Recently signed up for Cincinnati Bell Fioptics FTTH with IPTV. Replaced the provided wireless router with a pfsense box + Ubiquiti AP and the internet works great. However, I cannot get the IPTV boxes to work. I've read every post the internet has about Fioptics IPTV networking, and many posts from @Mech, with no luck.
Here's what I have:
pfsense 2.5.2-RELEASE
IGMP enabled, WAN upstream 10.0.0.0/8, LAN downstream 239.0.0.0/8
IGMP WAN pass rule, UDP IPTV traffic pass
IGMP LAN pass rule
All rules have the "Allow packets with IP options to pass" box checked. In the Firewall System Logs I see IGMP traffic matches on both WAN and LAN, suggesting that IGMP traffic is flowing successfully, but not the actual multicast traffic.
Only one WAN interface and one LAN interface. No vlans, PPPoE, or anything fancy like that.
As part of my debugging, I set up two of the ports on the pfsense box as a bridge and connected the ISP provided router through them in order to capture the traffic. I set the bridge as an interface, created a "pass all IPV4" rule, and enabled the "Allow packets with IP options to bass" box, at which point the TV started working. Capturing the traffic confirmed that all Fioptics IPTV streams originate from 10.0.0.0/8 and are destined for 239.0.0.0/8 as suggested here in this “Fioptics (IPTV by Cincinnati Bell) Definitive Guide”.
Wireshark capture
I tried to make rules in the bridge interface to match the IPTV traffic specifically (IPv4 UDP from 10.0.0.0/8), but could not get the rules to match any traffic even though I could see it in Packet Capture. This suggests to me that the packets were being routed at the link layer and not the firewall due to the bridge.
I also made sure I am using the ISP DNS servers to eliminate that as a possible issue.
Does anyone have any ideas? Spitballing: Do I need to add more networks to the IGMP proxy? Are my pass-through rules not adequate? Is my box dropping all link-layer multicast packets at the interface so they never even get to the firewall?