WikiDevi.Wi-Cat.RU:DD-WRT/IPTV - Blocking Multicast on WIFI

From WikiDevi.Wi-Cat.RU
Jump to navigation Jump to search
Source

Source

IPTV - Blocking Multicast on WIFI @ dd-wrt


Introduction

This section explains how to use the DD-WRT GUI to configure DD-WRT supporting multicast IPTV traffic while at the same time enable some LAN ports and Wireless Clients working in parallel.

There are 2 ways to achieve this. The first is to unbridge the LAN area that shouldnt get flooded with mulicast packets. The second (and imho more elegand) way is to block mulicast traffic to the interfaces which doesnt need it.

Assumption

In the sample configuration, the TV media receiver is connected to LAN Port 4, and the router Ip is 192.168.1.1. Other configurations work accordingly.

Prerequisites

  1. Ensure that you are at least on DD-WRT 24v1 Firmware, otherwise download the most recent release.
  2. Connect the TV media receiver to Port 4. Connect other LAN connections to Ports 1,2,3

Allow for multicast traffic

  1. Disable (uncheck) "Filter Multicast" on Security-->Firewall

Disable multicast traffic to reach the Wireless adapter

  1. In Wireless-->Basic setting, set "Network Configuration" to "Unbridged", and "Multicast forwarding" to "disabled".
  2. Provide 192.168.3.1 with subnet mask 255.255.255.0 as the IP address for Wireless connections

Setup an additional VLAN

  1. In Setup-->VLANs, check the "tagged" checkboxes for Ports 1,2,3. Then, check the three accoring checkboxes in the VLAN 7 row, uncheck them in the VLAN 0 row, and finally uncheck the "tagged" checkboxes.
  2. Apply the settings and reboot the router

Disable multicast traffic to reach the LAN Ports 1,2,3

  1. In Setup-->Networking, check "Unbridged" for "Network Configuration vlan7", "Multicast forward" to "disable".
  2. Below this entry, provide IP number 192.168.2.1 with subnet mask 255.255.255.0 as the IP address

Enable DHCP for the additional local Networks and final steps

  1. In Setup-->Networking, add two DHCP Servers in the bottom area, one for vlan7, one for eth1 (keep the standard settign for the other fields)
  2. Apply all changes, and reboot the router

Block Multicast via Ebtables Firewall

Leave the wifi brdiged. Load the layer2 firewall modules and your ebtables rules via the firewall startup

insmod ebtables
insmod ebtable_filter
ebtables -A FORWARD -o "interface to block" --pkttype-type multicast -j DROP
ebtables -A OUTPUT -o "interface to block" --pkttype-type multicast -j DROP

The drawback is ebtables will use sightly mode cpu time. Finally, enjoy TV, LAN, and Wireless simultaneously.