Tutoriel en cours de rédaction.
0. Prérequis.Avoir flashé son ER-X avec OpenWRT 19.07.3
Savoir faire un marquage 802.1p p3 sur les paquets IGMP en sortie, voir ici
Comprendre les problèmes liés à la diffusion de trames multicast sur son réseau (et la solution de l'IGMP snooping)1. Accès internet.Si vous utilisez les règles fw par défaut d'OpenWRT, vous aurez accès à Internet (au moins IPv4) avec cette configuration (le spoof de l'@ MAC n'est obligatoire).
Pour IPv6 il faut calculer votre clientid en fonction de l'adresse MAC de votre bbox (pas d'IPv6 chez moi).
Pensez à activer l'offload qui fonctionne bien sur mt7621 dans la section firewall:
option flow_offloading '1'
option flow_offloading_hw '1'
/etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd07:aaaa:bbbb::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option igmp_snooping '1'
config device 'lan_eth0_1_dev'
option name 'eth0.1'
option macaddr '78:8a:20:aa:bb:cc'
config interface 'wan'
option proto 'dhcp'
option macaddr '28:9E:FC:AA:BB:CC'
option ifname 'eth0.100'
list dns '80.67.169.40'
list dns '80.67.169.12'
option peerdns '0'
config device 'wan_eth0_100_dev'
option name 'eth0.100'
option macaddr '78:8a:20:aa:bb:cc'
config interface 'wan6'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option macaddr '28:9E:FC:AA:BB:CC'
option ifname 'eth0.100'
list dns '2001:910:800::40'
list dns '2001:910:800::12'
option peerdns '0'
option clientid '30303a30333a30303...derp...'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
2. TV & replaysIl faut installer omcproxy ou igmpproxy (mcproxy n'utilise qu'IGMP v3).
Les paquets installés ajoutent des règles pour le multicast à la règle déjà existante pour l'IGMP.
Il faut aussi installer miniupnpd pour que la Miami (ici 192.168.1.2) puisse ouvrir un port pour le service TR-069
/etc/sysctl.conf
# Defaults are configured in /etc/sysctl.d/* and can be customized in this file
net.ipv4.conf.all.force_igmp_version=2
net.ipv4.conf.all.mc_forwarding = 1
/etc/config/firewall (partiel)
config defaults
option syn_flood '1'
option output 'ACCEPT'
option input 'DROP'
option drop_invalid '1'
option flow_offloading '1'
option flow_offloading_hw '1'
option forward 'DROP'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
option input 'DROP'
option forward 'DROP'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
option src '*'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config rule
list proto 'udp'
option dest_port '20000-30000'
option src 'wan'
option name 'Miami replays'
list src_ip '212.195.48.0/24'
list src_ip '212.195.244.0/24'
list src_ip '62.34.201.0/24'
list src_ip '194.158.119.0/24'
list src_ip '195.36.152.0/24'
option dest 'lan'
option target 'ACCEPT'
option family 'ipv4'
config redirect
list proto 'udp'
option src_dport '20000-30000'
option dest_ip '192.168.1.2'
option dest_port '20000-30000'
option src 'wan'
option name 'Replay 1'
option src_ip '212.195.48.0/24'
option target 'DNAT'
option dest 'lan'
config redirect
list proto 'udp'
option src_dport '20000-30000'
option dest_ip '192.168.1.2'
option dest_port '20000-30000'
option src 'wan'
option name 'Replay 2'
option src_ip '212.195.244.0/24'
option target 'DNAT'
option dest 'lan'
config redirect
list proto 'udp'
option src_dport '20000-30000'
option dest_ip '192.168.1.2'
option dest_port '20000-30000'
option src 'wan'
option name 'Replay 3'
option src_ip '62.34.201.0/24'
option target 'DNAT'
option dest 'lan'
config redirect
list proto 'udp'
option src_dport '20000-30000'
option dest_ip '192.168.1.2'
option dest_port '20000-30000'
option src 'wan'
option name 'Replay 4'
option src_ip '194.158.119.0/24'
option target 'DNAT'
option dest 'lan'
config redirect
list proto 'udp'
option src_dport '20000-30000'
option dest_ip '192.168.1.2'
option dest_port '20000-30000'
option src 'wan'
option name 'Replay 5'
option src_ip '195.36.152.0/24'
option target 'DNAT'
option dest 'lan'
/etc/config/dhcp (partiel)
config host 'Bouygtel4K'
option name 'Bouygtel4K-272011824123456'
option mac 'D0:05:2A:ee:ee:ee'
option ip '192.168.1.2'
option tag 'ByTel'
config tag 'ByTel'
option dhcp_option '6,194.158.122.10,194.158.122.15'
Au choix:/etc/config/omcproxy
config proxy
option scope global
option uplink wan
list downlink lan
config proxy
option scope global
option uplink wan6
list downlink lan
OU /etc/config/igmpproxy
config igmpproxy
option quickleave 1
# option verbose [0-3](none, minimal[default], more, maximum)
config phyint
option network wan
option zone wan
option direction upstream
list altnet 193.251.97.0/24
list altnet 89.86.97.0/24
list altnet 89.86.96.0/24
config phyint
option network lan
option zone lan
option direction downstream
list altnet 192.168.1.0/24
3. Bugs connusomcproxy: perte des chaînes TV après un zapping pendant aux maximum 2 minutes (il faut attendre, alors que les flux MC arrivent sur la Miami).
igmpproxy: macroblocs et freezes