Home Hub 5A: IPTV streaming problem

erotavlas · September 18, 2018, 2:57pm

I think the rules are useless. Only add a roule which match the source address and then apply the right policy. The returned package should find the way to the right client.

Perfect.

Please also set the local_source to none there are a lot of problems with this configuration. This was a fault decision on the last release.

I tried to setup the option local_source into /etc/config/mwan3 to none instead of lan, but in this case even if the wan is online and active, I cannot surf to Internet.
Can be a firewall problem?

I am working on a solution.

Great, I saw it.

What about the firewall? Are the zone lan_iptv set up right?

The lan and lan_iptv are not bridged. This is my firewall configuration.

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option drop_invalid '1'

config zone
	option input 'ACCEPT'
	option output 'ACCEPT'
	option name 'lan'
	option conntrack '1'
	option network 'lan'
	option forward 'REJECT'

config zone
	option name 'wan'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	option input 'REJECT'
	option forward 'REJECT'
	option network 'wan wan6'
	option conntrack '1'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option proto 'esp'
	option target 'ACCEPT'
	option dest 'lan'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'
	option dest 'lan'

config rule
	option src 'wan'
	option proto 'igmp'
	option target 'ACCEPT'
	option name 'Allow-IGMPv6'
	option family 'ipv6'

config rule
	option name 'Allow-multicast'
	option src 'wan'
	option proto 'udp'
	option dest_ip '224.0.0.0/4'
	option target 'ACCEPT'
	option dest 'lan'

config include
	option path '/etc/firewall.user'

config zone
	option name 'vpn'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	option input 'REJECT'
	option forward 'REJECT'
	option network 'WIREGUARD openvpn'
	option conntrack '1'

config redirect
	option target 'DNAT'
	option src 'wan'
	option proto 'tcp'
	option src_dport '443'
	option dest_ip '192.168.1.1'
	option dest_port '443'
	option name 'Web server'
	option enabled '0'
	option dest 'lan'

config redirect
	option target 'DNAT'
	option src 'wan'
	option proto 'tcp'
	option src_dport '80'
	option dest_ip '192.168.1.1'
	option dest_port '80'
	option name 'Web server'
	option enabled '0'
	option dest 'lan'

config redirect 'adblock_dns_53'
        option name 'Adblock DNS, port 53'
        option proto 'tcp udp'
        option src_dport '53'
        option dest_port '53'
        option target 'DNAT'
        option src 'lan wlan'

config redirect 'adblock_dns_853'
        option name 'Adblock DNS, port 853'
        option proto 'tcp udp'
        option src_dport '853'
        option dest_port '853'
        option target 'DNAT'
        option src 'lan wlan'

config redirect 'adblock_dns_5353'
        option name 'Adblock DNS, port 5353'
        option proto 'tcp udp'
        option src_dport '5353'
        option dest_port '5353'
        option target 'DNAT'
        option src 'lan wlan'

config zone
	option forward 'REJECT'
	option name 'wwan'
	option masq '1'
	option mtu_fix '1'
	option input 'REJECT'
	option output 'ACCEPT'
	option conntrack '1'
	option network 'wwan wwan1 wwan2 wwan3'

config zone
	option output 'ACCEPT'
	option name 'wlan'
	option conntrack '1'
	option network 'wlan'
	option forward 'REJECT'
	option input 'REJECT'

config forwarding
	option dest 'wan'
	option src 'lan'

config forwarding
	option dest 'wan'
	option src 'wlan'

config zone
	option output 'ACCEPT'
	option name 'lan_iptv'
	option network 'lan_iptv'
	option conntrack '1'
	option input 'REJECT'
	option forward 'REJECT'

config forwarding
	option dest 'wan'
	option src 'lan_iptv'

config forwarding
	option dest 'wwan'
	option src 'lan_iptv'

config rule
	option target 'ACCEPT'
	option name 'Allow-DHCP-wlan'
	option proto 'udp'
	option src 'wlan'
	option dest_port '67'

config rule
	option target 'ACCEPT'
	option src 'wlan'
	option name 'Allow-DNS-wlan'
	option dest_port '53'

config rule
	option target 'ACCEPT'
	option src 'lan_iptv'
	option name 'Allow-DHCP-lan_iptv'
	option family 'ipv4'
	option proto 'udp'
	option dest_port '67'

config rule
	option target 'ACCEPT'
	option src 'lan_iptv'
	option name 'Allow-DNS-lan_iptv'
	option family 'ipv4'
	option proto 'udp'
	option dest_port '53'

config rule
	option target 'ACCEPT'
	option src 'lan_iptv'
	option proto 'all'
	option name 'Allow-ICMP-lan_iptv'

config rule
	option target 'ACCEPT'
	option name 'Allow-HTTP-lan_iptv'
	option proto 'all'
	option src 'lan'
	option dest 'lan_iptv'

erotavlas · October 13, 2018, 9:09pm

I finally found a solution to my problem
I also tried to use the same setting described above together with option local_source into /etc/config/mwan3 to lan_iptv instead of lan without results.
Finally, since it seems that 192.168.1.x subnet have to be the main routing path, I exchanged the interfaces lan and lan_iptv. Now lan_iptv uses 192.168.1.x subnet and all is working perfectly.
I do not know if this workaround it is expected or if there is a wrong configuration or a bug on mwan3.
I report the configuration below for the future users:
Network1 Network3 Network2

P.S. If someone needs help, I can copy here all the necessary configuration files.

system · October 23, 2018, 9:09pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.