Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Making Telekom IPTV work with double PPPoE, cannot reach LAN from OPT1
« previous
next »
Print
Pages: [
1
]
Author
Topic: Making Telekom IPTV work with double PPPoE, cannot reach LAN from OPT1 (Read 1627 times)
NovyLevi
Newbie
Posts: 8
Karma: 0
Making Telekom IPTV work with double PPPoE, cannot reach LAN from OPT1
«
on:
October 29, 2023, 10:13:14 pm »
Hey everyone!
Total opnsense newbie here. I have a Telekom Android IPTV and wanted it to be able to communicate with my NAS on the local network, but simply connecting the TV box to the opnsense box of course doesn't work.
I have found on the internet, that the best way is to keep a separate network for the IPTV and use OPNsense as a gateway between the IPTV box and the ONT while also having pppoe on so that the IPTV has internet access and can use IGMP without having to proxy it.
IPTV network is IPV4 only and is configured as static and has the ONT as the upstream gateway. Probably the problem is that OPNsense tries to forward all the packets to the ONT instead of sending them to the LAN interface?
I have configured everything as can be seen in the attachments. I can access the internet from both IPTV and LAN networks. I can also reach the IPTV network from LAN, for example, open the ONT configuration, but not the other way. I cannot ping the LAN network from IPTV, and also cannot ping the OPNsense router's IPTV address.
It is definitely a firewall/nat configuration that I am missing... but after reading everything online I still have no idea what.
Any help is appreciated!
Logged
NovyLevi
Newbie
Posts: 8
Karma: 0
Re: Making Telekom IPTV work with double PPPoE, cannot reach LAN from OPT1
«
Reply #1 on:
November 01, 2023, 08:04:50 am »
Update: This is definitely a firewall misconfiguration, as after turning off the firewall it works flawlessly, both networks can reach one other.
Or a NATing issue, as disabling the firewall also disables NATing
«
Last Edit: November 01, 2023, 08:06:45 am by NovyLevi
»
Logged
NovyLevi
Newbie
Posts: 8
Karma: 0
Re: Making Telekom IPTV work with double PPPoE, cannot reach LAN from OPT1
«
Reply #2 on:
November 01, 2023, 08:13:20 am »
With all the firewall rules set to be logged, trying to open a lan web UI (10.58.1.2) from the IPTV network (10.58.0.39) produces the attached output.
The packet is received by the firewall, and forwarded to the right place, but then I see no response or denied packets, yet the request on the iptv network device still times out. (Activity was filtered to the two ips mentioned above.)
«
Last Edit: November 01, 2023, 08:15:30 am by NovyLevi
»
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Making Telekom IPTV work with double PPPoE, cannot reach LAN from OPT1
«
Reply #3 on:
November 01, 2023, 10:53:55 am »
The setup is not clear to me yet. I get there are two interfaces and setup as two networks in OPN.
What it isn't clear is if you have a device intended for one interface plugged into an isp router instead of opn. Also if there are two devices pulling a public ip and authenticating to the isp network by PPoE.
Additionally if what appears as the isp router, dhcp is disabled but is it in bridge mode (modem only ppoe) or are there any other router/firewall functions still enabled.
It just looks confused or very unorthodox.
Logged
NovyLevi
Newbie
Posts: 8
Karma: 0
Re: Making Telekom IPTV work with double PPPoE, cannot reach LAN from OPT1
«
Reply #4 on:
November 04, 2023, 10:21:41 pm »
Of course, this topology looks chaotic, if I didn't know what was going on, I would also say the same 😅
The thing is that the latest type of Android TV box (the one that I have) doesn't (really) work without being directly connected to the ONT. This topology was recommended on an official Hungarian telekom forum, as this way the TV box can freely communicate with the ONT and additionally, no IGMP messages flood the main network. With Telekom allowing two pppoe users, the ONT can also dial-in, so the TV box can access the internet via its "own public IP" without having to tinker with opnsense forwarding the IPTV address ranges to the correct gateway, IGMP proxying and so on. This should be the best way for the TV box to also be able to reach the main network, for example, to play movies from a NAS (or so they say...).
So let's say that the topology isn't the issue here, but just simply me a dumb newbie not being able to correctly configure routing/nating/firewalling between two networks.
What am I missing? It's probably obvious from the logs, that packets are sent out from the router, but no response can be seen... NATing?
Thank you for helping me in advance!
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Making Telekom IPTV work with double PPPoE, cannot reach LAN from OPT1
«
Reply #5 on:
November 04, 2023, 10:42:22 pm »
Right, I begin to understand.
You're probably missing an allow in firewall rule in on the LAN interface. Source "IPTV net". That is a rule that will allow traffic in on the LAN interface, for traffic coming from the IPTV network.
Might not free you from having to deal with igmp proxying requirements but start from there.
Logged
NovyLevi
Newbie
Posts: 8
Karma: 0
Re: Making Telekom IPTV work with double PPPoE, cannot reach LAN from OPT1
«
Reply #6 on:
November 25, 2023, 06:02:56 pm »
Hi!
Sorry for the late reply, I didn't have time to mess with my homelab recently.
I have created the rule you said, or so do i believe. Now for example opening a webserver on LAN (10.58.1.21:8080) and trying to reach it from IPTV (10.58.0.38) causes the server on LAN to receive the packets, but are not forwarded back to the IPTV network. (See the attached screenshots, wireshark running on the server)
Yet when I initiate the connection from the LAN side, then I successfuly get a response from the IPTV side.
Thanks for the help
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Making Telekom IPTV work with double PPPoE, cannot reach LAN from OPT1