IPTV - blocking multicast on WIFI
From DD-WRT Wiki
This section explains how to use the DD-WRT GUI to configure DD-WRT supporting multicast IPTV traffic while at the same time enable some LAN ports and Wireless Clients working in parallel.
There are 2 ways to achieve this. The first is to unbridge the LAN area that shouldnt get flooded with mulicast packets. The second (and imho more elegand) way is to block mulicast traffic to the interfaces which doesnt need it.
In the sample configuration, the TV media receiver is connected to LAN Port 4, and the router Ip is 192.168.1.1. Other configurations work accordingly.
- Ensure that you are at least on DD-WRT 24v1 Firmware, otherwise download the most recent release.
- Connect the TV media receiver to Port 4. Connect other LAN connections to Ports 1,2,3
 Allow for multicast traffic
- Disable (uncheck) "Filter Multicast" on Security-->Firewall
 Disable multicast traffic to reach the Wireless adapter
- In Wireless-->Basic setting, set "Network Configuration" to "Unbridged", and "Multicast forwarding" to "disabled".
- Provide 192.168.3.1 with subnet mask 255.255.255.0 as the IP address for Wireless connections
 Setup an additional VLAN
- In Setup-->VLANs, check the "tagged" checkboxes for Ports 1,2,3. Then, check the three accoring checkboxes in the VLAN 7 row, uncheck them in the VLAN 0 row, and finally uncheck the "tagged" checkboxes.
- Apply the settings and reboot the router
 Disable multicast traffic to reach the LAN Ports 1,2,3
- In Setup-->Networking, check "Unbridged" for "Network Configuration vlan7", "Multicast forward" to "disable".
- Below this entry, provide IP number 192.168.2.1 with subnet mask 255.255.255.0 as the IP address
 Enable DHCP for the additional local Networks and final steps
- In Setup-->Networking, add two DHCP Servers in the bottom area, one for vlan7, one for eth1 (keep the standard settign for the other fields)
- Apply all changes, and reboot the router
 Block Multicast via Ebtables Firewall
Leave the wifi brdiged. Load the layer2 firewall modules and your ebtables rules via the firewall startup
insmod ebtables insmod ebtable_filter insmod ebt_pkttype ebtables -A FORWARD -o "interface to block" --pkttype-type multicast -j DROP ebtables -A OUTPUT -o "interface to block" --pkttype-type multicast -j DROP
If you want this script to run everytime your router starts, do the following:
- Go to Administration->Commands
- Paste commands in the Commands window
- Click Save startup
The drawback is ebtables will use sightly mode cpu time. Finally, enjoy TV, LAN, and Wireless simultaneously.