Introduction
igmpproxy is a fundamental component that allows IPFire users to to receive IPTV.
Internet Protocol Television (IPTV) operates similarly to conventional television, but it leverages the capabilities of the Internet protocol suite to deliver content. It streams data packets over the internet infrastructure, allowing users to access live broadcasts, time-shifted media, and video-on-demand (VOD) services. Essentially, IPTV transforms the internet into a broadcasting medium, providing a more flexible and interactive television experience compared to traditional cable or satellite TV.
The concept of multicast is crucial in IPTV systems. In networking terms, multicasting refers to the delivery of information to a group of destinations simultaneously, using the most efficient strategy to deliver messages over each link of the network only once and create copies when the links to the destinations split. IPTV uses Internet Group Management Protocol (IGMP) for controlling multicast groups. The IGMP proxy plays a vital role in this mechanism. It allows a system on a network to report its multicast group membership to any neighboring multicast routers, managing the "join" and "leave" messages when a client changes channels. This mechanism ensures an efficient allocation of resources, delivering the correct content to the right recipients without overwhelming the network.
igmpproxy use
The igmpproxy is a Addon to use T-Home with the IPFire, without using the provider's hardware.
Senior Alix boards are not suitable for Entertain, because of their build in "via-rhine Ethernet ports" for those NIC´s it is unable to realize the VLAN connection.
Furthermore, it may come to problems with RTL8101E/RTL8102E network interface cards.
Multicast Protocol
To understand the configuration files described below, it is useful to know what is a multicast service. A multicast is an optimization method for Video/Audio traffic that has to be delivered in parallel to many customers. The service provider receives IGMP join messages telling the Video-server to add the client to the multicast group, the server update its table and then delivers the stream to the entire group.
When you launch your streaming client (such as VLC, Kodi with an IPTV plugin, or Apple TV), the client signals its interest in a specific channel to the IGMP proxy. In the context of IPFire’s configuration, the IGMP proxy is designed to anticipate these requests from the IP addresses indicated under the ‘phyint green0’ stanza.
Upon receiving the request, the IGMP proxy forwards this IGMP join message to the provider’s network, which is designated in the ‘phyint ppp0’ stanza.
In response, the provider’s network starts transmitting the corresponding audio/video stream as multicast traffic. Notably, this isn’t a direct response to the IGMP join message but a result of it - the provider multicasts the requested content to all members of the multicast group, including your client.
Due to the rules established in ‘firewall.local’, IPFire allows this incoming multicast traffic to pass through the firewall, thereby enabling the client to receive the intended stream.
Configuration steps
After successful installation over Pakfire it´s now time to start over. For the use of IPTV it is unfortunately necessary to do some handwork, but with tools like Putty or Winscp also "Linux-beginners" should be able to handle this.
First, the file /etc/igmpproxy.conf should be adapted:
#
# Example configuration file for the IgmpProxy
# --------------------------------------------
#
# The configuration file must define one upstream
# interface, and one or more downstream interfaces.
#
# If multicast traffic originates outside the
# upstream subnet, the "altnet" option can be
# used in order to define legal multicast sources.
# (Se example...)
#
# The "quickleave" should be used to avoid saturation
# of the upstream link. The option should only
# be used if it's absolutely nessecary to
# accurately imitate just one Client.
#
########################################################
##------------------------------------------------------
## Enable Quickleave mode (Sends Leave instantly)
##------------------------------------------------------
#
quickleave
# upstream = modem interface, red0.8 for vlan tagging (new infrastructure), ppp0 for red0.7 (vlan tagging, old infrastructure), red0 (no vlan tagging)
phyint red0.8 upstream ratelimit 0 threshold 1
altnet 239.0.0.0/8;
altnet 217.0.119.194/16;
altnet 193.158.35.0/24;
# lan interface of ipfire interacting with the iptv-device
phyint green0 downstream ratelimit 0 threshold 1
altnet 192.168.40.200/32; #replace with your own reciver IP's
#
# disable all unused interfaces, especially the one connected to the dsl modem
phyint lo disabled
phyint blue0 disabled
phyint red0 disabled
phyint tun0 disabled
phyint ppp0 disabled
phyint imq0 disabled
phyint mast0 disabled
#phyint orange0 disabled
Explanation of the entries:
- red0.8 is the device which receives the multicast. This is for T-Home after the switch to the destination network VLAN 8 on the red interface.
- phyint red0.8 upstream ratelimit 0 threshold 1
- Constitute the IP's from T-Entertain
- altnet 239.35.0.0/8
- altnet 217.0.119.194/16;
- altnet 193.158.35.0/24;
- The LAN interface is on the IPFire green0. It can also be used blue0 or orange0 and various VPN connections.
- phyint green0 downstream ratelimit 0 threshold 1
Here, you can specify (one or multiple) media receiver(s):
- altnet 192.168.40.200/32;
- other not required devices will be disabled, not available devices can be out-commented.
- phyint lo disabled
- phyint blue0 disabled
- phyint red0 disabled
- phyint tun0 disabled
- phyint ppp0 disabled
- phyint imq0 disabled
- phyint mast0 disabled
- phyint orange0 disabled
In addition, we need to make sure that the igmpproxy is loaded at the start and that a few manual iptable rules are running. Therefore the best place is the firewall.local (/etc/sysconfig):
#!/bin/sh
# Used for private firewall rules
# See how we were called.
case "$1" in
start)
## add your 'start' rules here
/sbin/iptables -I IPTVINPUT -i red0.8 -d 224.0.0.0/4 -j ACCEPT
/sbin/iptables -I IPTVFORWARD -i red0.8 -d 224.0.0.0/4 -j ACCEPT
# end for igmpproxy
;;
stop)
## add your 'stop' rules here
/sbin/iptables -D IPTVINPUT -i red0.8 -d 224.0.0.0/4 -j ACCEPT
/sbin/iptables -D IPTVFORWARD -i red0.8 -d 224.0.0.0/4 -j ACCEPT
# end for igmpproxy
;;
reload)
$0 stop
$0 start
## add our 'reload' rules here
;;
*)
echo "Usage: $0 {start|stop|reload}"
;;
esac
Let´s build a start command for the IGMP proxy in the rc.local :
filename = /etc/sysconfig/rc.local
#!/bin/sh
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
# Used for private calls after boot #
###############################################################################
# power button shutdown
if grep -q '^button' /proc/modules ; then
( head -1 /proc/acpi/event | grep -q 'button/power PWRF' && poweroff ) &
fi
/usr/sbin/igmpproxy /etc/igmpproxy.conf &
-
The igmpproxy.conf is here adapted especially for T-Home Users. With other providers (MaxDome, etc.), you need to ask for the corresponding IP's and adjust those.
-
For operation with the Webproxy and Content-Filter the IP of the recivers needs to be registered on Unrestricted IP addresses" or Unfiltered IP addresses" .
-
To avoid redundant errors or problems, it is important to assign different MAC addresses to the VLAN's, this is manageable over the webinterface under assign MAC address.
-
By the use of IPTV you should not use the ClamAV, this disturbs the stream significantly.
This configuration did not work 100% in my setup. Therefore I can present a working configuration.
An Alternative /etc/sysconfig/firewall.local that works 100% in my environment.
filename = /etc/sysconfig/firewall.local
#!/bin/sh
# Used for private firewall rules
# See how we were called.
case "$1" in
start)
## add your 'start' rules here
/usr/sbin/igmpproxy /etc/igmpproxy.conf &
# for igmpproxy
/sbin/iptables -I CUSTOMINPUT -i red0.8 -d 224.0.0.0/4 -j ACCEPT
/sbin/iptables -I CUSTOMFORWARD -i red0.8 -d 224.0.0.0/4 -j ACCEPT
# end for igmpproxy
;;
stop)
## add your 'stop' rules here
# for igmpproxy
/sbin/iptables -D CUSTOMINPUT -i red0.8 -d 224.0.0.0/4 -j ACCEPT
/sbin/iptables -D CUSTOMFORWARD -i red0.8 -d 224.0.0.0/4 -j ACCEPT
killall igmpproxy
;;
reload)
$0 stop
$0 start
## add your 'reload' rules here
;;
*)
echo "Usage: $0 {start|stop|reload}"
;;
esac
Configuration for BNG
If the German Provider Telekom migrated your Port to BNG, VLAN8 for Multicast is not used anymore.
Therefore you have to configure in both configuration files ppp0 as replacement interface for red0.8.
filename = /etc/igmpproxy.conf
########################################################
#
# Example configuration file for the IgmpProxy
# --------------------------------------------
#
# The configuration file must define one upstream
# interface, and one or more downstream interfaces.
#
# If multicast traffic originates outside the
# upstream subnet, the "altnet" option can be
# used in order to define legal multicast sources.
# (Se example...)
#
# The "quickleave" should be used to avoid saturation
# of the upstream link. The option should only
# be used if it's absolutely nessecary to
# accurately imitate just one Client.
#
########################################################
##------------------------------------------------------
## Enable Quickleave mode (Sends Leave instantly)
##------------------------------------------------------
quickleave
##------------------------------------------------------
## Configuration for red (Upstream Interface)
# upstream = modem interface, red0.8 for vlan tagging (new infrastructure), ppp0 for red0.7 (vlan tagging, old infrastructure), red0 (no vlan tagging)
##------------------------------------------------------
phyint ppp0 upstream ratelimit 0 threshold 1
altnet 239.0.0.0/8;
altnet 232.0.0.0/8;
altnet 217.0.119.194/16;
altnet 193.158.35.0/24;
##------------------------------------------------------
## Configuration for green0 (Downstream Interface)
# lan interface of ipfire interacting with the iptv-device
##------------------------------------------------------
phyint green0 downstream ratelimit 0 threshold 1
altnet 192.168.0.100/32; #replace with your own reciver IP's
##------------------------------------------------------
# disable all unused interfaces, especially the one connected to the dsl modem
##------------------------------------------------------
phyint wlan0
phyint lo disabled
phyint blue0 disabled # multicast does not work well with WIFI
phyint red0 disabled
phyint tun0 disabled
#phyint ppp0 disabled
#phyint imq0 disabled
#phyint mast0 disabled
#phyint orange0 disabled
filename = /etc/sysconfig/firewall.local
#!/bin/sh
# Used for private firewall rules
# See how we were called.
case "$1" in
start)
## add your 'start' rules here
/usr/sbin/igmpproxy /etc/igmpproxy.conf &
# for igmpproxy
/sbin/iptables -I IPTVINPUT -i ppp0 -d 224.0.0.0/4 -j ACCEPT
/sbin/iptables -I IPTVFORWARD -i ppp0 -d 224.0.0.0/4 -j ACCEPT
# end for igmpproxy
;;
stop)
## add your 'stop' rules here
# for igmpproxy
/sbin/iptables -I IPTVINPUT -i ppp0 -d 224.0.0.0/4 -j ACCEPT
/sbin/iptables -I IPTVFORWARD -i ppp0 -d 224.0.0.0/4 -j ACCEPT
killall igmpproxy
;;
reload)
$0 stop
$0 start
## add your 'reload' rules here
;;
*)
echo "Usage: $0 {start|stop|reload}"
;;
esac