-= IDS Communications Blog =-
Bell Fibe Internet & IPTV with pfsense
If you go through my Blog, you will notice that I wrote an article in January 2018 in regards to using your own router with Bell Fibe. In the previous Blog I was giving people the option to either activate the advanced DNZ option on their Home Hub 3000 (HH3000) or simply remove the HH3000. I was suggesting devices to handle the Fiber Optic conversion and referred to Forums where you were able to find posts on how to accomplish this and configure your systems.
At the time I was using the advanced DMZ option from my HH3000 which worked fine for me. One year later I started experiencing issues with my Network, including the VPN connections. My Firewall would get the WAN address of the HH3000 but for some obscure reason I was unable to reach the Internet. I called Bell hoping to get some help but I was told that if the advanced option was not working, it was not their problem. The first technician who answered the phone even told me that nobody was using this function (I bet he didn't even know this function existed!) Well, as mentioned in my previous Blog Post, Bell Aliant came up with a PDF documenting this function which let me believe that it should have been supported!
Well guess what? I got tired of Bell's BS and I decided to look online hoping to find out how I could get rid of my HH3000. I found a few Forums with valuable information but the gold mine was the Netgate Forum. On this post from zax123 I found enough information to get me started. The issue I ran into was that I was using a Check Point Firewall and most users were running pfsense. Since I was due to renew my licence and support ($300+/year in my case), I was easy to convince and decided to give pfsense a try.
After a few weeks and many hours searching, googling, posting ... I managed to get my Bell Fibe Internet and IPTV to fully work without the HH3000! Finally, I was able to ditch the HH3000! in an attempt to help others, I decided to come up with my own updated post on how to accomplish this.
Now, like me if you live on the East Coast (I live in Nova Scotia) and you would like to ditch your Bell Aliant HH3000, this "How To" guide is for you!
First of all you have to install pfsense. This guide will not give you direction on how to install and configure pfsense. In my scenario, my pfsense box has multiple network cards to suit my needs but to follow this guide you will only need 3 i.e.: WAN, LAN and IPTV.
Let's get started, for this tutorial I was using pfsense v2.4.4-release-p3. Please also note that I will not discuss the Bell Phone service.
First you need to remove the Fiber Optic cable from your HH3000 Modem. It comes out with the GBIC which can then be used in many ways (Directly in a switch, EdgeRouter X, Converter etc). In my case I chose to buy a TP-Link MC220L Media Converter like this one which was reasonably priced and easy to use.
*** BE CAREFUL as routes and gateway may vary depending on your region. I recently moved and my IPTV was not working. After conducting a packet capture I found out that I needed to adjust my configuration (Gateway, Routes, IGM) to reflect the new IP addresses.
First of all, on your WAN interface, under MAC Address - You have to spoof the MAC address of your HH3000 for the IPTV to obtain an IP address from the Network.
Under System / General Setup, set the DNS Servers to Bell Aliant and check the option DNS Server Override as shown below
Under Interfaces / VLANs, create 2 VLANS. The first one will be VLAN35 for your Fibe Internet and the second one will be VLAN34 for IPTV. Assign both VLANS to your WAN Interface.
Under Interfaces / Interface Assignments, we will create and enable all our Interfaces:
- Add the VLAN35 Interface, I named it "Internet". This Interface is DHCP;
- Add the VLAN 34 Interface, I named it "IPTV". This Interface is also DHCP;
- Add and configure an Interface for your LAN (I suggest NOT using 192.168.2.0/24 since this is the range we are going to use for the IPTV_LAN Interface)
- Add the last Interface, I named it IPTV_LAN. This Interface is configured with a Static IP which I used 192.168.2.1/24. This is the Interface where I connected my VAP device (Bell Fibe Access Point).
Now, if you connect your TP-Link Converter, insert your Fiber Optic on one end and your CAT5 (or CAT6) cable on the other end and link this cable to your WAN card you should have Internet. That's pretty much all you have to do if you only have Internet Service with Bell Fibe. If you also have IPTV, you should have received an IP address for your TV Service but your pfsense is not configured to route IPTV yet. Let's continue...
Enable and configure the DHCP Server for the IPTV_LAN Interface to assign IP addresses to your other Wireless Bell Boxes. Make sure that the DNS Servers are the Bell Aliant ones.
Configuring the IPTV Gateway is a little bit more tricky. You will have to use a packet sniffer to find out what is your Gateway since it is assigned statically and not through the DHCP. I used the pfsense Packet Capture function under Diagnostic and chose the IPTV Interface. My configuration looked like this one...
To capture my Gateway, I opened another pfsense instance and selected Status / Interfaces. In the other window I started monitoring the IPTV Interface. I returned to my Status / Interfaces window and Released / Renew my IP for the IPTV Interface. I waited a minute then stopped the capture. You should see communication where an IP, in my case 10.195.128.3 using port 67 talking to your IPTV local IP ex: 10.195.XXX.XXX on port 68. The first address is your Gateway.
Now, under System / Routing / Gateways, add your newly discovered Gateway and make sure that your Default Gateway IPv4 is set to your Internet Connection Gateway. I ran into issues where I was unable to reach the Internet and found out that this was my issue. You can also deactivate the dynamic Gateway created by default after your created the IPTV Interface.
Under System / Routing / Static Routes, add the following Routes
All the Routes have to be linked to the IPTV Gateway you just created.
Be aware that it is possible to have different routes depending of your IP address, if your IPTV IP address is in a different IP range than mentioned above, you will have to modify some entries.
Under Services / IGMP Proxy, add the same routes for the upstream. Leave the downstream blank.
Now we need to create rules under the Firewall. For this part, I will let you tweak the rules if you want to but for this tutorial I kept things easy by allowing ALL traffic IPv4 and IPv6 for the IPTV and IPTV_LAN Interfaces. I do not think that Bell is using IPv6 yet but I might be wrong. Like I said, I am keeping things easy here for the tutorial.
One important thing you have to do while creating these 2 rules is to check the box under Advanced Option / Allow IP options.
One last thing, to be on the safe side, configure Domain Overrides under Services / DNS Resolver / General Settings to redirect the following requests:
- tv.fibreop.ca / 220.127.116.11
- tv.fibreop.ca / 18.104.22.168
- iptv.microsoft.com / 22.214.171.124
- iptv.microsoft.com / 126.96.36.199
If you followed this guide and did everything right you should now have Internet and IPTV working without the use of the Bell HH3000!!!
This is the basic setup to have both services working without the HH3000, I am sure you can tweak some of the settings as you please. Like I said earlier this is the basic configuration.
It took me quite a bit of time and I did a lot of research as well to accomplish this and I cannot take the credit for this configuration. All I can say is that I promised myself to put an updated "Configuration Guide" together once I got things working and this is what I did!
I hope you enjoy, let me know what you think!
PS: If you notice mistake(s) or configuration error(s), please let me know. Remember, the ultimate goal is to help each other out!
I want to Thank the following people for sharing their knowledge, you guys helped me a lot!
@atirado Thank you for the kind comment and you are more than welcome, if this blog helped you out my goal was achieved!
If I am not mistaken (at least for residential services), the GPON serial number is used by Bell to assign an IP address. If you change the GPON I believe you might not be able to receive an IP from Bell. I tried in the past to use my own GPON and I never managed to connect. I even had to wait a few minutes after replacing the original GPON as I most likely triggered some port security with Bell and I was blocked ...
I know that because when the Tech came to activate my service, he had to call Bell and gave someone a serial number from my GPON. Like I said, this is my understanding... I have yet to hear back from someone who managed to use their own GPON.
Let me know if you manage to find a different answer or if I am wrong as I an trying to help people and post accurate information. : )
Both your original post and this one led me to finding out how to achieve the same set up on Bell Fiber for Business. Also, having been a fan of Linksys for many years I was keen to to use one of the OpenWRT routers again. Nothing necessarily wrong with Bell’s but I do enjoy tinkering with my network and the additional control. Both posts also helped me learn a lot about networking in general which is very useful for my work.
Your experience with Bell’s tech matches my own but in my case it was over a phone call when I requested to have the GPON put in bridge mode. The first technician, who installed the service, called to provide the serial. The second one, over the phone, confirmed the GPON is necessary but I felt maybe it really wasn’t because the explanation didn’t really convince me. Sadly, that confirms I can’t connect my router directly to the fiber.
It is interesting that Bell is using MAC address filters on top of authentication for accessing their network but I think it makes sense in an open network.
One thing that is different in my set up with the Turris Omnia router is that rather than creating VLANs as you did in the PFsense FW, is to connect directly the WAN’s physical interface to VLAN35 using a custom interface. I suspect this achieves the same result but it is one thing less to manage. I suspect this is possible due to the way this router is wired internally (WAN is connected directly to the CPU using an eth adapter which then goes to the switch through a couple of eth adapters).
so i followed this guide and im having a weird issue. I got internet/tv working.. but for my iptv regular hd/non-hd channels work perfectly fine, but 4k channels only load about 5-10 seconds then freeze. this happens until i change the channel and back. any ideas?
Next step would be to use a packet sniffer (wireshark) while watching a 4K channel and see if the traffic matches the route you already have configured. It might be related to IP route or IGMP in my opinion since the regular TV seems to be working fine. Usually Internet is not an issue (pretty straight forward) but TV is a bit more challenging.
Ok so I found it and it was different from the automatically generated gateway, so i manually added it, changed the static routes like you have in the guide, still didnt make a difference though. 4k still freezes :/ and I spoke with bell and they sent me a different box as well, same result.
I’m so close to getting but I got the dreaded issue with it stopping after 10 seconds and it seems to be a multicast issue/igmp but I completely redid it and still have that issue. Just wondering if there is anything else I can try? I’m in Newfoundland and with Bell Aliant.
Hi jeff146, it definitively sounds like an IGMP problem as I have had this issue and read all over people having this same problem. I take you followed the guide posted here… you might have to capture some packets (you can use pfsense to capture packet on you’re IPTV interface) and see if routes have changed. Maybe you have different IP addresses / routes up there (or maybe Bell updated their network). This would be my first advice to you considering that everything else seems to be working … make sure you review the guide… there’s a check box that needs to be checked as well (important part of the procedure).
Yes I did follow the guide and as well did the capture but couldn't find any different routes. The only one route for me was 10.227.0.0 as my gateway was 10.227.128.2. I tried 10.0.0.0/8 for the IGMP porxy so it covers everything and it's doing the same thing. I have the latest pfsense 2.5.2 and was just wondering if it's an issue with pfsense? I checked the IGMP file on pfsense and it's showing the correct entries.
Mine is connected to a Brocade ICX 6450 switch, anything we need to enable on the switch? I'm pretty sure IGMP snooping is set to passive for the entire switch as that's the default.
So you're Fiber is coming to a Fiber port on the switch where you have configured the VLANS correct? Mine was connected to a Media converter, therefore I did not have this config issue. It seems that your switch supports IGMP Snooping, it's just a matter of knowing if it can be left to default or if routes need to be added.. This is something I am not too sure to be honest.
Quick Google search brought me to this thread:
Where I participated, I found this reply:
"To make life easier, I carried the same IPTV VLAN Bell uses (34 in my case) into my Switch and just activated the appropriate ports and setup IGMP on the switch. Used a 192.168.x.x/24 address. I only have the one box but I cannot see a second causing issues with the broadcasts being contained to the ports needed. Are you using a switch and does it support Multicast and the configuration of it?"
It tells me that you might have to tweak the switch config a bit. You could maybe post there and ask the question to see if someone ran into the same issue as you did. Either way, it would be interesting to hear the outcome.
I actually have it coming into the pfsense box first for the WAN then have 10G SFP+ port going to the switch as outlined here:
Will definitely have to take a look but I guess I can plug it in directly to the pfsense box to test.
Luckily it's not something critical as we don't really watch TV and I just got the package as it's cheaper than getting just Internet.
Did you set your SFP nic port to 2.5G in pfsense? If you didn't do that, you won't get the full speed potential because Bell's sfp module won't auto negotiate and will in 1G max instead of 2.5G
An additional domain to add to the override list, leveraging the same authoritative DNS servers:
This was required for me to make the "Remote Setup" app work, to configure the bluetooth remote.
Hi @idscomm ,
First of all I would like to say that you did a great job explaining it step by step with screenshots (I am not that patient).
The second thing I would like to mention is the fact that I found on https://www.reddit.com/r/bell/comments/l96qne/bell_fibe_internet_tv_and_phone_with_pfsense/ that the VoIP Vlan used by Bell is VLAN 36.Maybe it is helpful for anyone.
Right now I'm just checking if it worth to switch from Videotron to Bell. I am a bit concerned about their reliability and support.
@Ket, Thank you for the kind comment. I usually put time and effort in my Blogs hoping to help others. I think it's easier to follow with printscreens... better than just plain text in my opinion and since I am not a Youtube Master kind of guy .. lol I go with a written blog.
Videotron was not bad back in my days when I used to live in Quebec... I don't know now since I left Quebec 13 years ago. I know that Bell Fibe has been great for me for the last 5 years here in Nova Scotia!
You need to check the following :
1. Did you configure in pfsense the Downstream interface for IGMP_Proxy as IPTV_LAN ?
2. What IGMP version you have configured on Brocade switch ?
I recommend you to use v3 because it can fail over to v2 without any configuration change.
3. Do you have IGMP querier enabled on Brocade switch for IPTV Vlan ?
To troubleshoot for switch issues in regards with multicast, you can use any gigabit unmanaged switch instead of Brocade (it will flood the multicast to all ports. Please see this for more explanation https://en.wikipedia.org/wiki/IGMP_snooping)
Not using IPTV, but followed all steps up until IPTV and my WAN interface is getting a 0.0.0.0 address, any tips?
Are you located in the Atlantic region? Just checking as I believe the VLAN for Internet might be different depending on your location.