Posted: Tue May 04, 2010 21:38 Post subject: further optimizing the firewall
thanks for your tip on saving the iptables rule in the firewall - but it seems the insmod commands are causing the trouble.
Another tip for those interested:
I wanted to use the excellent DVBLogic IPTV server to stream the XMS IPTV via UPNP on my LAN so I can view IPTV via UPNP using any UPNP client (including WMP12). However, using the firewall rules I posted earlier the UPNP discovery multicast (UPD port 1900 multicast) was also blocked. the easy solution, add another rule to let the UPNP discovery SSDP through...:
Posted: Thu May 06, 2010 21:29 Post subject: Re: Linksys 610N with mini build
helheimr wrote:
Solution:
the easy way: just unbridge the WLAN and enable filtering of multicast. however the problem with this is that your WLAN clients will no longer be part of the same network (to browse files easily etc.)
Im trying to do that to no avail.
I want to watch IPTV with a STbox connected to eth0 port of a WRT54GS (f/w. dd-wrt micro, build 13064) which is bridged over WLAN with a Thomson TG784 ADSL gateway. How should the WRT54GS router be connected over WLAN, client/repeater/bridge? In dd-wrt WebGUI, where exactly do I unbridge and set multicast filtering? I'm noob at this, someone help me out please.
Posted: Thu May 06, 2010 21:38 Post subject: Re: Linksys 610N with mini build
ner0 wrote:
Im trying to do that to no avail.
I want to watch IPTV with a STbox connected to eth0 port of a WRT54GS (f/w. dd-wrt micro, build 13064) which is bridged over WLAN with a Thomson TG784 ADSL gateway. How should the WRT54GS router be connected over WLAN, client/repeater/bridge? In dd-wrt WebGUI, where exactly do I unbridge and set multicast filtering? I'm noob at this, someone help me out please.
Thanks.
What you want is NOT multicast filtering, you want the multicast to go over the WLAN to your router. See the wiki guide for Client Bridge mode. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Posted: Thu May 06, 2010 23:24 Post subject: Re: Linksys 610N with mini build
phuzi0n wrote:
What you want is NOT multicast filtering, you want the multicast to go over the WLAN to your router. See the wiki guide for Client Bridge mode.
Thanks, but that won't help. I tried several configurations but it all comes down to the multicast rate wich brings down WLANs bandwidth very fast. I tried all wireless modes and firewall settings.
Posted: Fri May 07, 2010 1:11 Post subject: Re: Linksys 610N with mini build
ner0 wrote:
Thanks, but that won't help. I tried several configurations but it all comes down to the multicast rate wich brings down WLANs bandwidth very fast. I tried all wireless modes and firewall settings.
The difference is that the OP's IPTV box wasn't using the WLAN but the IPTV multicast packets were still flooding their WLAN. You are using the WLAN to send the traffic to your IPTV box so you MUST allow the IPTV multicast packets to be transmitted. Also, your Thomson TG784 ADSL gateway is what is sending the IPTV multicast packets, your dd-wrt router just receives them.
If you don't want your WLAN flooded with multicast then you need to either wire the STbox or add a WAP on another channel for your other devices to use. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Sorry to bring this back up.
Right now I have the issue same as the OP. Running a server that is sending multicast packets from one ethernet to another ethernet (or several others), but the router keeps sending the multicast packets over the wlan (ath0). I have tried:
Iptables only acts upon routed traffic by default. You need to load ebtables for your bridged traffic to be seen by iptables. I already explained this earlier. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Telnet/ssh to the router and run these commands to check that ebtables is loaded and that the iptables rule is being added correctly.
lsmod
iptables -vnL FORWARD _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
I have been battling with this tonight. My Uverse is sending about 5 to 6 Mbps to my ath0 and ath1 wireless interfaces. I ran the commands provided earlier, and am still seeing 5 to 6 Mbps going to my wireless interfaces while I have live TV on.
root@DD-WRT:~# lsmod
Module Size Used by
ebtable_filter 944 0
ebtables 15013 1 ebtable_filter
insmod ebtables
insmod ebtable_filter
iptables -I FORWARD -o ath0 -m pkttype --pkt-type multicast -j DROP
iptables -I FORWARD -o ath1 -m pkttype --pkt-type multicast -j DROP _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
I tried the same for my WNDR3700 router, but didn't manage to suppress the multicast flooding at the wireless interface. What am I doing wrong ?
Any help is very much appreciated !
I tried the same for my WNDR3700 router, but didn't manage to suppress the multicast flooding at the wireless interface. What am I doing wrong ?
Any help is very much appreciated !
I also have a WNDR3700 router and experienced the same problem. I can't get it to drop the multicast packets.
and this worked like a charm. Basically I did all the things under heading 2, except for 2.4 and 2.5 (# 2.4 Setup an additional VLAN and # 2.5 Disable multicast traffic to reach the LAN Ports 1,2,3).
I tried the same for my WNDR3700 router, but didn't manage to suppress the multicast flooding at the wireless interface. What am I doing wrong ?
Any help is very much appreciated !
I also have a WNDR3700 router and experienced the same problem. I can't get it to drop the multicast packets.
and this worked like a charm. Basically I did all the things under heading 2, except for 2.4 and 2.5 (# 2.4 Setup an additional VLAN and # 2.5 Disable multicast traffic to reach the LAN Ports 1,2,3).
yes, i can confirm that. doing that already since i have my 3700 but now i have a linksys e3000 and when i do the same my android mobile won´t even get an ip. only if i disable wireless encryption completely but i don´t want that. tried even "Unbridged" and iptables -I FORWARD -i br0 -o "interface to block" -m pkttype --pkt-type multicast -j DROP.
can anybody confirm this with a linksys e3000 (latest ddwrt r16785)?