Skip to main content

Beeline IPTV with OpenWRT in Kiev

/galleries/dropbox/beeline-icon.jpg

Beeline Home Internet has started providing IPTV through its LAN. The description of the service is given here.

Since this was my first experience with multicasting I had no clue about what to do, where to get the traffic from and how I can forward it to my LAN.

It turned out to be pretty easy, unfortunately requiring kernel .config adjusting even in the latest OpenWRT trunk. Please note, I am using brcm-2.4 kernel/

Index: trunk/target/linux/brcm-2.4/config-default
===================================================================
--- trunk/target/linux/brcm-2.4/config-default (revision 16833)
+++ trunk/target/linux/brcm-2.4/config-default (working copy)
@@ -373,3 +373,24 @@
# CONFIG_WDTPCI is not set
# CONFIG_WINBOND_840 is not set
# CONFIG_YAM is not set
+CONFIG_IP_MROUTE=y
+CONFIG_IP_PIMSM_V1=y
+CONFIG_IP_PIMSM_V2=y

PIMSM* options are not necessary but I included them to be on a safe side.

Then we need to build the firmware with or add igmpproxy to the already installed firmware.

After this configure igmpproxy in /etc/igmpproxy.conf:

quickleave
phyint eth0.1 upstream  ratelimit 0  threshold 1
altnet 192.168.0.1
phyint br-lan downstream ratelimit 0 threshold 1
phyint ppp0 disabled
phyint lo disabled

You can read about my network setup here.

The IP address for altnet is required to allow the packets from these networks to be routed. The LAN address is 10.0.0.0/8 and IPTV is being broadcasted from 192.168.0.1 in my case. That's why such entry is required. You can also find out the source address by running tcpdump. After your host joins the group (igmpproxy should be already running) you will see a large number of packets going to some multicast address (say 225.225.225.1).

You can start igmpproxy so that it does not go to background, with -d switch.

Having found the source ip, you need to add it to your firewall. For one-time include, do this directly:

iptables -A forwarding_wan -s $source_ip -d 224.0.0.0/4 -j ACCEPT

For long-term solution, add this to /etc/config/firewall:

config rule
    option src wan
    option proto udp
    option src_ip 192.168.0.1
    option dest lan
    option dest_ip 224.0.0.0/4
    option target ACCEPT

You should be ready to start receiving multicasts now from 192.168.0.1. Start VLC and point it to the IP address, say 225.225.225.1 and you should get a picture.

You will also need to add additional firewall rule so that the stream will not stop suddenly. This happens because your ISP gateway (10.22.234.1 in my case) sends subscription queries to your router. These queries will be blocked by default. In order to prevent this, check your gateway IP and add the following rule

config 'rule'
    option 'src' 'wan'
    option 'proto' 'igmp'
    option 'src_ip' '10.22.234.1'
    option 'target' 'ACCEPT'

to /etc/config/firewall

My network setup had one major drawback. My wlan and ethernet are bridged together so I get two networks connected. It was done to share the address space without any additional tricks for firewall and routing. Now this means that even if I start receiving the IPTV signal via the wire, the WiFi network is flooded as well rendering our laptops completely unusable because of the WiFi cards being extremely busy receiving the packets. The router is sending packets fine, though.

This can be made to work properly by creating new vlan out of existing configuration, creating corresponding vlan interfaces, firewall zones and adjusting igmpproxy accordingly. In case you want to get info on how to make this, feel free to comment and I will describe my current setup completely.

Finally, if the client runs Linux, tcpdumps shows that UDP data is flowing but the client does not want to cooperate, check what is the value of the following sysctl:

sysctl net.ipv4.conf.$interface.rp_filter

If it is set to 1 (true) the packets will be filtered by the kernel as their source interface will not match the expected one (see RFC1812, item 5.3.8).

This can be fixed the following way:

sysctl net.ipv4.conf.$interface.rp_filter=0

Feel free to comment the post if you need any additional information.

Comments

Comments powered by Disqus