IPTV - blocking multicast on WIFI

From DD-WRT Wiki

Jump to: navigation, search

Contents


[edit] Introduction

This section explains how to use the DD-WRT GUI to configure DD-WRT supporting multicast IPTV traffic while at the same time enable some LAN ports and Wireless Clients working in parallel.

There are 2 ways to achieve this. The first is to unbridge the LAN area that shouldnt get flooded with mulicast packets. The second (and imho more elegand) way is to block mulicast traffic to the interfaces which doesnt need it.

[edit] Setup (Updated)

  1. In wireless, basic settings: enable "optimize multicast traffic" for all wireless radios, save and apply
  2. In Setup, networking, bridging, enable IGMP Snooping by selecting yes from the drop down menu under IGMP Snooping, save then apply
  3. Connect IPTV box using LAN cable to one of the LAN ports of the router
    • Note: in AP mode, LAN cable to gateway/modem and LAN cable to IPTV box must be on the switch ports of the dd-wrt router and not on the WAN port, even if "assign WAN port to switch" is enabled.

Tested on Linksys EA2700 (build 38581), Netgear R7000, Netgear R7000P. ARM Kong builds 35550M and 38580M. Do not consider these build recommendations. They are only listed here to note when the above instructions were created.

[edit] Assumption (Old Instructions)

In the sample configuration, the TV media receiver is connected to LAN Port 4, and the router Ip is 192.168.1.1. Other configurations work accordingly.

[edit] Prerequisites

  1. Ensure that you are at least on DD-WRT 24v1 Firmware, otherwise download the most recent release.
  2. Connect the TV media receiver to Port 4. Connect other LAN connections to Ports 1,2,3

[edit] Allow for multicast traffic

  1. Disable (uncheck) "Filter Multicast" on Security-->Firewall

[edit] Disable multicast traffic to reach the Wireless adapter

  1. In Wireless-->Basic setting, set "Network Configuration" to "Unbridged", and "Multicast forwarding" to "disabled".
  2. Provide 192.168.3.1 with subnet mask 255.255.255.0 as the IP address for Wireless connections

[edit] Setup an additional VLAN

  1. In Setup-->VLANs, check the "tagged" checkboxes for Ports 1,2,3. Then, check the three accoring checkboxes in the VLAN 7 row, uncheck them in the VLAN 0 row, and finally uncheck the "tagged" checkboxes.
  2. Apply the settings and reboot the router

[edit] Disable multicast traffic to reach the LAN Ports 1,2,3

  1. In Setup-->Networking, check "Unbridged" for "Network Configuration vlan7", "Multicast forward" to "disable".
  2. Below this entry, provide IP number 192.168.2.1 with subnet mask 255.255.255.0 as the IP address

[edit] Enable DHCP for the additional local Networks and final steps

  1. In Setup-->Networking, add two DHCP Servers in the bottom area, one for vlan7, one for eth1 (keep the standard settign for the other fields)
  2. Apply all changes, and reboot the router

[edit] Block Multicast via Ebtables Firewall

Leave the wifi brdiged. Load the layer2 firewall modules and your ebtables rules via the firewall startup

insmod ebtables
insmod ebtable_filter
insmod ebt_pkttype
ebtables -A FORWARD -o "interface to block" --pkttype-type multicast -j DROP
ebtables -A OUTPUT -o "interface to block" --pkttype-type multicast -j DROP

If you want this script to run everytime your router starts, do the following:

  • Go to Administration->Commands
  • Paste commands in the Commands window
  • Click Save startup

The drawback is ebtables will use sightly mode cpu time. Finally, enjoy TV, LAN, and Wireless simultaneously.