HELP! Multicast Filtering? How?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2, 3  Next
Author Message
davidw89
DD-WRT Novice


Joined: 13 Jun 2008
Posts: 42

PostPosted: Wed Oct 22, 2008 13:14    Post subject: HELP! Multicast Filtering? How? Reply with quote
I have a belkin modem connected to my Linksys WRT54g v5(DD-WRT v24 MICRO) via a client bridge mode.

I would like to block multicast streams from my LAN network to my WLAN network.

Please refer to this thread of my problem:
http://forums.whirlpool.net.au/forum-replies.cfm?t=1072566

Basically when someone is watching IPTV Multicast stream on my LAN network, my wireless network completely dies out.

Quote:
This is a known problem, not specifically related to TPG.

TPG's IPTV uses multicast IGMP / UDP to transfer the data.

What it means is that when one PC is watching IPTV, *all* the machine on the local network will receive the IPTV traffic. It allows to have only one UDP stream to all machines watching IPTV

The default multicast rate on 802.11g wireless router is around 6Mbit/s , so when watching IPTV, the wireless network is overflowed by the traffic and it will slow down to a halt.

When you need to do is increate the multicast rate of your wireless router, many routers allow you to do so. I've set a link explaining the problem there:
http://www.avenard.org/iptv/IPTV_and_Wireless.html
Increase the multicast rate to about 12mbit/s and you'll be fine.


Apprently you can't change the multicast rate with DD-wrt..

And i have checked multicast filtering in Security --> firewall.

Any idea?
Sponsor
jbarbieri
DD-WRT Guru


Joined: 06 Apr 2007
Posts: 544
Location: New Hampshire

PostPosted: Wed Oct 22, 2008 13:23    Post subject: Reply with quote
I believe I have the interfaces right, but this SHOULD work:

Code:
iptables -I FORWARD -m pkttype --pkt-type multicast -i br0 -o eth1 -j DROP


That basically says anything going from the lan to the wireless block if packet type is multicast


try and give that a shot

_________________


Linksys WRT54GS V2 - Router behind ATT DSL
davidw89
DD-WRT Novice


Joined: 13 Jun 2008
Posts: 42

PostPosted: Wed Oct 22, 2008 13:36    Post subject: Reply with quote
jbarbieri wrote:


try and give that a shot


Cool but how???

Ok i am guessing it's in

Administration --> Command

Which one do i click?
Run Command
Save Startup
Save Firewall
Save Custom Script

How do i save the command and the run the command when the router starts?
Blackraven
DD-WRT User


Joined: 10 Jul 2006
Posts: 396
Location: NL

PostPosted: Wed Oct 22, 2008 14:23    Post subject: Reply with quote
you're on the right track, fill in the iptables code into the letterbox and after that just press "save as firewall"
That's all, firewall will be automatically loaded upon every (re)boot.

_________________
WRT54GL v1.1 DD-WRT v24-sp2 vpn - build 10550
WRT610N v1 DD-WRT v24-sp2 big - build 13000M NEWD-2 Eko
jbarbieri
DD-WRT Guru


Joined: 06 Apr 2007
Posts: 544
Location: New Hampshire

PostPosted: Fri Oct 24, 2008 12:38    Post subject: Reply with quote
Does it work?


I am just curious.

_________________


Linksys WRT54GS V2 - Router behind ATT DSL
bsider
DD-WRT Novice


Joined: 27 Apr 2007
Posts: 3

PostPosted: Mon Oct 27, 2008 16:47    Post subject: Reply with quote
It doesn't work for me on DD-WRT 24SP1 Sad
jbarbieri
DD-WRT Guru


Joined: 06 Apr 2007
Posts: 544
Location: New Hampshire

PostPosted: Mon Oct 27, 2008 18:37    Post subject: Reply with quote
bsider wrote:
It doesn't work for me on DD-WRT 24SP1 Sad


If you telnet in and do a


iptables --list -nvt filter




do you see it?

_________________


Linksys WRT54GS V2 - Router behind ATT DSL
BrainiakZ
DD-WRT Novice


Joined: 11 Oct 2009
Posts: 11

PostPosted: Sat Oct 24, 2009 0:51    Post subject: Reply with quote
Same issue. I tried the iptables command it and it didnt work. I do see it in the table though via the CLI.

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

0 0 DROP 0 -- br0 eth1 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast


Any other ideas?

My Linksys 350n is 24sp2, Lan port 1 plugged into my giga switch. While working on a Surveillance NVR that uses multicast, the network dies. I have tried putting it on a different vlan, and my cisco 850something only allows one vlan on its switch ports.

So, I am trying to block the lan messages from hitting the wireless block.

Im no linux master, or Ip tables master, so I am just reading the forums to see what I can find. I am sure iptables can do it, just need to find the right command.
BrainiakZ
DD-WRT Novice


Joined: 11 Oct 2009
Posts: 11

PostPosted: Sat Oct 24, 2009 0:58    Post subject: Reply with quote
lol, ok, that command was bad --- haha. rebooted.. my wireless is fine, but it wont allow any broadcasts at all like dhcp requests, arps (I think), etc. I cant ping the router from the lan ports.
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10143

PostPosted: Sat Oct 24, 2009 3:23    Post subject: Reply with quote
There's another way to do it. You can unbridge the wireless interface and assign it an IP like 192.168.2.1 subnet mask 255.255.255.0 which removes it from the bridge and puts it in another subnet. Then under setup->networking->multiple dhcp server you add another dhcp pool for the wireless interface.

If you want to leave it bridged then you need to load ebtables in order for iptables to see the bridged traffic.

insmod ebtables
iptables -I FORWARD -m pkttype --pkt-type multicast -i br0 -j DROP

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
BasCom
DD-WRT Guru


Joined: 29 Jul 2009
Posts: 1254
Location: Germany

PostPosted: Sat Oct 24, 2009 22:39    Post subject: Reply with quote
lolo, jeah it seems to be so easy, multicast blocked without unbridging and so on, thanks ! very nice
marko
DD-WRT User


Joined: 05 Aug 2006
Posts: 66

PostPosted: Sun Nov 01, 2009 11:02    Post subject: Reply with quote
does anybody know how to do this on the alix board with 2 LAN ports?
unbridging is working, but then I lose printer sharing :(

eth0 = WAN
eth1 = LAN
ath0 = WLAN

thx for your help
BrainiakZ
DD-WRT Novice


Joined: 11 Oct 2009
Posts: 11

PostPosted: Wed Nov 04, 2009 4:40    Post subject: Reply with quote
phuzi0n wrote:
There's another way to do it. You can unbridge the wireless interface and assign it an IP like 192.168.2.1 subnet mask 255.255.255.0 which removes it from the bridge and puts it in another subnet. Then under setup->networking->multiple dhcp server you add another dhcp pool for the wireless interface.

If you want to leave it bridged then you need to load ebtables in order for iptables to see the bridged traffic.

insmod ebtables
iptables -I FORWARD -m pkttype --pkt-type multicast -i br0 -j DROP


Thanks a million. Threw that in my startup script, worked like a champ. (modified to be more specific of course) ebtables I would have never found or known about.
helheimr
DD-WRT Novice


Joined: 29 Apr 2010
Posts: 2

PostPosted: Thu Apr 29, 2010 18:53    Post subject: Linksys 610N with mini build Reply with quote
thanks for this. I just wanted to let you know how I got this to work on my Linksys WRT610N.

My problem:
IPTV multicast packets on the network (to my STB as well as an upstairs PC where I can use VLC player to view the IPTV) flooded the WLAN - causing the WLAN to not function at all (completely bogged down).

Solution:
the easy way: just unbridge the WLAN and enable filtering of multicast. however the problem with this is that your WLAN clients will no longer be part of the same network (to browse files easily etc.)

the best solution: as suggested above. Specifically I found out you also have to insmod the ebtable_filter module. so run the command in a telnet session:

insmod ebtables
insmod ebtable_filter
iptables -I FORWARD -m pkttype --pkt-type multicast -i br0 -j DROP

and all is working!

the only problem I still have (tips welcome): every time I reboot I have to manually run these commands. somehow the "start commands" (with a save) does not seem to work and makes the firmware unstable....

hope this will help someone Wink
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10143

PostPosted: Thu Apr 29, 2010 19:17    Post subject: Reply with quote
iptables commands need to be in the firewall script so that they're run every time the firewall is rebuilt.
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Goto page 1, 2, 3  Next Display posts from previous:    Page 1 of 3
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum