Hi, my ISP is streaming some local concert using UDP multicasting. I followed the instructions on the site which described how to set VLC in order to view the stream, but it didn''t work. I am behind a Linux router/firewall doing NAT. Using google, I quickly found out that the netfilter/conntrack code doesn''t support NATing multicast traffic. I thought about bridging the internet facing interface (eth0) and (one of) the internal interfaces (the one my computer is plugged into). This way I could set my IP to be public and no routing/NAT would be done on the Linux box. The only problem is that the box has 2 more NICs in it and there are other people connected to those NICs that need to use that connection (hence need to be NATed). Then I tried thinking about a DMZ-like solution where my box would be in the DMZ, but I can''t see that working either because I only have one public IP assigned. Can anyone think of any other way for me to be able to view the stream? Thanks. -- Using Opera''s revolutionary e-mail client: http://www.opera.com/mail/ __________________________________________ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com
>> Hi, my ISP is streaming some local concert using UDP >> multicasting. I followed the instructions on the sitewhich>> described how to set VLC in order to view the stream,but>> it didn''t work. I am behind a Linux router/firewalldoing>> NAT. Using google, I quickly found out that the >> netfilter/conntrack code doesn''t support NATingmulticast>> traffic. I thought about bridging the internet facing >> interface (eth0) and (one of) the internal interfaces(the>> one my computer is plugged into). This way I could setmy>> IP to be public and no routing/NAT would be done on the >> Linux box. The only problem is that the box has 2 moreNICs>> in it and there are other people connected to those NICs >> that need to use that connection (hence need to beNATed).>> >> Then I tried thinking about a DMZ-like solution where my >> box would be in the DMZ, but I can''t see that working >> either because I only have one public IP assigned. >> >> Can anyone think of any other way for me to be able toview>> the stream? >> >> Thanks. >> > On Fri, 09 Dec 2005 21:13:45 +0200, sophana<sophana78@yahoo.fr> wrote:> > I have no experience with multicast, but I think you haveto setup a> multicast router daemon on your router (routed I think) > Gabriel wrote: >I don''t think that would be of any help as long as the netfilter code can''t NAT multicast traffic. -- Using Opera''s revolutionary e-mail client: http://www.opera.com/mail/ __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Gabriel wrote:>I don''t think that would be of any help as long as the >netfilter code can''t NAT multicast traffic. > > >multicast cannot be NATed by nature. it is relayed by a multicast router.
Gabriel wrote:> Hi, my ISP is streaming some local concert using UDP > multicasting. I followed the instructions on the site which > described how to set VLC in order to view the stream, but > it didn''t work. I am behind a Linux router/firewall doing > NAT. Using google, I quickly found out that the > netfilter/conntrack code doesn''t support NATing multicast > traffic. I thought about bridging the internet facing > interface (eth0) and (one of) the internal interfaces (the > one my computer is plugged into). This way I could set my > IP to be public and no routing/NAT would be done on the > Linux box. The only problem is that the box has 2 more NICs > in it and there are other people connected to those NICs > that need to use that connection (hence need to be NATed). > > Then I tried thinking about a DMZ-like solution where my > box would be in the DMZ, but I can''t see that working > either because I only have one public IP assigned. > > Can anyone think of any other way for me to be able to view > the stream? > > Thanks. >I also don''t think the bridging will work. AIUI stateless NAT using ip doesn''t work with 2.6 kernels so thinking about iptables only. Maybe you could get something working with the raw table, you can bypass conntrack with that but then I am not sure if you could dnat it ... There is another iptables target ROUTE maybe you could use that. If the LAN PC is running Linux then you could setup a vlan/tunnel/something and ROUTE it down there. I would also ask this on the netfilter users list. Andy.
Andy Furniss wrote:> Gabriel wrote: > >> Hi, my ISP is streaming some local concert using UDP >> multicasting. I followed the instructions on the site which >> described how to set VLC in order to view the stream, but >> it didn''t work. I am behind a Linux router/firewall doing >> NAT. Using google, I quickly found out that the >> netfilter/conntrack code doesn''t support NATing multicast >> traffic. I thought about bridging the internet facing >> interface (eth0) and (one of) the internal interfaces (the >> one my computer is plugged into). This way I could set my >> IP to be public and no routing/NAT would be done on the >> Linux box. The only problem is that the box has 2 more NICs >> in it and there are other people connected to those NICs >> that need to use that connection (hence need to be NATed). >> >> Then I tried thinking about a DMZ-like solution where my >> box would be in the DMZ, but I can''t see that working >> either because I only have one public IP assigned. >> >> Can anyone think of any other way for me to be able to view >> the stream? >> >> Thanks. >> > > I also don''t think the bridging will work. > > AIUI stateless NAT using ip doesn''t work with 2.6 kernels so thinking > about iptables only. > > Maybe you could get something working with the raw table, you can bypass > conntrack with that but then I am not sure if you could dnat it ... > > There is another iptables target ROUTE maybe you could use that. If the > LAN PC is running Linux then you could setup a vlan/tunnel/something and > ROUTE it down there. > > I would also ask this on the netfilter users list.Anothe thought - I would tcpdump on the internet interface and check if you can see multicast traffic. If you can then try making a normal dnat rule something like - iptables -I PREROUTING -t nat -i ppp0 --src 224.0.0.0/4 -j DNAT --to 192.168.0.3 I don''t think my isp does multicast - so I have never tried to get it to work and haven''t got a clue really :-) Andy.
On Mon, 12 Dec 2005 04:08:54 +0200, Andy Furniss <andy.furniss@dsl.pipex.com> wrote:> Andy Furniss wrote: >> Gabriel wrote: >> >>> Hi, my ISP is streaming some local concert using UDP >>> multicasting. I followed the instructions on the sitewhich>>> described how to set VLC in order to view the stream,but>>> it didn''t work. I am behind a Linux router/firewalldoing>>> NAT. Using google, I quickly found out that the >>> netfilter/conntrack code doesn''t support NATingmulticast>>> traffic. I thought about bridging the internet facing >>> interface (eth0) and (one of) the internal interfaces(the>>> one my computer is plugged into). This way I could setmy>>> IP to be public and no routing/NAT would be done on the >>> Linux box. The only problem is that the box has 2 moreNICs>>> in it and there are other people connected to thoseNICs>>> that need to use that connection (hence need to beNATed).>>> >>> Then I tried thinking about a DMZ-like solution wheremy>>> box would be in the DMZ, but I can''t see that working >>> either because I only have one public IP assigned. >>> >>> Can anyone think of any other way for me to be able toview>>> the stream? >>> >>> Thanks. >>> >> >> I also don''t think the bridging will work. >> >> AIUI stateless NAT using ip doesn''t work with 2.6kernels so thinking>> about iptables only. >> >> Maybe you could get something working with the rawtable, you can bypass>> conntrack with that but then I am not sure if you coulddnat it ...>> >> There is another iptables target ROUTE maybe you coulduse that. If the>> LAN PC is running Linux then you could setup avlan/tunnel/something and>> ROUTE it down there. >> >> I would also ask this on the netfilter users list. > > Anothe thought - I would tcpdump on the internetinterface and check if> you can see multicast traffic. > > If you can then try making a normal dnat rule somethinglike -> > iptables -I PREROUTING -t nat -i ppp0 --src 224.0.0.0/4-j DNAT --to> 192.168.0.3 > > I don''t think my isp does multicast - so I have nevertried to get it to> work and haven''t got a clue really :-) > > Andy.I am familiar with only some of the iptables features (ROUTE not included :) ), so I''ll have to read about that. I also don''t know the details of how multicast works, but, from what I''ve seen, there is an initial IGMP packet (a Membership Report packet according to Ethereal) that, theoretically, I would still need to NAT. From there on, the UDP multicast stream is one way only (but the incoming stream would need to somehow be forwarded to my computer). I have to say that I can''t see this working without NATting and if multicast traffic can not be NATed, then... I also found out the TTL of the initial multicast packet was 1, so I issued -j TTL --ttl-inc 1 on the router to increment it. On the LAN facing interface, they would still appear with the TTL=1 (according to tcpdump), so I guess the incrementation is done sometime after tcpdump sees the packet. Still, the packet did not show up on the internet interface. Then, I manually added a route to 224.0.0.0/4 through eth0 (internet facing NIC), it still didn''t work. I also tried to compile mrouted, but I got some errors (it''s kinda old, I think it was designed for 2.2 kernels), so I got stuck. In the end, I managed to see the stream by plugging my desktop PC directly into the cable modem. :)) -- Using Opera''s revolutionary e-mail client: http://www.opera.com/mail/ __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Gabriel wrote:> Hi, my ISP is streaming some local concert using UDP > multicasting. I followed the instructions on the site which > described how to set VLC in order to view the stream, but > it didn''t work. I am behind a Linux router/firewall doing > NAT. Using google, I quickly found out that the > netfilter/conntrack code doesn''t support NATing multicast > traffic. I thought about bridging the internet facing > interface (eth0) and (one of) the internal interfaces (the > one my computer is plugged into). This way I could set my > IP to be public and no routing/NAT would be done on the > Linux box. The only problem is that the box has 2 more NICs > in it and there are other people connected to those NICs > that need to use that connection (hence need to be NATed). > > Then I tried thinking about a DMZ-like solution where my > box would be in the DMZ, but I can''t see that working > either because I only have one public IP assigned. > > Can anyone think of any other way for me to be able to view > the stream? > > Thanks. >I recently changed ISP to one that does multicast so got a chance to play. If you want to do it properly then www.xorp.org is the place to look - I didn''t as for our situation proper routing is a bit OTT. There is a project on sf.net called igmpproxy - I didn''t really try with this as I read it didn''t work, but more recently I''ve read that it is OK if you are carefull with the config. The way I did it it to use smcroute to set up static route(s) and issue igmp joins manually from the gateway. http://www.cschill.de/smcroute All I needed to do with iptables was to let multicast dst into the gateway. If the stream link is a .sdp you can read the addresses, if it''s some propritory crap then tcpdump -nnvv net 224.0.0.0/4 on the lan side while the player is trying to connect to get them - one multicast address = dst on incoming one unicast addr for the source. eg. in the UK for the BBC1 1.2mbit H.264 stream - smcroute -d smcroute -a ppp0 132.185.224.80 233.122.227.151 eth0 smcroute -j ppp0 233.122.227.157 to stop smcroute -l ppp0 233.122.227.157 For those in the UK that can test the BBCs - half of them have been down whenever I''ve looked - so try several Andy.