
# ifconfig vlan2
vlan2 Link encap:Ethernet HWaddr FC:34:97:84:94:81
inet addr: $PUBLIC_IP Bcast:10.255.255.255 Mask:255.128.0.0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:190 errors:0 dropped:0 overruns:0 frame:0
TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:18620 (18.1 KiB) TX bytes:1508 (1.4 KiB)Relevant part of iptables-save
Code:
# iptable-save
.... 8< ... snip
-A INPUT -d 224.0.0.0/4 -p igmp -j ACCEPT
-A INPUT -d 224.0.0.0/4 -p udp -m udp ! --dport 1900 -j ACCEPT
-A INPUT -s 10.0.0.0/8 -i ppp0 -j DROP
-A INPUT -s 172.16.0.0/255.255.15.0 -i ppp0 -j DROP
-A INPUT -s 172.16.0.0/255.255.15.0 -i vlan2 -j ACCEPT
-A INPUT -p udp -m udp --dport 520 -j ACCEPT
-A INPUT -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A INPUT -p icmp -j INPUT_ICMP
-A INPUT -j logdrop
-A FORWARD -d 224.0.0.0/4 -p udp -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD ! -i br0 -o ppp0 -j other2wan
-A FORWARD ! -i br0 -o vlan6 -j other2wan
-A FORWARD ! -i br0 -o vlan2 -j other2wan
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -m state --state INVALID -j logdrop
-A FORWARD -i br0 -j ACCEPT
-A FORWARD -m conntrack --ctstate DNAT -j ACCEPT
-A FORWARD -m state --state NEW -j OVPN
-A FORWARD -i br+ -p tcp -m tcp --dport 853 -j DNSFILTER_DOT
-A FORWARD -j logdrop
-A OUTPUT -p udp -m udp --dport 53 -m u32 --u32 "0x0>>0x16&0x3c@0x8>>0xf&0x1=0x0" -j OUTPUT_DNS
-A OUTPUT -p tcp -m tcp --dport 53 -m u32 --u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x8>>0xf&0x1=0x0" -j OUTPUT_DNS
-A OUTPUT -j OUTPUT_IP
-A DNSFILTER_DOT ! -d 192.168.50.1/32 -j REJECT --reject-with icmp-port-unreachable
-A INPUT_ICMP -p icmp -m icmp --icmp-type 8 -j RETURN
-A INPUT_ICMP -p icmp -m icmp --icmp-type 13 -j RETURN
-A INPUT_ICMP -p icmp -j ACCEPT
-A INPUT_PING -i ppp0 -p icmp -j logdrop
-A INPUT_PING -i vlan2 -p icmp -j logdropSummary
1. The TV box need to access to internet AND the IPTV at the same time otherwise on-demand content cannot be viewed
2. How do I get the dynamic routes 172.* ? Through dhcp?
3. What am I missing here?
Thank you for anybody who could help me with that.
