Don't worry about ipv6 unless you plan to do studying of ipv6 specific multicasting. If you are, it's actually a different issue entirely so open a new thread later.
You need that firewall rule that sets the multicast packets TTL value to 2 which is enough for them to survive your router and come out the other side, but small enough that they won't be forwarded further downstream over additional routers (so 2 is the appropriate value for an "edge" router like you're simulating)
add this to /etc/firewall.user
iptables -t mangle -A PREROUTING -i eth0 -d 224.0.0.0/4 -p udp -j TTL --ttl-set 2
restart the firewall, and see if that works.
This file seems to be empty. So I just copy the 2 lines in there ?
root@OpenWrt:~# vi /etc/sysctl.conf
# Defaults are configured in /etc/sysctl.d/* and can be customized in this file
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
- /etc/sysctl.conf 1/1 100%
I'm not sure why your /etc/sysctl.conf is empty, that's not normal. but yes, put the two lines in there. then sysctl -p
and also as I mentioned above:
add this to /etc/firewall.user
iptables -t mangle -A PREROUTING -i eth0 -d 224.0.0.0/4 -p udp -j TTL --ttl-set 2
restart the firewall, and see if that works.
I'm also unsure how it's empty when he placed 3 lines into it at post No. 167...again something's [seriously] not right. There are major configs missing that are needed for a ROUTER.
For example...the OP's OpenWrt is likely not routing right now; because net.ipv4.ip_forward=1 is missing.
not everyone knows how to use "vi" (like for example I'm an emacs guy and I always just abort if I wind up in vi) so are you sure you're saving the file after editing it? you can see the contents using "cat [filename goes here]" after leaving vi
root@OpenWrt:~# cat /etc/sysctl.conf
# Defaults are configured in /etc/sysctl.d/* and can be customized in this file
net.ipv4.conf.all.mc_forwarding = 1
net.ipv6.conf.all.mc_forwarding = 1
root@OpenWrt:~#
root@OpenWrt:~# cat /etc/firewall.user
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
iptables -t mangle -A PREROUTING -i eth0 -d 224.0.0.0/4 -p udp -j TTL --ttl-set 2
root@OpenWrt:~#
awesome. Now it's supicious that your sysctl.conf is empty except for those lines we just put there... but I'm going to ignore that for the moment, and just ask you to restart the firewall /etc/init.d/firewall restart and see if you start being able to see the stream.
EDIT:
Also after restarting firewall also restart igmpproxy so it will put its firewall rules back in there.
root@OpenWrt:~# /etc/init.d/firewall restart
Warning: Unable to locate ipset utility, disabling ipset support
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing IPv6 filter table
* Flushing IPv6 mangle table
* Flushing conntrack table ...
* Populating IPv4 filter table
* Rule 'ubus:igmpproxy[instance1] rule 0'
* Rule 'ubus:igmpproxy[instance1] rule 1'
* Rule 'ubus:igmpproxy[instance1] rule 2'
* Rule 'ubus:igmpproxy[instance1] rule 3'
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Rule 'Allow-IGMP'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Rule 'ipv4 multicast forward for 224.0.0.0/4'
* Forward 'lan' -> 'wan'
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 nat table
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 filter table
* Rule 'Allow-DHCPv6'
* Rule 'Allow-MLD'
* Rule 'Allow-ICMPv6-Input'
* Rule 'Allow-ICMPv6-Forward'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Rule 'ipv6 multicast forward for ff00::/8'
* Forward 'lan' -> 'wan'
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 mangle table
* Zone 'lan'
* Zone 'wan'
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'
iptables v1.6.2: unknown option "--ttl-set"
Try `iptables -h' or 'iptables --help' for more information.
! Failed with exit code 2
root@OpenWrt:~# /etc/init.d/firewall start
Warning: Unable to locate ipset utility, disabling ipset support
Warning: The IPv4 firewall appears to be started already. If it is indeed empty, remove the /var/run/fw3.state file and retry.
Warning: The IPv6 firewall appears to be started already. If it is indeed empty, remove the /var/run/fw3.state file and retry.
root@OpenWrt:~#
also restarted igmpproxy
no stream 
You may need a kernel module to enable TTL support. use opkg to install
kmod-ipt-ipopt
Mushoz
211
No.
No. It's not needed AFAIK, unless the TTL is already too low on the WAN side.
1 Like
By default VLC sends out TTL=1 as far as I can see on the internet, so I'm pretty sure this is what's wrong!
1 Like
You would think so maybe, but it doesn't seem to make firewall rules for it, and it doesn't seem to have any other mechanism, so we'll see what happens after the OP gets the kmod installed. I'm hoping this finally fixes the issue and we can get an updated documentation on the current wiki.
same as before:
receiving queries, udp traffic, and reports
no stream
root@OpenWrt:~# tcpdump -i eth0 igmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
19:07:22.337280 IP 10.0.0.120 > 232.0.1.2: igmp v2 report 232.0.1.2
19:07:23.021819 IP 10.0.0.100 > 224.0.0.1: igmp query v2
19:07:25.697222 IP 10.0.0.120 > 232.0.1.2: igmp v2 report 232.0.1.2
19:07:33.026343 IP 10.0.0.100 > 224.0.0.1: igmp query v2
19:07:41.537221 IP 10.0.0.120 > 232.0.1.2: igmp v2 report 232.0.1.2
19:07:43.031211 IP 10.0.0.100 > 224.0.0.1: igmp query v2
19:07:47.996755 IP 10.0.0.120 > 224.0.0.2: igmp leave 232.0.1.2
19:07:48.037215 IP 10.0.0.120 > 232.0.1.2: igmp v2 report 232.0.1.2
19:07:53.035363 IP 10.0.0.100 > 224.0.0.1: igmp query v2
19:07:55.377230 IP 10.0.0.120 > 232.0.1.2: igmp v2 report 232.0.1.2
did everything exactly as told. then rebooted, restarted firewall and igmpproxy.
still receiving udp traffic
Did you install kmod-ipt-ipopt ?
when you run /etc/init.d/firewall restart does the output have any messages about "unknown option --ttl-set" etc?
It's installed
Summary
root@OpenWrt:~# opkg list-installed
ath10k-firmware-qca9887 - 2018-04-19-71e50312-1
base-files - 192-r7258-5eb055306f
busybox - 1.28.3-4
dnsmasq - 2.80test3-1
dropbear - 2017.75-5
firewall - 2018-07-26-aa8846bb-1
fstools - 2018-04-16-e2436836-1
fwtool - 1
hostapd-common - 2018-04-09-fa617ee6-5
igmpproxy - 0.2.1-4
ip-full - 4.16.0-8
ip6tables - 1.6.2-1
iptables - 1.6.2-1
iw - 4.14-1
iwinfo - 2018-07-24-94b1366d-1
jshn - 2018-07-25-c83a84af-1
jsonfilter - 2018-02-04-c7e938d6-1
kernel - 4.9.120-1-adfb989aae12e239d65a2c73ca35b8a3
kmod-ath - 4.9.120+2017-11-01-9
kmod-ath10k - 4.9.120+2017-11-01-9
kmod-ath9k - 4.9.120+2017-11-01-9
kmod-ath9k-common - 4.9.120+2017-11-01-9
kmod-cfg80211 - 4.9.120+2017-11-01-9
kmod-gpio-button-hotplug - 4.9.120-2
kmod-ip6tables - 4.9.120-1
kmod-ipt-conntrack - 4.9.120-1
kmod-ipt-core - 4.9.120-1
kmod-ipt-ipopt - 4.9.120-1
kmod-ipt-nat - 4.9.120-1
kmod-lib-crc-ccitt - 4.9.120-1
kmod-mac80211 - 4.9.120+2017-11-01-9
kmod-nf-conntrack - 4.9.120-1
kmod-nf-conntrack6 - 4.9.120-1
kmod-nf-ipt - 4.9.120-1
kmod-nf-ipt6 - 4.9.120-1
kmod-nf-nat - 4.9.120-1
kmod-nf-reject - 4.9.120-1
kmod-nf-reject6 - 4.9.120-1
kmod-nls-base - 4.9.120-1
kmod-ppp - 4.9.120-1
kmod-pppoe - 4.9.120-1
kmod-pppox - 4.9.120-1
kmod-scsi-core - 4.9.120-1
kmod-slhc - 4.9.120-1
kmod-usb-core - 4.9.120-1
kmod-usb-ehci - 4.9.120-1
kmod-usb-storage - 4.9.120-1
kmod-usb2 - 4.9.120-1
libblobmsg-json - 2018-07-25-c83a84af-1
libc - 1.1.19-1
libgcc - 7.3.0-1
libip4tc - 1.6.2-1
libip6tc - 1.6.2-1
libiwinfo - 2018-07-24-94b1366d-1
libiwinfo-lua - 2018-07-24-94b1366d-1
libjson-c - 0.12.1-1
libjson-script - 2018-07-25-c83a84af-1
liblua - 5.1.5-1
liblucihttp - 2018-05-18-cb119ded-1
liblucihttp-lua - 2018-05-18-cb119ded-1
libmnl - 1.0.4-1
libnl-tiny - 0.1-5
libpcap - 1.8.1-1
libpthread - 1.1.19-1
libubox - 2018-07-25-c83a84af-1
libubus - 2018-07-26-40e0931e-1
libubus-lua - 2018-07-26-40e0931e-1
libuci - 2018-08-11-4c8b4d6e-1
libuclient - 2018-08-03-ae1c656f-1
libxtables - 1.6.2-1
logd - 2018-02-14-128bc35f-2
lua - 5.1.5-1
luci - git-18.228.31946-f64b152-1
luci-app-firewall - git-18.228.31946-f64b152-1
luci-base - git-18.228.31946-f64b152-1
luci-lib-ip - git-18.228.31946-f64b152-1
luci-lib-jsonc - git-18.228.31946-f64b152-1
luci-lib-nixio - git-18.228.31946-f64b152-1
luci-mod-admin-full - git-18.228.31946-f64b152-1
luci-proto-ipv6 - git-18.228.31946-f64b152-1
luci-proto-ppp - git-18.228.31946-f64b152-1
luci-theme-bootstrap - git-18.228.31946-f64b152-1
mtd - 23
netifd - 2018-07-30-a0a1e52e-1
odhcp6c - 2018-07-14-67ae6a71-14
odhcpd-ipv6only - 1.10-1
openwrt-keyring - 2018-05-18-103a32e9-1
opkg - 2017-12-07-3b417b9f-2
pimbd - 2015-08-18-68f5fc803119e4b33a88b35c096f4d6ac28b6de5-1
ppp - 2.4.7-12
ppp-mod-pppoe - 2.4.7-12
procd - 2018-03-28-dfb68f85-1
rpcd - 2018-08-16-41333abe-1
rpcd-mod-rrdns - 20170710
swconfig - 11
tcpdump - 4.9.2-1
uboot-envtools - 2018.03-1
ubox - 2018-02-14-128bc35f-2
ubus - 2018-07-26-40e0931e-1
ubusd - 2018-07-26-40e0931e-1
uci - 2018-08-11-4c8b4d6e-1
uclient-fetch - 2018-08-03-ae1c656f-1
uhttpd - 2018-06-26-796d42bc-1
usign - 2015-07-04-ef641914-1
wireless-regdb - 2017-10-20-4343d359
wpad-mini - 2018-04-09-fa617ee6-5
root@OpenWrt:~#
still the same message
should I enter ttl when when sending the stream ? something like this gets created, Just an example: **--sout '#rtp{access=udp,mux=ts,dst=224.255.1.1,port=1234,sap,group="Video"**maybe put a ttl in there ?
I guess you need iptables-mod-ipopt in addition to the kmod
yeah you can do this for testing purposes, I think you want access=udp{ttl=10} or something like that but you're going to want to get that iptables-mod-ipopt installed and get it in your firewall.
will install it right now
