cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
2,289 Views
Message 1 of 3

BT FTTP 900 & IPTV (EE TV Box Pro) - 3rd Party Router (ER-X) PPPOE and IGMP Proxy Config (Working)

Go to solution

I just want to let the mods know that I am not posting this to encourage people not to use the BT Homehub or equivalent shipped router from the ISP, 99% of the time using the ISP equipment is the best way to go, one, it will just work and two, technical support know what they are dealing with and its unfair to expect them to troubleshoot your own equipment.

With that said I do indeed have a setup at home which I use my own equipment for, I always have done from when I was with Virgin Media, put their Router in Modem Mode and hooked up my own router and away I went. I'm no expert but I wanted to provide a full write up of using the powerful little Ubiquity ER-X to help anyone else like me who was struggling to find the information they needed on Google, I had already got the general PPPOE internet working fine but wanted to get IPTV working also.

The same information applies generally but if no one ever finds this useful then no harm done and if one person does then happy days. This is a version of what I posted over on the Ubiquity forums.

The following starts with my existing Virgin Media Cable setup and transforms it to work with BT FTTP and then adds in support for the BT EE TV Box Pro in Internet Only Mode.

-----

So my existing config was basically this for the Virgin Media Cable: (I set this up using the GUI wizard when the ER-X was new)

ER-X on v2.0.9-hotfix.7
eth0 (WAN Interface using DHCP from Virgin ISP Modem)
Switch0 (eth1-eth4 192.168.84.1/24)
Single Local DHCP Server for 192.168.84.0/24

First of all if you are using an FTTP provider like BT and many other UK ISPs you will need to have a PPPOE Interface configured and attached to the parent physical interface, in my case I was using eth0. With the ER-X you can use the wizard for this if you are first starting it up from a factory reset however I was going from my old Cable Provider to FTTP. My Cable provider was a little more straight forward as the Cable Modem would allow me to set my WAN interface (eth0) to DHCP and it would just work without an authentication layer, at least on the ER-X anyway. My existing ER-X was setup for DHCP on the WAN using the wizard so I needed to first remove that config and add in PPPOE instead and to do that I issued the following commands. (I didnt want to factory reset)

configure

delete interfaces ethernet eth0 address
delete interfaces ethernet eth0 firewall
delete firewall ipv6-name WANv6_IN
delete firewall ipv6-name WANv6_LOCAL
delete service nat

set interfaces ethernet eth0 pppoe 0 default-route force
set interfaces ethernet eth0 pppoe 0 mtu 1492
set interfaces ethernet eth0 pppoe 0 password <pwd>
set interfaces ethernet eth0 pppoe 0 user-id <yourid>
set service nat rule 5010 type masquerade
set service nat rule 5010 outbound-interface pppoe0
set interfaces ethernet eth0 pppoe 0 firewall in name WAN_IN
set interfaces ethernet eth0 pppoe 0 firewall local name WAN_LOCAL
set firewall options mss-clamp interface-type pppoe
set firewall options mss-clamp mss 1452
set port-forward wan-interface pppoe0

commit
save
exit
reboot

This deleted the basic config I had before and replaced it with a PPPOE interface to talk to BT FTTP. It left it tact things like my port forwarding.

After a reboot the PPPOE interface picked up its IP and the default route appeared and that was it, internet worked great and the Edge Router wasnt restricting me on bandwidth at all, speed tests were showing the full 900Mbps. I had seen many posts where people were not seeing full speeds on the ER-X for some reason, but it was fine for me with the above, plus also as literally every single other guide says you need to do is to enable hw-offloading.

configure

set system offload hwnat enable
set system offload ipsec enable

commit
save
exit

This has been enabled on my ER-X since I first got it so I dont know what its like with out it, just all the guides were like, 'you must do this' otherwise the CPU gets bogged down.

Internet was working great but then came the delivery of my IPTV box (EE TV Box Pro) and being a newbie I wasnt aware that it wasnt more complicated then just plugging in an ethernet hook up to the router. Some Googling later I realised that live TV from ISP's is often provided as Multicast for efficiency and that an IGMP proxy could be utilised to grab these packets from the WAN and send them out over a given internal interface. Time to give that a stab, so I found this post:

IPTV/IGMP/Multicast Solution for Edgemax Router | Ubiquiti Community

Pretty much had everything I needed to going but it was 9 years old and using a much older OS. Other posts I had found also were mentioning how IGMP was broken in some releases so I wasnt sure what to expect as I couldnt find anything really current.

Configuring an IGMP Proxy is pretty straight forward and Ubiquity's own own page is all I needed:

EdgeRouter - IGMP Proxy – Ubiquiti Support and Help Center

I was already pondering a problem however, do I set the upstream to the PPPOE interface or parent interface eth0 and then as I have switch0 configured for all my other ports (eth1-eth4) so do I configure the downstream to go out via my switch and therefore my entire network?....that didnt seem ideal to me. 

Anyway, you need to set your upstream interface as the parent interface and not the PPPOE, after configuring my IGMP proxy to use eth0 and then out to switch0 the IGMP proxy would crash or at least not start with an error, after more googling I stumbled upon a post that mentioned the IGMP proxy interfaces must have IP addresses. When using PPPOE the IP is addressed there, it is not there on the parent WAN interface which in my case is eth0. Switch0 had an IP but eth0 did not. The post mentioned that to solve this issue is to just give the eth0 an IP address, doesn't really matter what it is but just ensure it is not an IP that is going to get used elsewhere.

configure

set interfaces ethernet eth0 address 192.168.255.1/24

commit
save
exit

 

Once my eth0 had an address the IGMP proxy then worked however however I wasnt a huge fan that I was directing everything to switch0 (my entire network), I have one IPTV box within a short distance of the ER-X so I decided on another solution. That was to remove eth4 from switch0 and give it its own LAN, so I assigned the eth4 interface 192.168.85.1/24 and created a second DHCP server for the subnet 192.168.85.0/24, so now anything I connect to eth4 will be on this new subnet, but in effect for me it allows me to have a dedicated port directly connected to the IPTV box simplifying matters. Now cleverer people would probably utilise some VLAN config at this point but im not ready for that.

So with that now in place I configured my IGMP Proxy as follows:

configure

set protocols igmp-proxy interface eth0 role upstream
set protocols igmp-proxy interface eth4 role downstream

set protocols igmp-proxy interface eth0 threshold 1
set protocols igmp-proxy interface eth0 alt-subnet 0.0.0.0/0

set protocols igmp-proxy interface eth4 threshold 1
set protocols igmp-proxy interface eth4 alt-subnet 0.0.0.0/0

commmit
save
exit

 

You can then check for traffic and other info by issuing the following commands:

show ip multicast interfaces 

Intf BytesIn PktsIn BytesOut PktsOut Local eth0 322.55MB 31923239 0.00b 0 192.168.255.1 eth4 0.00b 0 320.97MB 31922696 192.168.85.1 

show ip multicast mfc 

Group Origin In Out Pkts Bytes Wrong 234.xx.xxx.xxx 109.xxx.xxx.xxx eth0 eth4 469825 607.57MB 0 

 

Without getting into things I dont understand, essentially the two commands are showing traffic between the interfaces and with this IGMP Proxy in place the IPTV box has been working flawlessly.

I did want to address something and also pose a question, in all of the posts I have read, albeit old ones, they are mentioning that now two firewall rules must be created, one to Allow Multicast UDP between source and destination IP's, which can be gathered from the above MFC command, the other to allow IGMP. Without these firewall rules apparently the IPTV feed will crash out after a few seconds, I cannot report that this has effected me and I am wondering why. I havent gone ahead and created these rules as everything works fine without them. I was wondering if because the IPTV is on its own subnet and singular interface away from my default LAN that this has circumvented the requirement? I dont know.

So, it all works, ive rebooted everything to make sure, ONT, Router and Factory Reset the IPTV box and everything still works, all live channels work, the premium paywalled sport ones such a Sky Sports (Now) and TNT Sports...Ultimate and HDR, im pretty chuffed however wouldnt have been able to do this without the help on these forums. I hope someone might stumble across this post and find it helpful, Im sure the same can be applied to most ISP's who are using PPPOE and I cant recommend the Edge Router X enough for anyone who wants to learn some basics or some more complicated stuff, it is a very capable device.

My full sanitized config is below:

firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
        rule 21 {
            action accept
            description Allow_WAN-Port_Ping
            destination {
                group {
                    address-group ADDRv4_pppoe0
                }
            }
            log disable
            protocol icmp
        }
    }
    options {
        mss-clamp {
            interface-type pppoe
            mss 1452
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address 192.168.255.1/24
        description WAN
        duplex auto
        pppoe 0 {
            default-route force
            firewall {
                in {
                    name WAN_IN
                }
                local {
                    name WAN_LOCAL
                }
            }
            mtu 1492
            name-server auto
            password BT
            user-id bthomehub@btbroadband.com
        }
        speed auto
    }
    ethernet eth1 {
        description "Office Switch"
        duplex auto
        speed auto
    }
    ethernet eth2 {
        description "Cupboard Switch"
        duplex auto
        speed auto
    }
    ethernet eth3 {
        description "Lounge Switch"
        duplex auto
        speed auto
    }
    ethernet eth4 {
        address 192.168.85.1/24
        description IPTV
        duplex auto
        poe {
            output off
        }
        speed auto
    }
    loopback lo {
    }
    switch switch0 {
        address 192.168.84.1/24
        description "Default LAN (eth1-eth3)"
        mtu 1500
        switch-port {
            interface eth1 {
            }
            interface eth2 {
            }
            interface eth3 {
            }
            vlan-aware disable
        }
    }
}
port-forward {
    auto-firewall enable
    hairpin-nat enable
    lan-interface switch0
    rule 1 {
        description OpenVPN(pi)
        forward-to {
            address 192.168.84.238
            port 1987
        }
        original-port 1987
        protocol udp
    }
    rule 2 {
        description SSH(pi)
        forward-to {
            address 192.168.84.238
            port 40
        }
        original-port 40
        protocol tcp
    }
    wan-interface pppoe0
}
protocols {
    igmp-proxy {
        interface eth0 {
            alt-subnet 0.0.0.0/0
            role upstream
            threshold 1
        }
        interface eth4 {
            alt-subnet 0.0.0.0/0
            role downstream
            threshold 1
        }
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name IPTV {
            authoritative disable
            subnet 192.168.85.0/24 {
                default-router 192.168.85.1
                dns-server 192.168.84.199
                lease 86400
                start 192.168.85.10 {
                    stop 192.168.85.20
                }
                static-mapping EE-TV-Box-Pro {
                    ip-address 192.168.85.11
                    mac-address x
                }
            }
        }
        shared-network-name LAN {
            authoritative enable
            subnet 192.168.84.0/24 {
                default-router 192.168.84.1
                dns-server 192.168.84.199
                lease 86400
                start 192.168.84.2 {
                    stop 192.168.84.243
                }
                static-mapping naylor-gw {
                    ip-address 192.168.84.238
                    mac-address x
                }             
                static-mapping pi-hole {
                    ip-address 192.168.84.199
                    mac-address x
                }
                static-mapping wifi-bridge {
                    ip-address 192.168.84.240
                    mac-address x
                }
            }
        }
        static-arp disable
        use-dnsmasq disable
    }
    dns {
        dynamic {
            interface pppoe0 {
                service custom-cloudflare {
                    host-name x
                    login x
                    options zone=x
                    password x
                    protocol cloudflare
                }
            }
        }
        forwarding {
            cache-size 150
            listen-on switch0
        }
    }
    gui {
        http-port 80
        https-port 443
        older-ciphers enable
    }
    nat {
        rule 5010 {
            outbound-interface pppoe0
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
    unms {
        disable
    }
    upnp {
    }
}
system {
    analytics-handler {
        send-analytics-report false
    }
    crash-handler {
        send-crash-report false
    }
    host-name x
    login {
        user x {
            authentication {
                encrypted-password x
            }
            level admin
        }
    }
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    offload {
        hwnat enable
        ipsec enable
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone Europe/London
}




/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@5:ubnt-l2tp@1:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@2:ubnt-util@1:vrrp@1:vyatta-netflow@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v2.0.9-hotfix.7.5622731.230615.0857 */

  

-----------------------------------------------------------------------------------------------
BT900 | Nokia ONT | Ubiquiti ER-X | EETV Box Pro (IP Mode) | Unifi CK2 | 6x Unifi U6+ | 2x Unifi SAK Ultra
2 REPLIES 2
2,284 Views
Message 2 of 3

Re: BT FTTP 900 & IPTV (EE TV Box Pro) - 3rd Party Router (ER-X) PPPOE and IGMP Proxy Config (Wo

Go to solution

Just replying to I can marked as solved.

-----------------------------------------------------------------------------------------------
BT900 | Nokia ONT | Ubiquiti ER-X | EETV Box Pro (IP Mode) | Unifi CK2 | 6x Unifi U6+ | 2x Unifi SAK Ultra
0 Ratings
Reply
1,142 Views
Message 3 of 3

Re: BT FTTP 900 & IPTV (EE TV Box Pro) - 3rd Party Router (ER-X) PPPOE and IGMP Proxy Config (Wo

Go to solution

After actually going through the process of setting this config up on @djayyy new ER-X to help him out I discovered some issues, so I wanted to post a more usable config below with all of my junk that is specific to myself removed, most notably the DNS server that I use, most people wont have that and simply changing that field on the IPTV side of things will not work, there is another step which is contained now within the config below.

The following config is confirmed working and a little more straight forward to understand without all my stuff in it, still refer to my initial post above when it comes to understanding why it is set this way:

firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
        rule 21 {
            action accept
            description Allow_WAN-Port_Ping
            destination {
                group {
                    address-group ADDRv4_pppoe0
                }
            }
            log disable
            protocol icmp
        }
    }
    options {
        mss-clamp {
            interface-type pppoe
            mss 1452
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address 192.168.255.1/24
        description WAN
        duplex auto
        pppoe 0 {
            default-route force
            firewall {
                in {
                    name WAN_IN
                }
                local {
                    name WAN_LOCAL
                }
            }
            mtu 1492
            name-server auto
            password BT
            user-id bthomehub@btbroadband.com
        }
        speed auto
    }
    ethernet eth1 {
        duplex auto
        speed auto
    }
    ethernet eth2 {
        duplex auto
        speed auto
    }
    ethernet eth3 {
        duplex auto
        speed auto
    }
    ethernet eth4 {
        address 192.168.85.1/24
        description IPTV
        duplex auto
        poe {
            output off
        }
        speed auto
    }
    loopback lo {
    }
    switch switch0 {
        address 192.168.84.1/24
        description "Default LAN (eth1-eth3)"
        mtu 1500
        switch-port {
            interface eth1 {
            }
            interface eth2 {
            }
            interface eth3 {
            }
            vlan-aware disable
        }
    }
}
port-forward {
    auto-firewall enable
    hairpin-nat enable
    lan-interface switch0
    wan-interface pppoe0
}
protocols {
    igmp-proxy {
        interface eth0 {
            alt-subnet 0.0.0.0/0
            role upstream
            threshold 1
        }
        interface eth4 {
            alt-subnet 0.0.0.0/0
            role downstream
            threshold 1
        }
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name IPTV {
            authoritative disable
            subnet 192.168.85.0/24 {
                default-router 192.168.85.1
                dns-server 192.168.84.1
                lease 86400
                start 192.168.85.10 {
                    stop 192.168.85.20
                }
            }
        }
        shared-network-name LAN {
            authoritative enable
            subnet 192.168.84.0/24 {
                default-router 192.168.84.1
                dns-server 192.168.84.1
                lease 86400
                start 192.168.84.10 {
                    stop 192.168.84.243
                }
                static-mapping Naylor_Config-Laptop {
                    ip-address 192.168.84.232
                    mac-address redacted
                }
            }
        }
        static-arp disable
        use-dnsmasq disable
    }
    dns {
        forwarding {
            cache-size 150
            listen-on switch0
            listen-on eth4
        }
    }
    gui {
        http-port 80
        https-port 443
        older-ciphers enable
    }
    mdns {
        repeater {
            interface switch0
            interface eth4
        }
    }
    nat {
        rule 5010 {
            outbound-interface pppoe0
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
    unms {
        disable
    }
    upnp {
    }
}
system {
    analytics-handler {
        send-analytics-report false
    }
    crash-handler {
        send-crash-report false
    }
    host-name ERX
    login {
        user ubnt {
            authentication {
                encrypted-password redacted
                plaintext-password ""
            }
            level admin
        }
    }
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    offload {
        hwnat enable
        ipsec enable
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone Europe/London
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@5:ubnt-l2tp@1:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@2:ubnt-util@1:vrrp@1:vyatta-netflow@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v2.0.9-hotfix.7.5622731.230615.0857 */
-----------------------------------------------------------------------------------------------
BT900 | Nokia ONT | Ubiquiti ER-X | EETV Box Pro (IP Mode) | Unifi CK2 | 6x Unifi U6+ | 2x Unifi SAK Ultra
0 Ratings
Reply