I recently bought a RB450G and two 250GS switches for my home. I have a 100/10 fiber connection and the ISP provides me with up to 5 ip addresses via dhcp. Currently I’m using a router provided by my ISP as according to them it’s needed to get the ip-tv service working.
Looking from the current routers settings I can see that it has obtained two wan addresses from the ISP, and one of them is in use for the ip-tv while the other is assigned to the rest of my network.
I have tested moving everything behind the routerboard but the ip-tv does not work any more. My guess is that I’m missing some rules (it blocks when trying to authenticate). I know the tv programs themselves are sent with multicast.
My idea was that I would try to get the routerboard to obtain two ip-addresses from my ISP (via dhcp). One of these ip-addresses would be used by my home network, the other by the ip-tv box. I don’t need any traffic between these networks. Since the ip-tv’s network would only include the ip-tv device, I figure it could also be a bridge, or a 1:1 nat.
To make things a bit more complicated my HTPC computer is behind the same socket as the ip-tv box. I am assuming I could get around this by making a separate vlan for my home network and the ip-tv network and sending both of them through the routerboard interface, and then having a 250GS switch for the devices.
Is this doable? Any pointers on how I could achieve this? I have been trying to go through the wiki, but while I do understand some of the concepts the terminology is pretty foreign and I have not found any cases that would be directly applicable to my case.
The last time I dealt with this, the tv could not be behind a NAT. That means pretty much on the WAN side of your routers. Not certain that is your case with you, but you should check before getting frustrated with the Mikrotik stuff.
I used x.x.x.x as the public ip, and 10.0.0.2 as the localnet address of the tv. Move these rules above any other rules in that list. Order is important.
If you have a masquerade in the nat section, change it to “chain=srcnat action=src-nat to-addresses=x.x.x.y”. That ip is the other public ip on your wan interface.
I think I need to first get this a bit further before testing the tv / dual wan. I’m still trying to figure out how to set up the vlans. I’m thinking I should have two vlans with the following networks:
I’ll need dhcp for vlan2 since that’s where all the computers will be. I’d like the dhcp range to start a bit high up in the pool to leave the possibility to assign a few ip’s manually.
Since I can’t manually assign an ip-address for the ip-tv box I guess I could also make a dhcp pool for that network with just one ip? Or make a bigger pool and define that client to receive a specific ip by mac-address?
First attempt at testing would be to get the vlans to work as assumed, that is: one wan address, vlans trunked to two router ports and separated at the switch end. I have not tested this all so there is probably some brain farts.
Make a bridge for the vlans, add them to physical ports:
/interface bridge add name="vlan-trunk" disabled=no
/interface bridge port set ether3,ether4 bridge=vlan-trunk
Why use VLANS? I would use the interfaces that are on the 450. Use ether3 and ether4 instead of the VLANs. Assign the addresses, assign the dhcp server(s), and run it.
I have one ethernet cable running from my switching cabinet to behind my tv. There I have:
HTPC → want it to be in my home network
TV → want it to be in my home network
IP-TV box → want it to be on the separate network
This is so that I can try the 1:1 nat for the IP-TV box
I have the 250GS switches which support vlans, so if I send two vlans on one cable I can assign them to switch ports so that they go to the different networks.
I got stuck with this for a while… Just bridging a connection with the IP-tv did not seem to work, and finally I put wireshark in between the wan port of my service providers router and the socket.
It seems the service providers router fetches 3 separate ip-addresses. One is just a plain normally aquired public ip which is for the lan. The second is a public ip for the ip-tv, only all related packets seem to be tagged for vlan 252 (on the wan side). the vlan tags are on everything from the DHCP request to the multicast messages. Finally the third address is a management ip from a private network also on a separate vlan (meaningless for me).
I’m guessing they probably manage who can use the ip-tv service by adding the vlan on the switch port leading to my apartment.
So, how complicated would it be to have two wan ip-addresses where one would be used for multicast (IGMP-Proxy) and the other for a normal nat for the workstations? I read through the IGMP proxy part of the wiki, it seemed simple enough (just at the time I did not understand I need to tag the outside packets for a vlan)…
