Skip to main content
Brian_Earth
Brian_Earth
New Member
July 27, 2020
Question

Accessing Freebox (France) Player through Vlan 100 - Configuration avec Freebox France

  • July 27, 2020
  • 1 reply
  • 8582 views

Hi All,

my first post here, so sorry for my level !! (and for my English, as I'm French). I have a little pb with my Internet provider TV player. I'm a customer of the French provider Free. It's a cheap and good Internet provider. My subscription is on Fiber, and the model is Freebox Revolution. So I have 2 parts : a router (the freebox server) and a tv Player (Freebox Player). In normal use, the Freebox Server (FS) is acting as a router with services (telephone, tv recording, multiplayer) but you need to connect the Freebox Player (FP) directly on one of the 4 Lan ports of the FS. That works as a charm. But for parental control (!) I wanted to connect it through my FortiWifi 60E. Before doing this I had to put my FS in Bridge Mode. So the FS is connected on my Forti on Wan1, with my public static Internet V4 Add. Regarding internet services, for my pc's that's ok. (but not really for my smart tv (for netflix) but it's not the pb for the moment). In fact, the FP communicates with the FS via VLAN 100 taggued packets (and also via untaggued vlan for some services). So I tried to configure VLan but I must make a mistake somewhere. I wanted to dedicace the Port 7 for my player (by the way my FP is connected on a GS108 Netgear little 8 ports switch, but it should handle Vlan because it has also been connected to my Freebox Server through it earlier), to have a secured and controlled link for this player without putting security leak on my 'internal' common switch (port 1-6). And most important thing : to make it works !!! (I had formely a Netgear UTM20 FW and I never achieved to connect it correctly lol But I've seen many tutos working but none where for Fortigate. For asus router with DD-RWT they say to do that : echo "0t 4t" > /proc/switch/eth0/vlan/100/ports), and

for open wrt :

config 'interface' 'lan'     

option 'ifname' 'eth0.1'     

option 'type' 'bridge'     

option 'proto' 'static'

... ...

config 'switch_vlan'     

option 'device' 'rtl8366s'     

option 'vlan' '100'     

option 'ports' '0t 5t'

...

config 'interface' 'fbx'     

option 'proto' 'none'     

option 'send_rs' '0'     

option 'stp' '1'     

option 'type' 'bridge'     

option 'ifname' 'eth0.100 eth1.100'

if that could help). I understand the idea but i don't know how to implement it on my Forti :'(

Do anyone here has already configured a Freebox behind a Fortigate ? or any one have an idea to configure it please ? That's a lot :) See Ya Brian

1 reply

sw2090
SuperUser
sw2090
SuperUser
July 28, 2020

never configured a freebox.

However FortiOS treats vlans as virtual interfaces. Those are chained to a physical interface.

So if your FS is connected to wan1 you could create a vlan interface on wan1 that has vid 100.

The you will need some policy t allow the traffic you want t go there.

Then all trafic that goes through that vlan interface will leave wan1 and go to the FS tagged with vid 100 and all packets that go to wan1 directly will go to the FS untouched.

Brian_Earth
Brian_EarthAuthor
New Member
July 30, 2020

Hi @sw2090 Thanks for your answer. That's about what I tried to do but it doesn't work. The Freebox Player is seeking for his add via DHCP (I enabled the option in his menu to say : when the Freebox Server is in Bridge mode anyway ask your add via DHCP). I Tried to put the sniffer log on the WAN1 interface and I can only see non IP traces : a dhcp discover a dhcp request an after just SSDP notify :'( I tried an option : Multicast routing but i think i didn't manage to configure it correctly ... I've read your answer (and some others you wrote formerly), and the Forti should pass the packets untouched through the VLAN interfaces (Wan1 and Port 7 (I put it on the Port 7 and tried also on the Internal software switch port)) and I don't understand .. May be I should put a sniffer on the line but well i'm no longer good enough :'( (last time i tried a sniffer was for X25 packets lol ... ) For sure it's not easy for you to help me, and i thank you anyway :) And I can't find a French user with a Freebox. :'(

Freebox are mostly used for personnal use and few have a FW :'(

 

Brian_Earth
Brian_EarthAuthor
New Member
July 31, 2020

Hi @sw2090 :) I made some more tests but no way. The freebox Player is seeking for a dhcp I think. But when I look in the sniffer log I can't see anything excepted non ip lines ... (as i wrote previously). So I tried to add rules to allow from any to any or from vlan Wan to Vlan Port 7 ... I tried everything but no way :'( Then i put back the wire on the free server and it works (i think there is a little pb anyways as the bridge mode seems to be designed for having just one device connected .. but i'm not sure). I can't find French people using Fortinet here :'( ... I tried to call the French number but I was routed to Forti hotline USA i think, and my level in English speaking is too low, and anyway without having a freebox it will be difficult :'(

 

Terms & ConditionsAccessibility statement