WikiDevi.Wi-Cat.RU:DD-WRT/IPTV - Blocking Multicast on WIFI
Introduction
This section explains how to use the DD-WRT GUI to configure DD-WRT supporting multicast IPTV traffic while at the same time enable some LAN ports and Wireless Clients working in parallel.
There are 2 ways to achieve this. The first is to unbridge the LAN area that shouldnt get flooded with mulicast packets. The second (and imho more elegand) way is to block mulicast traffic to the interfaces which doesnt need it.
Assumption
In the sample configuration, the TV media receiver is connected to LAN Port 4, and the router Ip is 192.168.1.1. Other configurations work accordingly.
Prerequisites
- Ensure that you are at least on DD-WRT 24v1 Firmware, otherwise download the most recent release.
- Connect the TV media receiver to Port 4. Connect other LAN connections to Ports 1,2,3
Allow for multicast traffic
- Disable (uncheck) "Filter Multicast" on Security-->Firewall
Disable multicast traffic to reach the Wireless adapter
- In Wireless-->Basic setting, set "Network Configuration" to "Unbridged", and "Multicast forwarding" to "disabled".
- Provide 192.168.3.1 with subnet mask 255.255.255.0 as the IP address for Wireless connections
Setup an additional VLAN
- In Setup-->VLANs, check the "tagged" checkboxes for Ports 1,2,3. Then, check the three accoring checkboxes in the VLAN 7 row, uncheck them in the VLAN 0 row, and finally uncheck the "tagged" checkboxes.
- Apply the settings and reboot the router
Disable multicast traffic to reach the LAN Ports 1,2,3
- In Setup-->Networking, check "Unbridged" for "Network Configuration vlan7", "Multicast forward" to "disable".
- Below this entry, provide IP number 192.168.2.1 with subnet mask 255.255.255.0 as the IP address
Enable DHCP for the additional local Networks and final steps
- In Setup-->Networking, add two DHCP Servers in the bottom area, one for vlan7, one for eth1 (keep the standard settign for the other fields)
- Apply all changes, and reboot the router
Block Multicast via Ebtables Firewall
Leave the wifi brdiged. Load the layer2 firewall modules and your ebtables rules via the firewall startup
insmod ebtables insmod ebtable_filter ebtables -A FORWARD -o "interface to block" --pkttype-type multicast -j DROP ebtables -A OUTPUT -o "interface to block" --pkttype-type multicast -j DROP
The drawback is ebtables will use sightly mode cpu time. Finally, enjoy TV, LAN, and Wireless simultaneously.