Hi to everyone!
Sorry if this seems blunt. But it is like so.
Please, take a close look at this picture:
Thank you.
Hi to everyone!
Sorry if this seems blunt. But it is like so.
Please, take a close look at this picture:
Thank you.
After squinting for quite a while, I realize that there is no IPTV box in the diagram.
I assume you want to layer 2 trunk the TV box back to your non-OpenWrt main router and then somehow route it to the TV provider. I would approach this by first making sure that the TV network works properly with the TV box connected directly to the main router. Routing it to the TV provider can be tricky and since you're not using OpenWrt, it is outside the scope of this forum.
After that works, then your plan to add another VLAN and configure the switch at Location B should work like any of the other VLANs that you already have working.
Sending VLANs through an unmanaged switch is not a good practice. Some switches are "transparent" and will pass tagged packets unchanged. Others may drop all tagged packets and it won't work. In the first case there is no potential to isolate networks for security since all VLANs appear on all ports.
Hi, and thank you very much for your feedback.
Yes, it is quite a detailed network topology, and it took me a while to produce it. I am sorry to have made you squint so much.
Well, I've tested it and that STB works both on the wired ports of BOTH the ISP fiber router gateway, AND the HUAWEI K562, wireless repeater (and this was to my amazement, since I was not expecting that it would work on the HUAWEI K562, since it connects to the ISP router by means of a wireless connection).
So, if your assumption about the insecurity of the unmanaged switch holds, then I should remove this switch from the equation, and purchase some other (managed) switch, would it be so? Could I try to debug some more if there is any 'interference' between the location B router VLAN.40 and the non OpenWrt router?
Thank you very much for your help!
The TV box needs to work on the downstream side of the non-OpenWrt main router. You have not tested that yet. Your approach so far was to set up a network for it and route it. Or you could merely bridge the TV VLAN through it to the WAN side and make it passively part of the upstream network.
Hi,
Sorry for having mixed this up.
Yes I haven't tested it yet with the downstream non OpenWrt router.
Maybe it could work on the generic untagged interface. I will try that at once.
Meanwhile, (again) I don't quite follow you when you refer 'bridge the TV VLAN through it to the WAN side and make it passively part of the upstream network'
(What I understand by this is that I should create an additional bridge interface that would unite the downstream TV VLAN with the upstream ISP ROUTER LAN). I was looking for a way to do it without compromising the actual topology that I have. And there you are saying that it could be one way to do it. That is comforting somehow.
Thank you.
I am going to investigate that path and also check if the ISP STB can work behind that ARCH Router.
See you soon.
Hi, @mk24, now, I've tested the scenario with the ISP STB connected to the ARCH ROUTER. Unsuccessfully. So I believe that the first issue I have to solve is with the ARCH ROUTER itself.
Since it is a systemd-networkd managed system, what, if any, suggestions for reading, would you, @mk24, care to give?
Mind you, as this seems the right thing to do, I am going to forward this same issue/question, to the Arch Linux forums.
Nevertheless, since this spans several environments, I think that it is still advisable that the global outcome should be reported on all the pertaining (support) forums. This is why I am placing this question here on OpenWrt as well.
Thank you.
Hello again @mk24 .
I've been absent from this forum somehow because I've been losing my mind about trying to accomplish the deed of getting that ISP IPTV STB behind those network routers I've described earlier. Also I've edited the first post so that the image doesn't end up being so difficult to look at. Maybe you've noticed that already, and do forgive me for not doing that originally, it was a mishap.
Well, moving on, I've installed x86 EFI image on a flash pen and booted it up.
Did some testing and I can positively affirm that the x86 machine can handle that ISP STB alright.
Since it has two "adapters" (?) I can connect the x86 router up to the ISP gateway on one adapter and serve the IPTV down through the second adapter. I think I only had to set one bridge uniting lan with wan and be mindful that it had the settings for the igmp snooping and igmp version 3 enabled. Do not quote me about being sure if the x86 version had already the igmpproxy utility installed, because, unfortunately I'm not sure right now. That's how mixed up already I am after spending literally several days on this setup. Insane isn't it... Oh well ...
So I established that the x86 machine can handle the direct connection.
My questions now are:
How can I "export" that connection onto a subrouter.
Mind you I need to connect those 2 routers so that at least the subrouter can offer both Internet to its clients and the ISP IPTV STB service as well.
My presumptions right now are that:
Can you @mk24 , (or anyone else reading these awkward lines, that may have some insight to this setup), mind to help somehow?
Thank you!
Hi to everyone!
I've “managed” to have a workaround for this issue:
I am using, currently, the Cudy WR2100, MediaTek MT7621 ver:1 eco:3, that I was using to test that setup, but in a different situation, as a “workaround” solution.
Furthermore, I gave up wanting to do what apparently is impossible, to head on to some other solution (which, BTW seems to be working satisfactorily):
The “solution” (apparently) is to use relayd
and a direct “wireless connection” to the ISP router gateway, to set up a “wireless” (to wired) transparent bridge between that router gateway and the ISP's own STB. It is working alright, although there are some doubts, (caveats, perhaps), that are “bugging” me and unsettling my otherwise cheerful moment.
I am referring to enormous traffic on the involved interfaces: almost 400 GB in almost 8 hours!!! (Isn't this somehow strange/awkward/or unsustainable by the router's hardware)???
And the second consideration: Could I, use the other OpenWrt router instead of this one, to perform this “relayd” work? What I mean by this is:
Since it is already an access point to “subnetworks” that are “layered under” the main ISP's managed network, if I would then (conceptually, at least) provide a direct connection from the subrouters to the main ISP one, (and by that way, circumventing my own router that I have set to manage the subnets already in place), wouldn't I be hindering completely the preexisting network topology? I am thinking of network loops and the like, and in effects such as complete wreak of my network. Does this make sense? Or on the other hand, would it be alright to try to figure it out?
Finally, as a token of my appreciation, here is the whole configuration narrative that I used, along with its configuration files and other settings:
First, by your preferred fashion (luci web interface or by opkg method), install these packages:
luci-proto-relay
igmpproxy
Then, making sure to adapt to your hardware and network topology/addressing space:
# cat /etc/config/network :
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd3a:7eb7:e821::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
option igmp_snooping '1'
option multicast '1'
option igmpversion '3'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wwan'
option proto 'static'
option ipaddr '192.168.115.242'
option netmask '255.255.255.0'
option gateway '192.168.115.254'
list dns '192.168.115.254'
config interface 'relay_bridge'
option proto 'relay'
option ipaddr '192.168.115.242'
list network 'lan'
list network 'wwan'
config device
option name 'phy1-sta0'
option multicast '1'
# cat /etc/config/igmpproxy :
config igmpproxy
option quickleave '1'
config phyint
option network 'wwan'
option zone 'wwan'
option direction 'upstream'
option altnet '0.0.0.0/0'
config phyint
option network 'lan'
option zone 'lan'
option direction 'downstream'
option altnet '192.168.115.0/24'
# cat /etc/config/dhcp :
# yes, that is right, the file should look like this with empty lines!
# cat /etc/config/firewall :
# yes, that is right, the file should look like this with empty lines (as well)!
Then, enable (but also disable) the necessary services:
# /etc/init.d/relayd enable
# /etc/init.d/relayd start
# /etc/init.d/igmpproxy enable
# /etc/init.d/igmpproxy start
# /etc/init.d/firewall disable
# /etc/init.d/firewall stop
# /etc/init.d/dnsmasq disable
# /etc/init.d/dnsmask stop
And check if they are like so:
# service
Usage: service <service> [command]
/etc/init.d/boot enabled stopped
/etc/init.d/bootcount enabled stopped
/etc/init.d/cron enabled stopped
/etc/init.d/dnsmasq disabled stopped
/etc/init.d/done enabled stopped
/etc/init.d/dropbear enabled running
/etc/init.d/firewall disabled stopped
/etc/init.d/gpio_switch enabled stopped
/etc/init.d/igmpproxy enabled running
/etc/init.d/led enabled stopped
/etc/init.d/log enabled running
/etc/init.d/network enabled running
/etc/init.d/odhcpd enabled running
/etc/init.d/packet_steering enabled stopped
/etc/init.d/relayd enabled running
/etc/init.d/rpcd enabled running
/etc/init.d/sysctl enabled stopped
/etc/init.d/sysfixtime enabled stopped
/etc/init.d/sysntpd enabled running
/etc/init.d/system enabled stopped
/etc/init.d/ucitrack enabled stopped
/etc/init.d/uhttpd enabled running
/etc/init.d/umount enabled stopped
/etc/init.d/urandom_seed enabled stopped
/etc/init.d/urngd enabled running
/etc/init.d/wpad enabled running
Finally, reboot the router and (hopefully) behold!
Thank you for your attention/reading, and my only questions for now, before I set this thread as solved, are the ones that I made above (on this same post). Do they have a solution? If not, then, I will return here to set this thread issue as solved. Even if not addressing the original question, in fact it seems to me, that it is in a satisfactory status now.
Thank you all for reading and see you all (hopefully) soon!
Cheers!