Marc's Blog

Things from me about me …

Post IPTV using a Unifi Security Gateway PRO 4

| 8 Comments

My friend David asked me to help him tackle a problem with his network. He used a Unifi Security Gateway PRO 4 from Ubiquiti Networks but still wanted to run some Post IPTV STBs on his network. The solution took us some hours spread over several days, but finally the IPTV streams work fine.

Our solution

We ended up using the LAN 2 interface as the IPTV upstream port, it turns out that the Unifi Cloud configuration doesn’t allow a static IP and a PPPoE session on the same interface. Also the built-in WAN-LAN firewall blocking firewall does need adding manual rules to allow the Multicast Traffic back in via the WAN interface. Using LAN2 allowed us to handle Multicast traffic as “Corporate LAN”-to-“Corporate LAN” traffic, which Unifi allows by default, so we can add firewall rules for LAN2 as required using the Unifi Cloud Network Controller instead of using custom JSON files on the Cloud Key.

We still need a custom JSON file for the IGMP Proxy, but as this one has no configuration option inside the Unifi Cloud Network Controller and the Unifi Cloud Key, this allows us to have a clean separation between custom and Cloud configuration.

Our solution: The GUI Part

We configured a network on VLAN 35 of LAN2 according to the screenshot below.

Unifi Security Gateway PRO 4 - Networks - LAN2

Unifi Security Gateway PRO 4 – Networks – LAN2

Our solution: The JSON Part

Configuring the IGMP Proxy persistently required us to deploy a custom JSON file onto the Unifi Cloud Key. (The Cloud Controller rewrites the complete configuration on each configuration change in the network). We used the following tutorial as a starting point and inspiration. So we created a “config.gateway.json” file in /usr/lib/unifi/data/sites/$sitekey$/ with the content shown below. (This is an example. Please build your own JSON file, to make sure the JSON file is compatible with your equipment. You may do so on your own equipment and following the tutorial above.)

eth1.35 is the VLAN 35 on LAN 2 we’ve created above.

eth0 is the LAN 1 interface where we connected the Post IPTV STB. You may replace this with a VLAN interface e.g. eth0.34. Please note that the Unifi Controller doesn’t allow you to create the same numeric VLAN on 2 different interfaces (e.g. VLAN 35 on LAN1 (eth0) and LAN2 (eth1)).

{
	"protocols":
	{
		"igmp-proxy":
		{
			"disable-quickleave": "''",
			"interface":
			{
				"eth1.35":
				{
					"alt-subnet": [ "0.0.0.0/0" ],
					"role": "upstream",
					"threshold": "1"
				},
				"eth0":
				{
					"role": "downstream",
					"threshold": "1"
				}
			}
		}
	}
}

Our solution: The Hardware Part

One slight problem remained. The PPPoE session to get access to the Internet is running on a WAN port, WAN1 in our case. So we had to connect the GigabitEthernet port of the POST-Fiber-ONT to the Unifi Security Gateway PRO 4’s WAN1 and LAN2 port. We did so by putting a switch between the ONT and the Unifi Security Gateway PRO 4, luckily the POST Bitstream service support several (16 AFAIR) MAC addresses per GPON line.

Thanks David for letting me publish our findings on my blog.

8 Comments

  1. Hi Marc,

    thank you so much for this! I’ve been trying to get this to work a few times over the last year and a half and I would never have considered that Post uses a fixed IP for IPTV… Finally my UniFi configuration is complete and I can rest in piece 🙂

    Thanks again,
    Sam

  2. Thanks so much!

    Got it working, however I’d suggest enabling “IGMP Snooping”, without it the network will be flooded with Multicast IPTV packets if you have managed switches.

  3. Hi Marc, I’m looking for a way to use IPv6 with a USG 3P behind a FrtizBox in bridge mode (POST), could you help?

    • I got rid of the FritzBox which was connected to a bonding Sagem box, the is USG is now directly connected to the bonding SAGEM box and using VLAN ID 35, IPv6 /56 but I can’t still get an IPv6 …

      • There seems to be an issue with the DHCP-PD request sent by the USG, I’m having similar issues with an EdgeRouter X. I’m in contact with Ubiquiti support but it could take several months to see a change… BTW when manually setting the requested prefix size to /0, the PD works fine, but the CLI/GUI doesn’t allow /0 as the prefix size.

        • I’am also in contact with Ubiquiti about this as a beta tester and with Post but they don’t offer real support :p …

          Thanks for the reply that confirm there is an issue…

  4. Salut,
    Ech hun en 24er unifi switch kaaft, ouni gateway zwar, mais den iptv geet elo nett mei. Dhcp kennt normal vun der fritzbox, an ass um lan1 vum switch ugeschloss. Um unifi controller ass keen vlan agestallt. Mat mengem netgear leeft alles ouni Problemer.
    Kann vielleicht een mer weider hellefen?
    Merci

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this:

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close