The BBC are currently trialling multicasting the Olympics. This requires multicast and IGMP to be available. As far as I can make out, in 2.0.8 at least, all multicast addresses are filtered out and, to my naive eyes, can''t be re-enabled. Please prove me wrong :-) Dirk -- Please Note: Some Quantum Physics Theories Suggest That When the Consumer Is Not Directly Observing This Message, It May Cease to Exist or Will Exist Only in a Vague and Undetermined State.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dirk Koopman wrote: | The BBC are currently trialling multicasting the Olympics. This requires | multicast and IGMP to be available. As far as I can make out, in 2.0.8 | at least, all multicast addresses are filtered out and, to my naive | eyes, can''t be re-enabled. | | Please prove me wrong :-) You are wrong. Multi-casts and broadcasts are silently dropped *BEFORE A REJECT OR DROP POLICY IS ENFORCED* -- that is so that your log doesn''t fill up with useless messages. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBL06TO/MAbZfjDLIRAuWLAKDA8QHn5HW4itRokkC/9qOvJDXYiwCeP5jW ARKsX1It9HmFe/+fDe44qO4=aPri -----END PGP SIGNATURE-----
Ok... Two questions then: firstly what causes these messages Aug 27 16:11:02 grgate kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= SRC=62.3.82.18 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=29218 PROTO=2 Aug 27 16:13:07 grgate kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= SRC=62.3.82.18 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=35592 PROTO=2 and how do I enable my firewall to accept them? I looked in the archives but there isn''t mention of IGMP. I presume that once I am a member of a multicast group then other addresses will start to fly about? Dirk On Fri, 2004-08-27 at 16:09, Tom Eastep wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dirk Koopman wrote: > | The BBC are currently trialling multicasting the Olympics. This requires > | multicast and IGMP to be available. As far as I can make out, in 2.0.8 > | at least, all multicast addresses are filtered out and, to my naive > | eyes, can''t be re-enabled. > | > | Please prove me wrong :-) > > You are wrong. Multi-casts and broadcasts are silently dropped *BEFORE A > REJECT OR DROP POLICY IS ENFORCED* -- that is so that your log doesn''t > fill up with useless messages. > > - -Tom > - -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFBL06TO/MAbZfjDLIRAuWLAKDA8QHn5HW4itRokkC/9qOvJDXYiwCeP5jW > ARKsX1It9HmFe/+fDe44qO4> =aPri > -----END PGP SIGNATURE----- > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm-- Please Note: Some Quantum Physics Theories Suggest That When the Consumer Is Not Directly Observing This Message, It May Cease to Exist or Will Exist Only in a Vague and Undetermined State.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dirk Koopman wrote: | Ok... | | Two questions then: firstly what causes these messages | | Aug 27 16:11:02 grgate kernel: Shorewall:net2all:DROP:IN=ppp0 OUTMAC= SRC=62.3.82.18 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=29218 PROTO=2 | Aug 27 16:13:07 grgate kernel: Shorewall:net2all:DROP:IN=ppp0 OUTMAC= SRC=62.3.82.18 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=35592 PROTO=2 | | and how do I enable my firewall to accept them? I looked in the archives | but there isn''t mention of IGMP. I presume that once I am a member of a | multicast group then other addresses will start to fly about? | /etc/shorewall/rules: ACCEPT net fw 2 ACCEPT fw loc 2 ACCEPT fw ... 2 - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBL1IRO/MAbZfjDLIRAkJqAKCiNhDDLM69/D8tN7XFU/aot0+h4wCeJj4E XlV/IgCDQDGHOR+ZIUsXSGs=yzwU -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Eastep wrote: | | | | Aug 27 16:11:02 grgate kernel: Shorewall:net2all:DROP:IN=ppp0 OUT| MAC= SRC=62.3.82.18 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 | ID=29218 PROTO=2 | | Aug 27 16:13:07 grgate kernel: Shorewall:net2all:DROP:IN=ppp0 OUT| MAC= SRC=62.3.82.18 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 | ID=35592 PROTO=2 | | | | and how do I enable my firewall to accept them? I looked in the archives | | but there isn''t mention of IGMP. I presume that once I am a member of a | | multicast group then other addresses will start to fly about? | | | | /etc/shorewall/rules: | | ACCEPT net fw 2 | ACCEPT fw loc 2 | ACCEPT fw ... 2 | Except for the first rule above, there''s an assumption that you need to route the packets to local hosts and that you are running mrouted. If you don''t need that then only the first rule should be required. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBL1mMO/MAbZfjDLIRAgHwAKCek5/0B/pzAsmLGbfI13ARre3oAACgkWqU GhfPrJlmyXyTxasjuQ+Ex3o=8e5T -----END PGP SIGNATURE-----
On Friday 27 August 2004 07:55 am, Tom Eastep wrote:> Tom Eastep wrote: > | | Aug 27 16:11:02 grgate kernel: Shorewall:net2all:DROP:IN=ppp0 OUT> | > | MAC= SRC=62.3.82.18 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 > | ID=29218 PROTO=2 > | > | | Aug 27 16:13:07 grgate kernel: Shorewall:net2all:DROP:IN=ppp0 OUT> | > | MAC= SRC=62.3.82.18 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 > | ID=35592 PROTO=2 > | > | | and how do I enable my firewall to accept them? I looked in the > | | archives but there isn''t mention of IGMP. I presume that once I am > | | a member of a multicast group then other addresses will start to > | | fly about? > | > | /etc/shorewall/rules: > | > | ACCEPT net fw 2 > | ACCEPT fw loc 2 > | ACCEPT fw ... 2 > > Except for the first rule above, there''s an assumption that you need > to route the packets to local hosts and that you are running mrouted. > If you don''t need that then only the first rule should be required. > > -TomAnd of course, the bbc is filtering any IP destinations that are not in the UK. -- John Andersen - NORCOM http://www.norcomsoftware.com/
Apparently Analagous Threads
- multicast NAT
- how do you rate limit routable traffic without rate limiting LAN protocols like arps and igmp?
- [Bridge] [PATCH net-next 15/16] selftests: forwarding: lib: Add helpers to build IGMP/MLD leave packets
- Traceroute unblocking, single interface, policy drop
- [PATCH] bridge: separate querier and query timer into IGMP/IPv4 and MLD/IPv6 ones