Hi When I start shorewall, the multicast stream is stopped. My config: Windows VLC Client-----eth0:192.168.254.1/24--fw---eth1:191.168.254.254/16-------------------------Linux VLC Streaming server 192.168.254/24 lan wan (but it''s really a internal lan !) 191.168.1.21/16 on the FW/shorewall route add -net 224.0.0.0 netmask 240.0.0.0 dev eth0 masquerading: eth1 192.168.254.0/24 rules: lan fw 2 lan wan 2 fw wan 2 fw lan 2 wan fw 2 wan lan 2 I have read all the post of Tom Eastep I have try the modification of action.Reject and action.Drop iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE no nosmurf on the interfaces..... but when i start shorewall the stream is stopped on the windows client. when i start only iptables: the streaming is good then when i start shorewall: the streaming is stopped then when i stop shorewall : the streaming is ever stopped then but when i restart iptables : the streaming is good again the mrouted find the multicast address on the eth1 and forward well on the eth0, same without 1 on /proc/sys/net/ipv4/ip_forward. (when i stop iptables the /proc/sys/net/ipv4/ip_forward is 0 and the mulcicast routing is functional). Thanks for your help VUILLET Damien Network Administrator of a french agricultural college ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
lpa du morvan wrote:> Hi > > When I start shorewall, the multicast stream is stopped. > > My config: > > Windows VLC > Client-----eth0:192.168.254.1/24--fw---eth1:191.168.254.254/16-------------------------Linux > VLC Streaming server > 192.168.254/24 lan wan > (but it''s really a internal lan !) 191.168.1.21/16Your mailer has folded the above until it''s not understandable.> > on the FW/shorewall > > route add -net 224.0.0.0 netmask 240.0.0.0 dev eth0 > > masquerading: > eth1 192.168.254.0/24 > > rules: > lan fw 2 > lan wan 2 > fw wan 2 > fw lan 2 > wan fw 2 > wan lan 2That isn''t enough information to tell us what is going on. Please see http://www.shorewall.net/support.htm#Guidelines. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Tom Eastep wrote:> lpa du morvan wrote: >> Hi >> >> When I start shorewall, the multicast stream is stopped. >> >> My config: >> >> Windows VLC >> Client-----eth0:192.168.254.1/24--fw---eth1:191.168.254.254/16-------------------------Linux >> VLC Streaming server >> 192.168.254/24 lan wan >> (but it''s really a internal lan !) 191.168.1.21/16 > > Your mailer has folded the above until it''s not understandable. > >> >> on the FW/shorewall >> >> route add -net 224.0.0.0 netmask 240.0.0.0 dev eth0 >> >> masquerading: >> eth1 192.168.254.0/24 >> >> rules: >> lan fw 2 >> lan wan 2 >> fw wan 2 >> fw lan 2 >> wan fw 2 >> wan lan 2 > > That isn''t enough information to tell us what is going on. Please see > http://www.shorewall.net/support.htm#Guidelines.Also be sure to include information about how you have configured VLC. I assume that you are using UDP Multicast but we also need to know the port number. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
lpa du morvan wrote:> Hi > > When I start shorewall, the multicast stream is stopped. > > My config: > > Windows VLC > Client-----eth0:192.168.254.1/24--fw---eth1:191.168.254.254/16-------------------------Linux > VLC Streaming server > 192.168.254/24 lan wan > (but it''s really a internal lan !) 191.168.1.21/16 > > on the FW/shorewall > > route add -net 224.0.0.0 netmask 240.0.0.0 dev eth0 > > masquerading: > eth1 192.168.254.0/24 > > rules: > lan fw 2 > lan wan 2 > fw wan 2 > fw lan 2 > wan fw 2 > wan lan 2 > > I have read all the post of Tom EastepHere''s a post that might also help: http://article.gmane.org/gmane.comp.security.shorewall/9613 The poster (Anddrew Kurakov) was trying to make OSPF work but if you replace the ''ospf'' with your VLC setup (UDP and port number), your setup should be similar. In your case, the communication is one way so you should only need one VLC rule. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Hi Ok, I''m in the case #3 Also I send my status.txt compressed with gzip When I start shorewall the multicast routing (eth1 to eth0) is stopped. I use mrouted Thanks for your help VUILLET Damien ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Shorewall Users" <shorewall-users@lists.sourceforge.net> Sent: Thursday, December 07, 2006 5:03 PM Subject: Re: [Shorewall-users] shorewall and mrouted> ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net''s Techsay panel and you''ll get the chance to shareyour> opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV---------------------------------------------------------------------------- ----> _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
lpa du morvan wrote:> Hi > > Ok, I''m in the case #3 > > Also I send my status.txt compressed with gzip > > When I start shorewall the multicast routing (eth1 to eth0) is stopped. > I use mrouted > > Thanks for your helpDamien, You didn''t perform even the most basic of analysis of this problem. Your log is *full* of these: Dec 7 17:57:26 wan2all:DROP:IN=eth1 OUT=eth0 SRC=191.168.1.21 DST=230.1.2.12 LEN=1356 TOS=0x00 PREC=0x00 TTL=11 ID=19161 DF PROTO=UDP SPT=32948 DPT=1234 LEN=1336 If you had seen those, then with the help of Shorewall FAQ 17 you would have easily arrived at the conclusion that you needed to add this rule: ACCEPT wan lan udp 1234 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Thanks for your fast help, and it''s functional but why i have not see with the tail -f /var/log/messages this reject : Dec 7 17:57:26 wan2all:DROP:IN=eth1 OUT=eth0 SRC=191.168.1.21 DST=230.1.2.12 LEN=1356 TOS=0x00 PREC=0x00 TTL=11 ID=19161 DF PROTO=UDP SPT=32948 DPT=1234 LEN=1336 (i have see all the other reject with this method!) it''s appear only in the file of the shorewall dump..... Thanks again, you are very effective VUILLET Damien ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Shorewall Users" <shorewall-users@lists.sourceforge.net> Sent: Thursday, December 07, 2006 6:20 PM Subject: Re: [Shorewall-users] shorewall and mrouted> ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net''s Techsay panel and you''ll get the chance to shareyour> opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV---------------------------------------------------------------------------- ----> _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
lpa du morvan wrote:> Thanks for your fast help, and it''s functional > > but why i have not see with the tail -f /var/log/messages this reject : > > Dec 7 17:57:26 wan2all:DROP:IN=eth1 OUT=eth0 SRC=191.168.1.21 > DST=230.1.2.12 > LEN=1356 TOS=0x00 PREC=0x00 TTL=11 ID=19161 DF PROTO=UDP SPT=32948 DPT=1234 > LEN=1336 > > (i have see all the other reject with this method!) > > it''s appear only in the file of the shorewall dump..... >The "shorewall dump" command uses the same technique as the "shorewall show log" and "shorewall logwatch" commands; it ''grep''s the log file specified by LOGFILE in shorewall.conf to find Shorewall log messages. It prints the most recent ones that it finds. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV