-= IDS Communications Blog =-
Bell Fibe Internet & IPTV with pfsense
If you go through my Blog, you will notice that I wrote an article in January 2018 in regards to using your own router with Bell Fibe. In the previous Blog I was giving people the option to either activate the advanced DNZ option on their Home Hub 3000 (HH3000) or simply remove the HH3000. I was suggesting devices to handle the Fiber Optic conversion and referred to Forums where you were able to find posts on how to accomplish this and configure your systems.
At the time I was using the advanced DMZ option from my HH3000 which worked fine for me. One year later I started experiencing issues with my Network, including the VPN connections. My Firewall would get the WAN address of the HH3000 but for some obscure reason I was unable to reach the Internet. I called Bell hoping to get some help but I was told that if the advanced option was not working, it was not their problem. The first technician who answered the phone even told me that nobody was using this function (I bet he didn't even know this function existed!) Well, as mentioned in my previous Blog Post, Bell Aliant came up with a PDF documenting this function which let me believe that it should have been supported!
Well guess what? I got tired of Bell's BS and I decided to look online hoping to find out how I could get rid of my HH3000. I found a few Forums with valuable information but the gold mine was the Netgate Forum. On this post from zax123 I found enough information to get me started. The issue I ran into was that I was using a Check Point Firewall and most users were running pfsense. Since I was due to renew my licence and support ($300+/year in my case), I was easy to convince and decided to give pfsense a try.
After a few weeks and many hours searching, googling, posting ... I managed to get my Bell Fibe Internet and IPTV to fully work without the HH3000! Finally, I was able to ditch the HH3000! in an attempt to help others, I decided to come up with my own updated post on how to accomplish this.
Now, like me if you live on the East Coast (I live in Nova Scotia) and you would like to ditch your Bell Aliant HH3000, this "How To" guide is for you!
First of all you have to install pfsense. This guide will not give you direction on how to install and configure pfsense. In my scenario, my pfsense box has multiple network cards to suit my needs but to follow this guide you will only need 3 i.e.: WAN, LAN and IPTV.
Let's get started, for this tutorial I was using pfsense v2.4.4-release-p3. Please also note that I will not discuss the Bell Phone service.
First you need to remove the Fiber Optic cable from your HH3000 Modem. It comes out with the GBIC which can then be used in many ways (Directly in a switch, EdgeRouter X, Converter etc). In my case I chose to buy a TP-Link MC220L Media Converter like this one which was reasonably priced and easy to use.
*** BE CAREFUL as routes and gateway may vary depending on your region. I recently moved and my IPTV was not working. After conducting a packet capture I found out that I needed to adjust my configuration (Gateway, Routes, IGM) to reflect the new IP addresses.
First of all, on your WAN interface, under MAC Address - You have to spoof the MAC address of your HH3000 for the IPTV to obtain an IP address from the Network.
Under System / General Setup, set the DNS Servers to Bell Aliant and check the option DNS Server Override as shown below
Under Interfaces / VLANs, create 2 VLANS. The first one will be VLAN35 for your Fibe Internet and the second one will be VLAN34 for IPTV. Assign both VLANS to your WAN Interface.
Under Interfaces / Interface Assignments, we will create and enable all our Interfaces:
- Add the VLAN35 Interface, I named it "Internet". This Interface is DHCP;
- Add the VLAN 34 Interface, I named it "IPTV". This Interface is also DHCP;
- Add and configure an Interface for your LAN (I suggest NOT using 192.168.2.0/24 since this is the range we are going to use for the IPTV_LAN Interface)
- Add the last Interface, I named it IPTV_LAN. This Interface is configured with a Static IP which I used 192.168.2.1/24. This is the Interface where I connected my VAP device (Bell Fibe Access Point).
Now, if you connect your TP-Link Converter, insert your Fiber Optic on one end and your CAT5 (or CAT6) cable on the other end and link this cable to your WAN card you should have Internet. That's pretty much all you have to do if you only have Internet Service with Bell Fibe. If you also have IPTV, you should have received an IP address for your TV Service but your pfsense is not configured to route IPTV yet. Let's continue...
Enable and configure the DHCP Server for the IPTV_LAN Interface to assign IP addresses to your other Wireless Bell Boxes. Make sure that the DNS Servers are the Bell Aliant ones.
Configuring the IPTV Gateway is a little bit more tricky. You will have to use a packet sniffer to find out what is your Gateway since it is assigned statically and not through the DHCP. I used the pfsense Packet Capture function under Diagnostic and chose the IPTV Interface. My configuration looked like this one...
To capture my Gateway, I opened another pfsense instance and selected Status / Interfaces. In the other window I started monitoring the IPTV Interface. I returned to my Status / Interfaces window and Released / Renew my IP for the IPTV Interface. I waited a minute then stopped the capture. You should see communication where an IP, in my case 10.195.128.3 using port 67 talking to your IPTV local IP ex: 10.195.XXX.XXX on port 68. The first address is your Gateway.
Now, under System / Routing / Gateways, add your newly discovered Gateway and make sure that your Default Gateway IPv4 is set to your Internet Connection Gateway. I ran into issues where I was unable to reach the Internet and found out that this was my issue. You can also deactivate the dynamic Gateway created by default after your created the IPTV Interface.
Under System / Routing / Static Routes, add the following Routes
- 10.2.0.0/16
- 10.237.0.0/16
- 10.195.0.0/16
All the Routes have to be linked to the IPTV Gateway you just created.
Be aware that it is possible to have different routes depending of your IP address, if your IPTV IP address is in a different IP range than mentioned above, you will have to modify some entries.
Under Services / IGMP Proxy, add the same routes for the upstream. Leave the downstream blank.
Now we need to create rules under the Firewall. For this part, I will let you tweak the rules if you want to but for this tutorial I kept things easy by allowing ALL traffic IPv4 and IPv6 for the IPTV and IPTV_LAN Interfaces. I do not think that Bell is using IPv6 yet but I might be wrong. Like I said, I am keeping things easy here for the tutorial.
One important thing you have to do while creating these 2 rules is to check the box under Advanced Option / Allow IP options.
One last thing, to be on the safe side, configure Domain Overrides under Services / DNS Resolver / General Settings to redirect the following requests:
- tv.fibreop.ca / 47.55.55.55
- tv.fibreop.ca / 142.166.166.166
- iptv.microsoft.com / 47.55.55.55
- iptv.microsoft.com / 142.166.166.166
If you followed this guide and did everything right you should now have Internet and IPTV working without the use of the Bell HH3000!!!
This is the basic setup to have both services working without the HH3000, I am sure you can tweak some of the settings as you please. Like I said earlier this is the basic configuration.
It took me quite a bit of time and I did a lot of research as well to accomplish this and I cannot take the credit for this configuration. All I can say is that I promised myself to put an updated "Configuration Guide" together once I got things working and this is what I did!
I hope you enjoy, let me know what you think!
PS: If you notice mistake(s) or configuration error(s), please let me know. Remember, the ultimate goal is to help each other out!
REFERENCES:
Netgate Forum
https://forum.netgate.com/topic/78892/how-to-get-bell-fibe-in-quebec-ontario-internet-and-iptv-working-with-pfsense
DSLReports Forum
https://www.dslreports.com/forum/r32420749-
I want to Thank the following people for sharing their knowledge, you guys helped me a lot!
Comments 104
I am yes, New Brunswick
Ok, I’ll need more details. What type of equipment are you using and what is your current setup? You’re with Bell Alliant I presume?
I am with Alliant, trying to use pfsense, with a gigabit fiber media converter (https://www.amazon.ca/gp/product/B06XC1VDMD?ref_=pe_1822470_153573050_E_Asin_Title), have the Bell HomeHub3000 also. I put the SFP module into the media converter SPF slot and have CAT5 going from the converter to the WAN port on pfsense.
Well that’s pretty straight forward as you are using the same equipment as I was (Bell GPON to the converter and converter to PFsense). You are using the original GPON provided by Bell right? These are coded to give you an IP based on the serial number of the device. I take you have reviewed your settings following my procedure?
Great writeup. I plan on doing this, but I've got an Asus AX92U, so the interface is obviously slightly different.
In particular, in the IPTV tab I have to use Manual Setting for the ISP profile, then set Internet VID to 35 to get internet service. Under that, there's Lan port 3 and Lan port 2. Under which of those would I plug in 34(or 36?) under VID to get the wireless TV receivers to work?
https://www.asus.com/us/support/FAQ/1011708/
Hi Matthew,
Thanks for the positive comment . I am not familiar with your router but after looking at the link you shared, I don't know if it matters which port you use as long as it is configured properly.
You'll have to excuse me as I'm not terribly savvy.
When I see "LAN port" I think that the TV boxes need to be wired to LAN 3 or LAN 2 (or both if I have two TV's). What you're saying is, provided I set everything else up correctly, I should be able to plug in those values in one or the other port and the wireless Bell TV boxes should work?
No worries Matthew, we are all here to help each other, this is my goal and the main purpose of this site.
LAN stands for Local Area Network... The fact that you have 3, 4 or 5 LAN ports means that you can configure them either as a whole (like a switch) or independent meaning that each one of them can be on a separate network.
In my case, I was using the Bell WAP (Bell Wireless Access Point for the Receivers) which I connected to a separate Network Card (like your LAN2 or LAN3 port, same principle) and I configure this Network card to be in the 192.168.2.0 Network since this is the address for the Local Network on Bell Router. I activated the DHCP on that Interface and me receivers received their IP address... The routing was done by pfsense if that make sense.
Not sure if this helps you understand a little bit more...
Thanks for the instructions, this is the only reason I took a chance on pfsense with IPTV on Bell. Unfortunately I can't seem to keep IPTV working after upgrading to version 2.5.2. I've tried twice now, and both times after a day or two the TV output gets stuck and nothing fixes it. Internet works fine.
Worked fine on 2.5.0 and 2.5.1 for many months. I have to reinstall the 2.5.0/1 versions and then it comes right back.
in 2.5.2 they went back to older unbound version which might be related, I don't know. I've had unbound and also IGMP proxy crash quickly with 2.5.2 and my config. I'm shocked that those could crash at all given how reliable this is supposed to be. I really don't want this to be hardware problem, it's on a new protectli box I've already had to get replaced once. Are you on the older versions of pfsense still? Any thoughts?
I know they upgraded unbound at some point but replaced/downgraded the version for instability issues in version 2.5.2. I have not done the research but if it's the same version as 2.5.0 (or 2.5.1) unbound should not be the issue... or it's a combination of more than one issues...
I am also using a Protectli box (which are great IMO) but my setup has changed since this writeup as I have canceled IPTV, I kept Internet only so I unfortunately can't answer your question in regards to IPTV and pfsense new version.... hopefully some will be able to bring some light on what the issue might be.
Thanks for the reply. Yes they changed to older version of unbound in 2.5.2: 2.5.0 and 2.5.1 had the newer one. They went back because it was supposed to be more stable.
Maybe it’s something else, maybe I’ll cancel TV before I figure it out!
I'm having a hard time getting my 1Gbps up and down.
I have a TP-Link ER7206 router. I took my SFP / GPON out of my HH3K and put it into the ER7206. I then configured the router to VLAN 35 and did the MAC address spoofing on that port (whether or not it's needed never changed my speeds).
Any thoughts of why my speeds would be cut literally in half?
I know it's not a lot of information to go on so if there's anything else I'd be happy to hand it over.
I don't tend to get full speed either on any speedtest I run from my network. My next hop is Sydney NS and it seems like I get a Gbps connection to that endpoint, but beyond that the speed starts dropping dramatically.
It depends a lot on where you are, but I don't expect anything more than 800Mbps anywhere outside the Maritimes, even within it.
Thanks for the response ekimseekem. I'd be happy with 800Mbps through the new router Unfortunately I'm not getting close to that
Omada Router -> MBP
Fast.com = 490 down / 200 up
Speedtest.net = 572 down / 290 up
ISP Router -> MBP
Fast.com = 970 down / 170 up (surprising)
Speedtest = 670 down / 300 up
ISP’s own Speedtest site = 817 down / 315 up
Speedtest using Button on ISP router = 1200 down / 923 up
ISP Router -> Omada Switch -> MBP
Fast.com = 940 down / 210 up
Speedtest = 707 down / 315 up
ISP’s own Speedtest site = 850 down / 320 up
MBP = MacBook Pro
I’m having a hell of a time getting advanced DMZ to work.
The homehub has a particular ip range. When I try to set the ip pool starting and ending address to match that of the homehub, it’ll tell me that the address I’ve selected is not a valid IP address. For example:
Home hub:
Start: 192.168.2.10
End: 192.168.2.254
Asus:
Start:192.168.50.2
End: 192.168.50.254
Again, it won’t let me change either the start or the end on the Asus router.
Also noticed that the subnet mask on the homehub is 255.255.255.0 but on my asus it changes to 255.255.248.0
I’m on Bell Aliant just like you. I feel like I’m so close yet so far away!
The advance dmz should give you a public IP from bell.
You should leave the Asus router as dhcp. A couple of reboots of both and the Asus should get the public IP.
However, my experience with advance dmz is that will stop working as soon as you bounce the router or the hh.
Advance dmz is a good idea, but terrible execution. The only way is to bypass the home hub.
I tried with a media converter and with the unifi dream machine pro, without much success and with very bad speed. Plus loosing phone or TV or both.
I went back to have only the Asus router and having double nat, and will wait for a new version of the dream machine pro that should have the 2.5 synchronization out of the box.
However, I spoke to other people that uses pfsense and seems to be working fine.
@Dougy I’m not too sure what you’re trying to accomplish (if your playing with the advanced DMZ you’re most likely trying to obtain a Public IP on your Asus) … but I have to go with what @Carlos said. I’ve only had issues with the Advanced DMZ! It worked for a little while then stopped and never worked again for me. Not sure if it was caused by a firmware update from Bell …. But when I called Bell, I was told this was an advanced feature and they didn’t support it. Either it works or not. Basically if it didn’t … not their problem!!!! Go figure!!
first off i just want to say this is an amazing thread, great information all around.
I am looking for information on integrating the hh3000 to my network to keep the iptv and voip (sip) on that unit.
my setup is quite simple for the moment: fibre-->gpon-->mikrotic rb5009 sfp+port-->vlans 33 to 37 attached to the sfp port.
(speeds over 1gb running fine)
what i am trying to do is somehow forward all the vlans aside from the internet one directly to the hh3000 and the reason for that is bell aliant and port forwarding do not want to function at all and i am running some game and work servers here at home.
is there any way to say do this:
fiber-->gpon-->mikrotic
mikrotic port1|-->HH3000 (via the red wan port) for voip and iptv
mikrotic port2|-->Switch1 (main home network)
mikrotic port3|-->Switch2 (servers) *NAT Loopback enabled*
thanks in advance if anyone has any ideas for this. ***network hierarchy is weird do to text options available.
I believe you need a bell technician, depending where you live you will need also to factory reset the hh3000 and need the credentials, etc to connect the hh3k using the wan. I tried with mine time ago and without the factory reset did not work.
Thanks for the reply, I have bell aliant, in pei. Bell has been of no help whatsoever. This is on their residential service and the best they told me is port forwarding and the dmz is not available for residential services. Hence why i am using my own equipment i just want to try to keep the wireless iptv and my "landline" voip service from bell. Thats is the main reason i want to find a workaround to place the hh3000 after my mikrotic router on my network tree.