IGMPProxy strange behaviour with multiple clients

I have setup an IGMPProxy to watch IPTV from my ISP.

Everything seems to be working when only one client is connected or two clients that are watching the same channel.

The problem is when a second client connects and watches a different channel. I got very strange behavior, from router hanging in 17.01.4 and extreme hanging in 18.06.1.

I have already tried different things like changing the igmpproxy quickleave off, but no results.

I currently run on OpenWrt 18.06.1 and here are my configs and the log produced with verbose 2.
I saw that kmod-bridge was not available for 18.06.1, so when upgraded I did not reinstalled that packages.
I had the packages installed on 17.01.4, but same results.

Thank you in advance,

Avatar999

/etc/config/igmpproxy

config igmpproxy
        option quickleave 1
#       option verbose [0-2]
        option verbose 2

config phyint
        option network IPTV_WAN
        option zone IPTV_WAN
        option direction upstream
#       list altnet 0.0.0.0/0
        list altnet 192.168.1.0/24
        list altnet 213.75.0.0/16


config phyint
        option network lan
        option zone lan
        option direction downstream

/etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix [Redacted]

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.254'
        option netmask '255.255.255.0'
        option delegate '0'
        option igmp_snooping '1'

config interface 'wan'
        option ifname 'eth0.6'
        option _orig_ifname 'eth0.6'
        option _orig_bridge 'false'
        option proto 'pppoe'
        option username [Redacted]
        option password [Redacted]
        option delegate '0'
        option peerdns '0'
        option dns [Redacted]
        option ipv6 '0'
        option keepalive '5 5'

config interface 'wan6'
        option ifname 'eth0.6'
        option _orig_ifname 'eth0.6'
        option _orig_bridge 'false'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'auto'

config interface 'OpenVPN'
        option proto 'static'
        option ifname 'tun0'
        option delegate '0'
        option ipaddr '10.250.250.1'
        option netmask '255.255.255.248'

config interface 'IPTV_WAN'
        option ifname 'eth0.4'
        option proto 'static'
        option delegate '0'
        option ipaddr '10.198.98.231'
        option netmask '255.255.240.0'
        option gateway '10.198.96.1'
        option broadcast '10.198.111.255'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '2 3 4 5 0t'

config switch_vlan
        option device 'switch0'
        option vlan '4'
        option ports '1t 0t'
        option vid '4'

config switch_vlan
        option device 'switch0'
        option vlan '6'
        option ports '1t 0t'
        option vid '6'

config switch_vlan
        option device 'switch0'
        option vlan '7'
        option ports '1t 5t 0t'
        option vid '7'

config route
        option interface 'IPTV_WAN'
        option target '213.75.112.0/21'
        option gateway '10.198.96.1'

/etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option drop_invalid '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config zone
        option name 'IPTV_WAN'
        option network 'IPTV_WAN'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config zone
        option name 'OpenVPN'
        option network 'OpenVPN'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config forwarding
        option src 'lan'
        option dest 'IPTV_WAN'

config forwarding
        option src 'OpenVPN'
        option dest 'lan'

config forwarding
        option src 'OpenVPN'
        option dest 'lan'

config forwarding
        option src 'OpenVPN'
        option dest 'wan'

config forwarding
        option src 'lan'
        option dest 'OpenVPN'

config forwarding
        option src 'wan'
        option dest 'OpenVPN'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Allow-OpenVPN-Inbound'
        option src 'wan'
        option dest_port [Redacted]
        option proto [Redacted]
        option target 'ACCEPT'

config rule
        option name 'Allow-IPTV'
        option src 'IPTV_WAN'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP-IPTV'
        option src 'IPTV_WAN'
        option proto 'udp'
        option dest 'lan'
        option dest_ip '224.0.0.0/4'
        option family 'ipv4'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

/tmp/system.log

https://pastebin.com/HULtvSiq

Have you tried quickleave 0?

Yes, but no result :frowning:

1 Like

Apologies, I see you note that in the first post.

What is the make/model of your router?

It's built-in to Busybox.

Are you certain this is the only source of traffic?

i'm slightly puzzled by your config.
The setup seems to match the one for the Dutch KPN FTTH provider, yet you set a fixed ip-address for the IPTV VLAN. That IP is normally DHCP based. If you set that to DHCP it should get the IPTV routing info from the DHCP offer. After that you should be able to delete all self configured firewall rules that allow IGMP as the new IGMP startup service will automatically inject the right firewall rules into the firewall at startup time.

setting it to DHCP would require setting the vendor ID option for the IPTV vlan as well:
option vendorid 'IPTV_RG'

1 Like

No problem :stuck_out_tongue:

TL-WDR4300

Yes, I tried 0.0.0.0/0 before and that didn't change anything

You are correct I am using KPN FTTH for this setup.

I have changed it from DHCP server to static, because the range of the IP's is switching for some reason. Because of this the static route and default gateway (for IPTV_WAN) does not work. I have not tried to remove all self-created firewall rules with the DHCP option. I have followed multiple tutorials:

http://netwerkje.com/iptv (Dutch)
https://www.benweb.eu/articles/technical/kpn-glasvezel-met-lede-openwrt-fork/ (Dutch)
https://openwrt.org/docs/guide-user/network/wan/udp_multicast (English).

However, none of them worked for me :disappointed_relieved:

New URL: https://openwrt.org/docs/guide-user/network/wan/udp_multicast

The old page is for archival purposes only and will receive no updates any more.

1 Like

I once started with that as well, but most of that stuff is outdated and overly complex.
I use the same provider, and removed 80% of the setup over time. E.g. The static route, the (somewhat unsecure) firewall rules, internal wacky dns setup, etc.

Only thing i can state is that here its working fine. Might be your setup, might also be the switch driver of your wireless router.

Thanks. I updated the link in my question, because the pages are use the same configuration (for now)