Please help with network configuration - continued

Hi All,

I would need another advice with my network setup. It is continuation of Please help with network configuration.

I would need to add another host (raspberry pi) to a second router to have another TvHeadend running in IPTV with VlanID 16.

What is working in my setup (recap from previous post):
First router:

Second router:

I would connect raspberry pi also with openwrt to some port of "second router". Raspberry pi shall also run TvHeadend with IPTV as my "second router". But it should not get IPTV address from my IPTV provider by DHCP (this is done already by my "second router"), just to be on my LAN (set static IP of in LAN).

I have already tried to set IPTV to another port of "second router":

And set Raspberry pi as:

On a br-lan.1 I set static IP from my LAN (I can connect to openwrt Lucy => this is working) and set br-lan.16 (IPTV) as Unmanaged (not to care about IP addresses). But TvHeadend cannot connect to any IPTV source. Seems somthing is not correct in my setup. I am actually not sure if something like this is even possible

Thanks for any help.

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; \
uci export dhcp; uci export firewall

Post these for all the involved devices and also specify the network connectivity, such as RPi goes to port lan4 of the second router, which goes from wan to lan1 of the main router.

First router:

{
        "kernel": "5.15.167",
        "hostname": "OpenWrt",
        "system": "MediaTek MT7621 ver:1 eco:3",
        "model": "D-Link DIR-2660 A1",
        "board_name": "dlink,dir-2660-a1",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.5",
                "revision": "r24106-10cc5fcd00",
                "target": "ramips/mt7621",
                "description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
        }
}
package network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fd2b:84a0:b82d::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'wan'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.2.1'
        option device 'br-lan.1'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '2'
        list ports 'wan'

config device
        option type '8021q'
        option ifname 'br-lan'
        option vid '16'
        option name 'br-lan.16'

config device
        option name 'br-lan.1'

config device
        option name 'br-lan.2'
        option macaddr '00:08:02:D6:AE:BC'

config interface 'WAN'
        option proto 'dhcp'
        option device 'br-lan.2'

config interface 'IPTV'
        option device 'br-lan.16'
        option proto 'none'

config bridge-vlan
        option device 'br-lan'
        option vlan '16'
        option local '0'
        list ports 'lan4:t'
        list ports 'wan:t'

package dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

package firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'
        option flow_offloading '1'
        option flow_offloading_hw '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        option masq '1'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'WAN'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name '9981'
        option family 'ipv4'
        list proto 'tcp'
        option src 'wan'
        option src_dport '63981'
        option dest_ip '192.168.2.2'
        option dest_port '9981'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name '9982'
        option family 'ipv4'
        list proto 'tcp'
        option src 'wan'
        option src_dport '63982'
        option dest_ip '192.168.2.2'
        option dest_port '9982'

Second router:

{
        "kernel": "5.10.161",
        "hostname": "OpenWrt",
        "system": "ARMv7 Processor rev 4 (v7l)",
        "model": "Lamobo R1",
        "board_name": "lamobo,lamobo-r1",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.3",
                "revision": "r20028-43d71ad93e",
                "target": "sunxi/cortexa7",
                "description": "OpenWrt 22.03.3 r20028-43d71ad93e"
        }
}
package network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd0a:32b5:055a::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'wan'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.2.1'
        option device 'br-lan.1'
        list dns '192.168.2.1'
        option ipaddr '192.168.2.2'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'wan:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '16'
        list ports 'lan1:t'
        list ports 'wan:t'

config device
        option name 'br-lan.16'
        option type '8021q'
        option ifname 'br-lan'
        option vid '16'
        option macaddr '00:16:2a:80:0f:f2'

config interface 'IPTV'
        option proto 'dhcp'
        option device 'br-lan.16'
        option hostname 'IPTV'

config device
        option type 'bridge'
        option name 'docker0'

package dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option ignore '1'
        option dynamicdhcp '0'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

package firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

New Raspberry pi:

{
        "kernel": "5.15.167",
        "hostname": "OpenWrt",
        "system": "ARMv6-compatible processor rev 7 (v6l)",
        "model": "Raspberry Pi Model B Rev 2",
        "board_name": "raspberrypi,model-b",
        "rootfs_type": "ext4",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.5",
                "revision": "r24106-10cc5fcd00",
                "target": "bcm27xx/bcm2708",
                "description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
        }
}
package network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fded:a9bc:4aee::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'eth0'

config bridge-vlan
        option device 'br-lan'
        option vlan '16'
        list ports 'eth0:t'

config interface 'LAN'
        option proto 'static'
        option device 'br-lan.1'
        option ipaddr '192.168.2.3'
        option netmask '255.255.255.0'

config interface 'IPTV'
        option proto 'none'
        option device 'br-lan.16'

package dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

package firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

First and second routers work fine. First connect to provider internet and just forward IPTV data to second router. Second router get IP address for IPTV from provider DHCP.

Raspberry pi is connected to LAN1 on a second router.
I see in Lucy that connections to port are ok for all hosts.

If the Pi is not going to hold an IP address on the VLAN 16 TV network there is no reason to switch VLAN 16 to it. Make it a LAN device and route TV traffic in and out of it.

Avoid tagged and untagged on the same port. A cable carrying multiple VLANs should have all of them tagged.

And what are you doing with vlan16 in RPi? Is it redistributed to some SSID?

I am running TvHeadend app on it. I am setting muxes with interface br-lan.16, so I need this VLAN data to come to raspberry.

If the RPi doens't get an IP, then how will the app work?

It has static IP for LAN interface. But for IPTV interface already second router get provider IP by dhcp and I do not have other IP from provider to raspberry pi. So I would need to find some way how to "use only one IPTV IP for both devices"

I have changed ports with iptv to tagged for second router and raspberry pi. That was easy

But how to change raspberry pi to LAN device and route TV traffic in and out, this is too complicated for me.

Some functionality shall be added to second router to route TV traffic to LAN devices?

You would need to masquerade the IP of the RPi with the IP that the second router has in vlan16 interface. And I am not sure if that will work in case the provider controls how many logins it will get from the same IP.

My provider just check mac address of connected devices. If mac address is same as it requires (when signing the contract), this device get IP from DHCP. If other MAC tries to connect, it is forbidden.

Then proceed with masquerade and best of luck!

Thanks, need to read some information about it.

I decided to buy more powerful HW (Raspberry Pi 4) to allow TvHeadend to serve more clients. So no need to change my network setup

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.