Unfortunately I'm struggling with an issue, for which I would require some insights. let me explain what's happening:
- My ISP (Vodafone Portugal) TV Box works via IP.
- The first packets when you change channel go via unicast (this works).
- After ~30s the streaming changes to multicast and this is where the issue is at. No traffic flows (throughput drops from 7Mbps on assigned Ethernet port to 0)
My setup is as follows:
> rb750gr3 is connected to ISP router via ether1
> on ISP router unfortunately I can't bridge the ports, so mikrotik router is behind NAT , this is a limitation that Vodafone PT has.
> All ports in rb750gr3 are bridged through WAN
> IGMP snooping is enabled.
Here's a small diagram of my very simple and humble network:
What makes it work
- If you connect the TV Box directly to ISP router. This is expected.
- If you connect a switch (with igmp capabilities) to ISP router and then to TV Box.
Both are not valid options for me, the network cable that I run all the way down to the leaving room is also needed for other stuff that should be connected to mikrotik and not ISP router.
I know that the ISP router handles the traffic in different VLANs (100 for WAN, 105 for IPTV). But, since I have IGMP snooping enabled and everything is bridge, do I need to add the VLANs to mikrotik? I tried to do so, but it didn't work, or maybe I did something wrong along the way.
Any help on the matter would be really appreciated.
Here's my config:
Code: Select all
> system/routerboard/print
routerboard: yes
board-name: hEX
model: RB750Gr3
revision: r4
serial-number: HEG08VC622P
firmware-type: mt7621L
factory-firmware: 6.48.6
current-firmware: 6.48.6
upgrade-firmware: 7.11.2
/interface print detail
Flags: D - dynamic; X - disabled, R - running; S - slave; P - passthrough
0 R ;;; Vodafone Router
name="ether1[Internet]" default-name="ether1" type="ether" mtu=1500
actual-mtu=1500 l2mtu=1596 max-l2mtu=2026 mac-address=48:A9:8A:C6:A6:9E
ifname="eth0" ifindex=5 id=1 last-link-up-time=2023-11-09 19:02:26
link-downs=0
1 RS name="ether2[Office_switch]" default-name="ether2" type="ether" mtu=1500
actual-mtu=1500 l2mtu=1596 max-l2mtu=2026 mac-address=48:A9:8A:C6:A6:9F
ifname="eth1" ifindex=6 id=2 last-link-up-time=2023-11-09 19:02:22
link-downs=0
2 RS name="ether3[wifi]" default-name="ether3" type="ether" mtu=1500
actual-mtu=1500 l2mtu=1596 max-l2mtu=2026 mac-address=48:A9:8A:C6:A6:A0
ifname="eth2" ifindex=7 id=3 last-link-up-time=2023-11-09 19:03:01
link-downs=0
3 RS name="ether4" default-name="ether4" type="ether" mtu=1500 actual-mtu=1500
l2mtu=1596 max-l2mtu=2026 mac-address=48:A9:8A:C6:A6:A1 ifname="eth3"
ifindex=8 id=4 last-link-down-time=2023-12-06 02:55:46
last-link-up-time=2023-12-06 02:55:48 link-downs=2
4 S name="ether5" default-name="ether5" type="ether" mtu=1500 actual-mtu=1500
l2mtu=1596 max-l2mtu=2026 mac-address=48:A9:8A:C6:A6:A2 ifname="eth4"
ifindex=9 id=5 link-downs=0
5 R ;;; WireGuard VPN
name="WG_HomeVPN" type="wg" mtu=1420 actual-mtu=1420 ifname="wg8"
ifindex=12 id=8 last-link-up-time=2023-11-09 19:02:19 link-downs=0
6 R ;;; WAN Network (Local)
name="bridge[WAN]" type="bridge" mtu=auto actual-mtu=1500 l2mtu=1596
mac-address=48:A9:8A:C6:A6:9F ifname="br0" ifindex=46 id=6
last-link-down-time=2023-12-06 09:05:38
last-link-up-time=2023-12-06 09:05:38 link-downs=7
/interface bridge print
Flags: X - disabled, R - running
0 R ;;; WAN Network (Local)
name="bridge[WAN]" mtu=auto actual-mtu=1500 l2mtu=1596 arp=enabled
arp-timeout=auto mac-address=48:A9:8A:C6:A6:9F protocol-mode=rstp
fast-forward=yes igmp-snooping=yes multicast-router=temporary-query
multicast-querier=no startup-query-count=2 last-member-query-count=2
last-member-interval=1s membership-interval=4m20s querier-interval=4m15s
query-interval=2m5s query-response-interval=10s
startup-query-interval=31s250ms igmp-version=3 mld-version=1 auto-mac=no
admin-mac=48:A9:8A:C6:A6:9F ageing-time=5m priority=0x8000 max-message-age=20s
forward-delay=15s transmit-hold-count=6 vlan-filtering=no dhcp-snooping=yes
add-dhcp-option82=no
/ip address print
Flags: D - DYNAMIC
Columns: ADDRESS, NETWORK, INTERFACE
# ADDRESS NETWORK INTERFACE
;;; defconf
0 172.16.0.1/24 172.16.0.0 bridge[WAN]
1 10.2.0.1/24 10.2.0.0 WG_HomeVPN
2 D 192.168.1.210/24 192.168.1.0 ether1[Internet]
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input dst-port=51820 log=yes log-prefix=WG-FW-LOG protocol=udp
add action=accept chain=output out-interface=WG_HomeVPN
add action=accept chain=forward in-interface=WG_HomeVPN
add action=accept chain=input in-interface=WG_HomeVPN
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid log=yes
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=\
new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="Wireguard NAT" log-prefix=WIREGUARDLOGPIGGY out-interface=WG_HomeVPN
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Filtered Cloudflare to NGINX" dst-port=443 in-interface="ether1[Internet]" protocol=\
tcp src-address-list=cloudflare-ips to-addresses=172.16.0.44 to-ports=443
/ip firewall nat
add action=masquerade chain=srcnat comment="Wireguard NAT" log-prefix=WIREGUARDLOGPIGGY out-interface=WG_HomeVPN
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Filtered Cloudflare to NGINX" dst-port=443 in-interface="ether1[Internet]" protocol=\
tcp src-address-list=cloudflare-ips to-addresses=172.16.0.44 to-ports=443