I can no longer edit my post on the previous page and I wanted to post the working config here with the correction including DNS forwarding listening on eth4....
ER-X Ports:
Eth0 - This is your WAN Port, connect this directly to the ONT
Eth1 - Switch Port (192.168.84.0/24)
Eth2 - Switch Port (192.168.84.0/24)
Eth3 - Switch Port (192.168.84.0/24)
Eth4 - Dedicated IPTV Port, connect IPTV directly to this (192.168.85.0/24)
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 21 {
action accept
description Allow_WAN-Port_Ping
destination {
group {
address-group ADDRv4_pppoe0
}
}
log disable
protocol icmp
}
}
options {
mss-clamp {
interface-type pppoe
mss 1452
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.255.1/24
description WAN
duplex auto
pppoe 0 {
default-route force
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mtu 1492
name-server auto
password BT
user-id bthomehub@btbroadband.com
}
speed auto
}
ethernet eth1 {
duplex auto
speed auto
}
ethernet eth2 {
duplex auto
speed auto
}
ethernet eth3 {
duplex auto
speed auto
}
ethernet eth4 {
address 192.168.85.1/24
description IPTV
duplex auto
poe {
output off
}
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.84.1/24
description "Default LAN (eth1-eth3)"
mtu 1500
switch-port {
interface eth1 {
}
interface eth2 {
}
interface eth3 {
}
vlan-aware disable
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface switch0
wan-interface pppoe0
}
protocols {
igmp-proxy {
interface eth0 {
alt-subnet 0.0.0.0/0
role upstream
threshold 1
}
interface eth4 {
alt-subnet 0.0.0.0/0
role downstream
threshold 1
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name IPTV {
authoritative disable
subnet 192.168.85.0/24 {
default-router 192.168.85.1
dns-server 192.168.84.1
lease 86400
start 192.168.85.10 {
stop 192.168.85.20
}
}
}
shared-network-name LAN {
authoritative enable
subnet 192.168.84.0/24 {
default-router 192.168.84.1
dns-server 192.168.84.1
lease 86400
start 192.168.84.10 {
stop 192.168.84.243
}
static-mapping Naylor_Config-Laptop {
ip-address 192.168.84.232
mac-address redacted
}
}
}
static-arp disable
use-dnsmasq disable
}
dns {
forwarding {
cache-size 150
listen-on switch0
listen-on eth4
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
mdns {
repeater {
interface switch0
interface eth4
}
}
nat {
rule 5010 {
outbound-interface pppoe0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
unms {
disable
}
upnp {
}
}
system {
analytics-handler {
send-analytics-report false
}
crash-handler {
send-crash-report false
}
host-name djayyy-ERX
login {
user djayyy {
authentication {
encrypted-password redacted
plaintext-password ""
}
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat enable
ipsec enable
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/London
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@5:ubnt-l2tp@1:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@2:ubnt-util@1:vrrp@1:vyatta-netflow@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v2.0.9-hotfix.7.5622731.230615.0857 */
Just an update to this, I raised a support ticket with Ubiquiti and after several days of trying to resolve the issue they have responded with the following, see below. Thanks to all who tried to help with this but it appears that you cannot use EETV BT In the UK with the Ultra Cloud Gateway unfortunately. Back to the ISP supplied router for now. Thanks again!
Thankyou especially to @naylor2006 who provided a working solution using his ER-X router, he is a credit to this community for the help he has provided!!
UI Support (Ubiquiti Help Center)
Aug 2, 2024, 11:27 MDT
Hello David,
Thank you for your patience on this case.
The current setup won't work if the IPTV content is provided over PPPoE by the ISP because NET (network application) doesn't allow using the underlying physical interface when WAN is PPPoE.
We regret not being able to fully resolve your issue, but based on our correspondence, we've determined there is no further action that can be taken. Thank you for your feedback and support of our products.
Best,
UI Support
Ubiquiti Inc.
Hi @djayyy
Looks like Ubiquiti have confirmed what has been suspected all along, The Cloud Gateway Ultra is trying to setup a Proxy from the PPPOE interface because it doesnt know any different. If your ISP was giving you an IP via DHCP, like Virgin for example....then the IP address lives on the actual parent WAN interface. With PPPOE you have an additional, almost 'floating', interface ontop of the parent WAN and your IP is collected there.
You can see this on the ER-X I sent, the traffic against the PPPOE interface is very low, the actual internet traffic is all coming via eth0...as is also the Multicast TV packets, so we need the proxy to pickup from eth0 and not PPPOE0. In fact load up the GUI on the ER-X and turn the TV on, you will see 20Mbps or so (standard channel) coming in the eth0 and going out eth4 to the tele.
If we take a look at how PPPOE is configured on the ER-X you can see that each time we are defining PPPOE properties we are linking those with eth0 the parent physical interface.
set interfaces ethernet eth0 pppoe 0 default-route force
set interfaces ethernet eth0 pppoe 0 mtu 1492
set interfaces ethernet eth0 pppoe 0 password <pwd>
set interfaces ethernet eth0 pppoe 0 user-id <yourid>
set service nat rule 5010 type masquerade
set service nat rule 5010 outbound-interface pppoe0
set interfaces ethernet eth0 pppoe 0 firewall in name WAN_IN
set interfaces ethernet eth0 pppoe 0 firewall local name WAN_LOCAL
set firewall options mss-clamp interface-type pppoe
set firewall options mss-clamp mss 1452
set port-forward wan-interface pppoe0
Even if we setup the IGMP Proxy to use eth0 and send to eth4 we still have an issue out of the box, it solves the PPPOE issue, where the Multicast packets arent being received they but it leaves us with a secondary issue. The IGMP Proxy needs an IP address on the upstream interface eth0, but your external IP is on PPPOE0 where the proxy will not work. This is why I configured the eth0 to have an IP of 192.168.255.1, one I/we will never use but it allows the IGMP Proxy to latch on to the parent WAN interface, pickup the Multicast Packets and punt them over to your chosen interface where the IPTV will be hooked up to, I configured your router to have eth4 whilst also placing it on a different subnet to help isolate Multicast packets from flooding the rest of your network where they are not needed.
I am super happy it works, the thing about the ER-X is that you can just code in what you want to the Debian based OS, with the Cloud Gateways you are mostly setting everything up via the controller and a GUI, GUI's are often rigid and when you are switching on the Proxy its just turning on in one way, and that way might not be supported by each persons setup. A proper CLI like on the ER-X you can just tell it the way it is....
I do find it slightly odd that there isnt a way of entering the CLI on the Cloud Gateway and just setting the Proxy against the parent WAN, I thought I saw people just putting the following in a json and sideloading it:
igmp-proxy {
interface eth0 {
alt-subnet 0.0.0.0/0
role upstream
threshold 1
}
interface eth4 {
alt-subnet 0.0.0.0/0
role downstream
threshold 1
}
}
Then all you would need to do is give eth0 an address which you can likely do through the controller.
Anyway, I have summarised all of this and posted over on their forums:
IGMP Proxy on Cloud Gateway Ultra not working due to ISP PPPOE Authentication | Ubiquiti Community
Can always chuck it onto Reddit Ubiquiti sub as well.
As your AP is already configured you can just plumb it into the ER-X now Ports 1-3, or if you connect your Unifi switch, then plus that into 1,2 or 3 and then you can run all your AP's off the switch as its POE. Problem you have now is that you dont have a controller, as much as you dont 'need' one they are so nice to have so you can use the Unifi app to configure AP's and so on. If you decide to keep the ER-X then you just need to get a controller in the mix via another method, IE install it on a PC and just use it when you need to or if you prefer to have one all the time you can install a CloudKeyGen2 or CloudKeyGen2+, the Unifi app still looks and works all the same, its just you cant configure your Router from there any more, this will be done via the ER-X gui or CLI.
You have my address in your PM but no rush to send back if you want to think about this or explore it a little more, also the option is there to keep it too.
I'm inclined to think that had you gone with a more established ( and much cheaper ) Asus in the first place you'd have been up and running with BT TV quite quickly.
Th only real complication might have been Asus's use of the192.168.50.nnn range instead of it's previously used 192.168.1.nnn range.
And Asus 's more recent devices support it's mesh system which appears to be quite straight forward to set up.
I've just bought the RT-AX5400 for £140 and that can be set as a router , access point or mesh device so in conjunction with another cheap Asus would give one full house coverage quite simply.
I must say that it's wifi is much stronger than that of my 9 yr old DSL-AC68U so I'm really pleased with it overall.
@TimCurtis As you know I went for an Asus router but it just wouldn't work, I guess the really annnoying thing is it is just random. Some seem to work and some dont.
When I saw the Ubiquiti gear it looked superb, the WIFI 7 AP was an attractive addition and i liked how you could grow the network adding new pieces as you went.
Whilst the CGU would not work @naylor2006 was kind enough to send me a preconfigured ER-X to test and this worked perfectly! I have also added on a POE+ switch and now have 2 EE IPTV boxes running off that switch. The Wifi 7 AP is also working from the ER-X, the only thing I dont have right now is the controller interface.
Once my contract finishes with EE I will move away and setup the UCG, but for now what @naylor2006 has done for me is working perfectly well! I can't thank him enough.
I really appreciate everyones help on this.
Really glad to hear it and all the time I spent in originally has finally paid off for someone else, just helping one person beyond myself is worth it.
Good news that both boxes are working from the switch, I did wonder about this if I could run multiple boxes off the single interface with a switch hooked up.
I assume you have the AP hooked up to eth 1,2 or 3 though using the injector still, I mean it probably will work on eth4 via the switch but itll be best on the other LAN via 1,2 or 3 otherwise there is some DNS forwarding to take place and potentially that AP will be getting a ton of multicast traffic it doesnt want. A cheap switch attached to eth4 should be able to serve the purpose of multiple boxes and then you can use the Unifi switch on the main LAN to power AP's.
If you want to make life simple for yourself get a CloudKey Gen2, but keep an eye out for a second hand one on ebay, thats where I got mine, 130 quid was a pretty good deal to be honest. The Cloud Gen2+ is still available new from Ubiquiti but its alot of money considering you wont use half the extra features it has, but you never know, you could end with a security system etc down the line that, but probably best keeping an eye out for the Gen2 (not +), its small and can be discreetly placed somewhere, supports POE also so your switch can power it.
I’ve had a similar issue today.
Took receipt of a new EETV boxes this morning after dropping Sky and I’ve opted for the Big Sport package. I could not get the Sport channels to work with my ZenWiFi XT9. They showed up when I swapped over to the EE hub but as soon as I plugged into the Asus I totally lost Sport channels.
I called EE customer service twice and they told me that the TV box has to use their own hub to be able to connect to the subscription services which annoyed the hell out of me.
So after a bit of digging, I found this https://www.asus.com/uk/support/faq/1011708/ article which I followed up to step 6 only and now the sport channels are appearing without issue.
No script, no port assignment or anything and it works.
Yeah the OP had already been through the document, was discussed on the earlier pages, I thought this would have fixed it but alas it did not.
Was shared and discussed on page 3.
From my own research, different ASUS routers with different builds, although sharing similar front ends just dont work the same as each other. May have been that the OP was just unlucky with the RT-BE88U.