Hi, all! Can I enable multicasting via shorewall? I have router with Gentoo Linux (one interface to ISP, one with alises - to local network). Shorewall work perfect! But now I need setup Quagga (zebra) for dynamic routing between one more router via another provider. All routers daemons (zebra, ripd, ospf) used multicasting. In my configuration already enabled allowBcast and etc. Copy of configuration with logs in attached file. Please, help! Andrew.
Andrew Kurakov wrote:> > Can I enable multicasting via shorewall? > >IIRC, getting multicast to work involves two parts: a) Setting up the routing (independent of Shorewall). You want to add a route to the multicast network (224.0.0.0/4) through any interface that you want to route multicast traffic. b) Allowing IGMP (protocol 2) into and out of your firewall as needed. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Ok, thanks! All working with this: ========================================rules: ... # Routers Daemons allowBcast fw bct allowBcast bct fw allowBcast loc bct allowBcast bct loc allowBcast fw loc allowBcast loc fw ACCEPT fw bct igmp ACCEPT bct fw igmp ACCEPT loc bct igmp ACCEPT bct loc igmp ACCEPT fw loc igmp ACCEPT loc fw igmp ACCEPT fw bct ospf ACCEPT bct fw ospf ACCEPT loc bct ospf ACCEPT bct loc ospf ACCEPT fw loc ospf ACCEPT loc fw ospf ... Zones: ... net Net Internet loc Local Local Networks ... bct Broadcast Broadcast for routers ... Hosts: ... loc eth1:192.168.0.0/24 ... bct eth1:224.0.0.0/4 ... #ip route list ... 224.0.0.0/4 dev eth1 proto zebra equalize ... ============================================Andrew Kurakov wrote:> > Can I enable multicasting via shorewall? > >IIRC, getting multicast to work involves two parts: a) Setting up the routing (independent of Shorewall). You want to add a route to the multicast network (224.0.0.0/4) through any interface that you want to route multicast traffic. b) Allowing IGMP (protocol 2) into and out of your firewall as needed. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf