Hello, Is there any special setup in Shorewall in order to change the destination IP address of mDNS packets ? The actual mDNS address is not routable and would need to be changed to a routable multicast address, which is serviced by a static route. I''ve seen that the DNAT page mentions a DNS macro and here and there I''ve read about a mDNS macro. Are any of these macros mandatory in wanting to change the dest. IP of mDNS packets ? Thanks. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> Is there any special setup in Shorewall in order to change the > destination IP address of mDNS packets ?More specifically, it could perhaps be done in PREROUTING. Would this be the right formulation in rules: # ACTION SOURCE DEST DNAT:P net $fw ... Eg. is the ''tag'' for pre/post routing in: ACTION - target[:{log-level|none}[!][:tag]] Thanks. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 06/25/2012 09:09 AM, Fred Maillou wrote:> Hello, > > Is there any special setup in Shorewall in order to change the > destination IP address of mDNS packets ? The actual mDNS address is not > routable and would need to be changed to a routable multicast address, > which is serviced by a static route. I''ve seen that the DNAT page > mentions a DNS macro and here and there I''ve read about a mDNS macro. > Are any of these macros mandatory in wanting to change the dest. IP of > mDNS packets ?mDNS is a protocol for auto-discovery within a LAN; why are you trying to route it? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> mDNS is a protocol for auto-discovery within a LAN; why are you trying > to route it?It is non-routable to another network which would use this mDNS. If the dest. IP of those packets can be changed (see my follow-up question to this) than a static route can route them out to other devices on another network. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 06/25/2012 12:59 PM, Fred Maillou wrote:>> mDNS is a protocol for auto-discovery within a LAN; why are you trying >> to route it? > > It is non-routable to another network which would use this mDNS. If the > dest. IP of those packets can be changed (see my follow-up question to > this) than a static route can route them out to other devices on another > network.And what are you going to do with it when it gets to the other network? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/