-= IDS Communications Blog =-
Bell Fibe Internet & IPTV with pfsense
If you go through my Blog, you will notice that I wrote an article in January 2018 in regards to using your own router with Bell Fibe. In the previous Blog I was giving people the option to either activate the advanced DNZ option on their Home Hub 3000 (HH3000) or simply remove the HH3000. I was suggesting devices to handle the Fiber Optic conversion and referred to Forums where you were able to find posts on how to accomplish this and configure your systems.
At the time I was using the advanced DMZ option from my HH3000 which worked fine for me. One year later I started experiencing issues with my Network, including the VPN connections. My Firewall would get the WAN address of the HH3000 but for some obscure reason I was unable to reach the Internet. I called Bell hoping to get some help but I was told that if the advanced option was not working, it was not their problem. The first technician who answered the phone even told me that nobody was using this function (I bet he didn't even know this function existed!) Well, as mentioned in my previous Blog Post, Bell Aliant came up with a PDF documenting this function which let me believe that it should have been supported!
Well guess what? I got tired of Bell's BS and I decided to look online hoping to find out how I could get rid of my HH3000. I found a few Forums with valuable information but the gold mine was the Netgate Forum. On this post from zax123 I found enough information to get me started. The issue I ran into was that I was using a Check Point Firewall and most users were running pfsense. Since I was due to renew my licence and support ($300+/year in my case), I was easy to convince and decided to give pfsense a try.
After a few weeks and many hours searching, googling, posting ... I managed to get my Bell Fibe Internet and IPTV to fully work without the HH3000! Finally, I was able to ditch the HH3000! in an attempt to help others, I decided to come up with my own updated post on how to accomplish this.
Now, like me if you live on the East Coast (I live in Nova Scotia) and you would like to ditch your Bell Aliant HH3000, this "How To" guide is for you!
First of all you have to install pfsense. This guide will not give you direction on how to install and configure pfsense. In my scenario, my pfsense box has multiple network cards to suit my needs but to follow this guide you will only need 3 i.e.: WAN, LAN and IPTV.
Let's get started, for this tutorial I was using pfsense v2.4.4-release-p3. Please also note that I will not discuss the Bell Phone service.
First you need to remove the Fiber Optic cable from your HH3000 Modem. It comes out with the GBIC which can then be used in many ways (Directly in a switch, EdgeRouter X, Converter etc). In my case I chose to buy a TP-Link MC220L Media Converter like this one which was reasonably priced and easy to use.
*** BE CAREFUL as routes and gateway may vary depending on your region. I recently moved and my IPTV was not working. After conducting a packet capture I found out that I needed to adjust my configuration (Gateway, Routes, IGM) to reflect the new IP addresses.
First of all, on your WAN interface, under MAC Address - You have to spoof the MAC address of your HH3000 for the IPTV to obtain an IP address from the Network.
Under System / General Setup, set the DNS Servers to Bell Aliant and check the option DNS Server Override as shown below
Under Interfaces / VLANs, create 2 VLANS. The first one will be VLAN35 for your Fibe Internet and the second one will be VLAN34 for IPTV. Assign both VLANS to your WAN Interface.
Under Interfaces / Interface Assignments, we will create and enable all our Interfaces:
- Add the VLAN35 Interface, I named it "Internet". This Interface is DHCP;
- Add the VLAN 34 Interface, I named it "IPTV". This Interface is also DHCP;
- Add and configure an Interface for your LAN (I suggest NOT using 192.168.2.0/24 since this is the range we are going to use for the IPTV_LAN Interface)
- Add the last Interface, I named it IPTV_LAN. This Interface is configured with a Static IP which I used 192.168.2.1/24. This is the Interface where I connected my VAP device (Bell Fibe Access Point).
Now, if you connect your TP-Link Converter, insert your Fiber Optic on one end and your CAT5 (or CAT6) cable on the other end and link this cable to your WAN card you should have Internet. That's pretty much all you have to do if you only have Internet Service with Bell Fibe. If you also have IPTV, you should have received an IP address for your TV Service but your pfsense is not configured to route IPTV yet. Let's continue...
Enable and configure the DHCP Server for the IPTV_LAN Interface to assign IP addresses to your other Wireless Bell Boxes. Make sure that the DNS Servers are the Bell Aliant ones.
Configuring the IPTV Gateway is a little bit more tricky. You will have to use a packet sniffer to find out what is your Gateway since it is assigned statically and not through the DHCP. I used the pfsense Packet Capture function under Diagnostic and chose the IPTV Interface. My configuration looked like this one...
To capture my Gateway, I opened another pfsense instance and selected Status / Interfaces. In the other window I started monitoring the IPTV Interface. I returned to my Status / Interfaces window and Released / Renew my IP for the IPTV Interface. I waited a minute then stopped the capture. You should see communication where an IP, in my case 10.195.128.3 using port 67 talking to your IPTV local IP ex: 10.195.XXX.XXX on port 68. The first address is your Gateway.
Now, under System / Routing / Gateways, add your newly discovered Gateway and make sure that your Default Gateway IPv4 is set to your Internet Connection Gateway. I ran into issues where I was unable to reach the Internet and found out that this was my issue. You can also deactivate the dynamic Gateway created by default after your created the IPTV Interface.
Under System / Routing / Static Routes, add the following Routes
All the Routes have to be linked to the IPTV Gateway you just created.
Be aware that it is possible to have different routes depending of your IP address, if your IPTV IP address is in a different IP range than mentioned above, you will have to modify some entries.
Under Services / IGMP Proxy, add the same routes for the upstream. Leave the downstream blank.
Now we need to create rules under the Firewall. For this part, I will let you tweak the rules if you want to but for this tutorial I kept things easy by allowing ALL traffic IPv4 and IPv6 for the IPTV and IPTV_LAN Interfaces. I do not think that Bell is using IPv6 yet but I might be wrong. Like I said, I am keeping things easy here for the tutorial.
One important thing you have to do while creating these 2 rules is to check the box under Advanced Option / Allow IP options.
One last thing, to be on the safe side, configure Domain Overrides under Services / DNS Resolver / General Settings to redirect the following requests:
- tv.fibreop.ca / 18.104.22.168
- tv.fibreop.ca / 22.214.171.124
- iptv.microsoft.com / 126.96.36.199
- iptv.microsoft.com / 188.8.131.52
If you followed this guide and did everything right you should now have Internet and IPTV working without the use of the Bell HH3000!!!
This is the basic setup to have both services working without the HH3000, I am sure you can tweak some of the settings as you please. Like I said earlier this is the basic configuration.
It took me quite a bit of time and I did a lot of research as well to accomplish this and I cannot take the credit for this configuration. All I can say is that I promised myself to put an updated "Configuration Guide" together once I got things working and this is what I did!
I hope you enjoy, let me know what you think!
PS: If you notice mistake(s) or configuration error(s), please let me know. Remember, the ultimate goal is to help each other out!
I want to Thank the following people for sharing their knowledge, you guys helped me a lot!
Bell on the residential side is not helpful I agree with you. I called Support when I had issues with my Advanced DMZ and was told "this is an advanced feature, if it does not work there's nothing we can do" which is ridiculous... The function is there therefore it should work!! Anyway, I am using my own equipment for this reason, back in the day I had a phone line but never really research the VLAN settings but managed to have service work with my setup using a Patton box which was converting my line to VOIP. I then connected everything to my PBX and ended up with 2 lines lol the VOIP.MS one and Bell!
Thank you so much for this website/article. This is probably the best I've been able to find on this topic. I have a few questions and you're probably the only one who can help:
- Having followed your instruction from scratch twice in a row, I still get the Bell 4K PVR's Link LED blinking green continuously with the big blue Fibe logo on. I do get both IPs for the Internet and IPTV interfaces. Could you please provide a bit of an advice on how to troubleshoot this? The Internet works, it's the IPTV that's the issue.
- For the Gateway address, I managed to get mine using your packet capture instructions, however, I have no clue how you got 10.2.0.0/16 or 10.237.0.0/16. Can you please shed some light on that?
- At the end of your article, you're doing domain override twice on the same domain to two different IP addresses. Isn't that problematic?
Thanks a lot!
Thank you xeeaxe for the kind work. I usually put a lot of time an effort in my blog to make sure it's clear and well documented.
1. To troubleshoot that, do you see the TV playing a bit or not at all? I am not sure how comfortable you are with networking but it might be worth it to start a packet capture on the IPTV interface (like you did to get your default gateway) and then try to play something on TV, change channel so you register some networking activity on your capture. I suspect Bell's IPs might have changed or maybe they added range for 4K TV. Since I wrote this Blog my setup changed a bit... I still have Fibe but only Internet as I cut the cord with cable.
2. These 2 Networks came from research from other blogs (as per my reference) and Networks found while doing packet capture.
3. These override are only DNS resolver redirecting the 2 Domain names to Bell DNS Servers but if I recall, this step is not mandatory, you can try deleting the entries and see how it works. I believe this came from one of the reference Blog I read.
I hope this helps you resolve the issue. Internet is usually simple to configure but the IPTV side is the tricky one.
Keep me posted.
Thank you for your response. Btw, I'm in Moncton, NB, so not far from you. Follow up on point number 1:
- No TV, it won't even get there. All I see is a large Fibe logo with a blue background. It gets stuck on that screen while the green Link indicator on the PVR blinks continuously. I saw some traffic on the IPTV_LAN interface and a low data rate (almost like a 100B/s loop, see screenshot) on the IPTV (VLAN 34) interface (even when the PVR is unplugged!) but nothing else happens on the PVR. I could do packet capture on IPTV but I might end up with a load of data to "decipher".