31-07-2025 09:39 AM - edited 31-07-2025 09:45 AM
If you are a plug and play ISP provided router type of person this post is not for you 🙂 I am also not advocating using your own router, it is not supported by EE and if you ever get any troubles you will need to plug the EE one back in in order to take support.
With that said, lets get into it.
After recently migrating from BT FF to EE FF and maintaining my EETV setup I wanted to follow up on my original post over in the BT forums. The original post was a working guide on how to configure an ER-X and IGMP proxy for BT FF and EETV. To come up with the config I had to pull from alot of different articles, its great Ubiquiti provided a simple guide on how to create an IGMP proxy but really that alone does not do the job, IGMP proxy does not work without source and destination interface addresses which is something you will encounter when using a PPPOE interface, you also need to segregate it within its own network, either via VLAN or physically, the guide deals with the latter as its more straight forward, I have enough VLAN's at work to worry about.
Two things have changed since that original post, the aforementioned migration to EE and just last night the release of EdgeOS 3.0, there hadnt been a release of firmware for this family of devices since 2023. I have two ER-X's, one is always lying around with my backed up config on it incase I screw something up one day and I can just swap over to the other one. With this in mind updating to a new firmware came with little risk but still chose to do it when everyone was out and my daughter was asleep. "ALEXA PLAY INTO THE UNKNOWN", not usually an issue at 8pm for me, until she figures out that the thing playing nursery rhymes since you was a baby in her room, is actually an Alexa under her bed.
Update went as planned, router rebooted and the entire config still works, no one noticed, I live to fight another day. The original post is linked but I will again detail it out in full below, hopefully it will help googlers out there and save them the hours it took me.
------------------------------
Assuming you have got as far as installing an EdgeRouter and setting up PPPOE and then getting internet, either via the wizard or otherwise....below will talk you through the nuances of using an IGMP proxy for EETV. I will also shout out the posts that helped me along the way.
The first post I found to help me at the start of this journey was:
IPTV/IGMP/Multicast Solution for Edgemax Router | Ubiquiti Community
Pretty much had everything I needed to get going but it was 9 years old and using a much older OS. Other posts I had found also were mentioning how IGMP was broken in some releases so I wasnt sure what to expect as I couldnt find anything really current. I get the impression that this type of TV service is more common in the US.
Configuring an IGMP Proxy is pretty straight forward and Ubiquity's own own page is all I needed:
EdgeRouter - IGMP Proxy – Ubiquiti Support and Help Center
I was already pondering a problem however, do I set the upstream to the PPPOE interface or parent interface eth0 and then as I have switch0 configured for all my other ports (eth1-eth4) so do I configure the downstream to go out via my switch and therefore my entire network?....that didnt seem ideal to me.
Anyway, you need to set your upstream interface as the parent interface and not the PPPOE, after configuring my IGMP proxy to use eth0 and then out to switch0 the IGMP proxy would crash or at least not start with an error, after more googling I stumbled upon a post that mentioned the IGMP proxy interfaces must have IP addresses, (not an issue if your ISP is using DHCP). When using PPPOE the IP is addressed there, it is not there on the parent WAN interface which in my case is eth0. Switch0 had an IP but eth0 did not. The post mentioned that to solve this issue is to just give the eth0 an IP address, doesn't really matter what it is but just ensure it is not an IP that is going to get used elsewhere.
configure
set interfaces ethernet eth0 address 192.168.255.1/24
commit
save
exit
Once my eth0 had an address the IGMP proxy then worked, however I wasnt a huge fan that I was directing everything to switch0 (my entire network), I have one IPTV box within a short distance of the ER-X so I decided on another solution. That was to remove eth4 from switch0 and give it its own LAN, so I assigned the eth4 interface 192.168.85.1/24 and created a second DHCP server for the subnet 192.168.85.0/24, so now anything I connect to eth4 will be on this new subnet, but in effect for me it allows me to have a dedicated port directly connected to the IPTV box simplifying matters.
In theory you could use VLAN's to achieve this, but I really couldnt be bothered at home, I think it becomes more useful if you want multiple EETV boxes and some of them are on WIFI. This way you can tag the TV traffic to a VLAN ID and then utilise VLAN aware switches and WIFI access points so that traffic only goes to certain subnets. With that said, it remains to be seen if someone can get that to work, all of that is possible with my network but apparently Unifi AP's snooping doesnt work well, although ive not seen VLAN's utilised in conjunction. Simply switching on IGMP snooping on the AP's and a flat LAN hoping for the best wont work. Anyway, like I said I couldnt be bothered to explore it, I have a single box 3 feet from my router. If I wanted more EETV boxes I would just place a switch on eth4 allowing further uplinks and just run ethernet to those new boxes.
So with a seperate LAN on eth4 you can configure the IGMP proxy as follows:
configure
set protocols igmp-proxy interface eth0 role upstream
set protocols igmp-proxy interface eth4 role downstream
set protocols igmp-proxy interface eth0 threshold 1
set protocols igmp-proxy interface eth0 alt-subnet 0.0.0.0/0
set protocols igmp-proxy interface eth4 threshold 1
set protocols igmp-proxy interface eth4 alt-subnet 0.0.0.0/0
commmit
save
exit
You can then check for traffic and other info by issuing the following commands:
show ip multicast interfaces
Intf BytesIn PktsIn BytesOut PktsOut Local eth0 322.55MB 31923239 0.00b 0 192.168.255.1 eth4 0.00b 0 320.97MB 31922696 192.168.85.1
show ip multicast mfc
Group Origin In Out Pkts Bytes Wrong 234.xx.xxx.xxx 109.xxx.xxx.xxx eth0 eth4 469825 607.57MB 0
Without getting into things I dont understand, essentially the two commands are showing traffic between the interfaces and with this IGMP Proxy in place the IPTV box has been working flawlessly.
So, it all works, ive rebooted everything to make sure, ONT, Router and Factory Reset the IPTV box and everything still works, all live channels work, the premium paywalled sport ones such a Sky Sports (Now) and TNT Sports...Ultimate and HDR, I hope someone might stumble across this post and find it helpful, Im sure the same can be applied to most ISP's who are using PPPOE and I cant recommend the Edge Router X enough for anyone who wants to learn some basics or some more complicated stuff, it is a very capable device.
My full sanitized config is below working on EdgeOS 3.0: (Note it still mentions old EdgeOS, but I just havent punted it out again)
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 21 {
action accept
description Allow_WAN-Port_Ping
destination {
group {
address-group ADDRv4_pppoe0
}
}
log disable
protocol icmp
}
}
options {
mss-clamp {
interface-type pppoe
mss 1452
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.255.1/24
description WAN
duplex auto
pppoe 0 {
default-route force
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mtu 1492
name-server auto
password BT
user-id bthomehub@btbroadband.com
}
speed auto
}
ethernet eth1 {
duplex auto
speed auto
}
ethernet eth2 {
duplex auto
speed auto
}
ethernet eth3 {
duplex auto
speed auto
}
ethernet eth4 {
address 192.168.85.1/24
description IPTV
duplex auto
poe {
output off
}
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.84.1/24
description "Default LAN (eth1-eth3)"
mtu 1500
switch-port {
interface eth1 {
}
interface eth2 {
}
interface eth3 {
}
vlan-aware disable
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface switch0
wan-interface pppoe0
}
protocols {
igmp-proxy {
interface eth0 {
alt-subnet 0.0.0.0/0
role upstream
threshold 1
}
interface eth4 {
alt-subnet 0.0.0.0/0
role downstream
threshold 1
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name IPTV {
authoritative disable
subnet 192.168.85.0/24 {
default-router 192.168.85.1
dns-server 192.168.84.1
lease 86400
start 192.168.85.10 {
stop 192.168.85.20
}
}
}
shared-network-name LAN {
authoritative enable
subnet 192.168.84.0/24 {
default-router 192.168.84.1
dns-server 192.168.84.1
lease 86400
start 192.168.84.10 {
stop 192.168.84.243
}
static-mapping Naylor_Config-Laptop {
ip-address 192.168.84.232
mac-address redacted
}
}
}
static-arp disable
use-dnsmasq disable
}
dns {
forwarding {
cache-size 150
listen-on switch0
listen-on eth4
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
mdns {
repeater {
interface switch0
interface eth4
}
}
nat {
rule 5010 {
outbound-interface pppoe0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
unms {
disable
}
upnp {
}
}
system {
analytics-handler {
send-analytics-report false
}
crash-handler {
send-crash-report false
}
host-name ERX
login {
user ubnt {
authentication {
encrypted-password redacted
plaintext-password ""
}
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat enable
ipsec enable
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/London
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@5:ubnt-l2tp@1:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@2:ubnt-util@1:vrrp@1:vyatta-netflow@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v2.0.9-hotfix.7.5622731.230615.0857 */