@david Here's the IPTV howto. This is for me running on Bell Fibe in Canada, and includes IPTV and Internet. I'll add the general ideas behind the configuration:
Software Requirements:
General idea behind the configuration
This configuration's end goal boils down to the following:
1- Setup the switch to have two different vlans (One for Internet, one for TV) running on the appropriate Vlan IDs (For Bell Fibe in Canada, Internet runs on Vlan 35; and TV on Vlan 36). This could also be done on the same lan as your other devices, but then all your devices will get flooded with the multicast packets. Maybe not the best idea. Note that in the example below, my TV receiver is plugged into port #4. If you have more than one receiver, you can change the port assignment under the switches. TV Receivers on Wifi is not configured in this setup and will require manual investigation (I do not have wifi receivers).
2- There should be 6 total Interfaces: WAN (PPPoE runs over it), PPPoE (I named it PPPoE-Bell because of my ISP name, you can rename it if you'd like), lan (My main Lan), TVLan (Self-explanatory) and TV (Vlan36 Wan). Main lan is set on 192.168.1.x while TV is set to 192.168.2.x. Note that I have to clone my ISP provided modem's MAC on the main LAN for my internet to work.
3- Added IGMP Proxy. Configuration is pretty self-explanatory. If you renamed the interfaces you'll need to modify this config as well.
4- (Depends on your ISP) Bell runs on IGMP v2, so I had to add this line into /etc/sysctl.conf:
net.ipv4.conf.all.force_igmp_version=2
You can find which version your TV provider runs on by listening on the TV Lan interface with tcpdump and check which IGMP version it runs on. You should see something like:
igmp v2 report
5- Added igmp_snooping option on the TV Lan interface
6- Setup the firewall to let everything from the TV Wan to go to the TV Lan (Not like you really gotta protect it, but in theory you could only allow UDP and Multicast. Up to you.
7- Find your default TV route. That's where this gets a little difficult. I notice that LEDE keeps the last DHCP lease gateway only. So you can probably work this in your favor by going under Interfaces and 'Connect'ing the vlan 36 interface. This will kill your internet, but then if you route -n in SSH, you will be able to see your TV gateway. Add that gateway as a static route, reboot the router (Or reconnect your internet interface) and you're good to go.
Configurations
/etc/config/igmpproxy:
config igmpproxy
option quickleave 1
# option verbose 2
config phyint wan
option network TV
option direction upstream
# NOTE: Modify your altnets to point to your ISP's main network. 224.0.0.0/4 is the broadcasting mask so it can
# probably be retained.
list altnet 224.0.0.0/4
list altnet 10.0.0.0/8
config phyint lan
option network TVLan
option direction downstream
list altnet 192.168.2.0/16
/etc/config/network:
NOTE: You can remove the PPPoE connection if you don't need it. You need to add your modem's MAC address at the appropriate place, as well as your PPPoE login information (If applicable) I also deleted the static route from the config as it won't work for you.
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fde4:d132:9e84::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option _orig_ifname 'eth0.1 radio0.network1 radio1.network1 radio2.network1'
option _orig_bridge 'true'
option dns '8.8.8.8 8.8.4.4'
option ifname 'eth0.1'
config interface 'wan'
option proto 'dhcp'
option macaddr 'YOUR MODEMS MAC ADDRESS'
option type 'bridge'
option _orig_ifname 'eth1.2'
option _orig_bridge 'true'
option ifname 'eth1.2'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '1 2 3 5t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4t 6t'
option vid '35'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '36'
option ports '4t 5t'
config interface 'Bell'
option proto 'pppoe'
option ifname 'eth1.35'
option username 'PPPOELOGIN'
option password 'PPPOEPASSWORD'
option ipv6 'auto'
config interface 'TV'
option _orig_ifname 'eth1.36'
option _orig_bridge 'true'
option proto 'dhcp'
option ifname 'eth0.36'
option force_link '1'
option broadcast '1'
config switch_vlan
option device 'switch0'
option vlan '4'
option ports '0 6t'
option vid '3'
config interface 'TVLan'
option proto 'static'
option netmask '255.255.255.0'
option igmp_snooping '1'
option _orig_ifname 'eth1.3'
option _orig_bridge 'true'
option ifname 'eth1.3'
option ipaddr '192.168.2.1'
/etc/config/firewall:
NOTE: Pretty standard here. Allow traffic from main LAN to internet (But no forward or input). On the TV network,
allow everything. Again -- this can probably be limited more.
config rule
option target 'ACCEPT'
option dest 'lan'
option name 'All'
option src 'Internet'
config rule
option target 'ACCEPT'
option src 'lan'
option dest 'Internet'
option name 'All'
config defaults
option syn_flood '1'
option output 'ACCEPT'
option input 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
option masq '1'
option mtu_fix '1'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan'
config include
option path '/etc/firewall.user'
config zone
option output 'ACCEPT'
option name 'Internet'
option network 'Bell'
option masq '1'
option mtu_fix '1'
option input 'REJECT'
option forward 'REJECT'
config forwarding
option dest 'lan'
option src 'Internet'
config forwarding
option dest 'Internet'
option src 'wan'
config forwarding
option dest 'lan'
option src 'wan'
config forwarding
option dest 'wan'
option src 'Internet'
config zone
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option network 'TV'
option name 'TV'
option masq '1'
option mtu_fix '1'
config zone
option name 'TVLan'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option network 'TVLan'
option masq '1'
option mtu_fix '1'
config forwarding
option dest 'Internet'
option src 'lan'
config forwarding
option dest 'wan'
option src 'lan'
config forwarding
option dest 'Internet'
option src 'TVLan'
config forwarding
option dest 'TV'
option src 'TVLan'
config forwarding
option dest 'wan'
option src 'TVLan'
config forwarding
option dest 'TVLan'
option src 'TV'
config forwarding
option dest 'TVLan'
option src 'wan'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config rule
option src 'TV'
option proto 'igmp'
option target 'ACCEPT'
config rule
option src 'TV'
option proto 'udp'
option dest 'TVLan'
option dest_ip '224.0.0.0/4'
option target 'ACCEPT'
config rule
option src 'TV'
option proto 'udp'
option dest_ip '224.0.0.0/4'
option target 'ACCEPT'