[KLUG Members] multicast

John Pesce members@kalamazoolinux.org
Wed, 3 Sep 2003 17:20:51 -0400 (EDT)
Previous message: [KLUG Members] multicast
Next message: [KLUG Members] multicast
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Peter,

I think the John posts from 14 Auguest refer to me :)

Mine is similiar to the new thread that was started today.
This is my case:

I have LAN A and LAN B connected to a Linux box as eth0 and eth1 with 
IP_FORWARD turned on to pass TCP/IP traffic between them.

Yesturday the T1 in question came online and at the moment I plugged the 
Ethernet port on the Cisco conencted to it into a new eth2 on my Linux 
box. 

On the other side of the T1 are more T1s connecting serveral LANs. All the 
T1 routers have PIM-DM turned on. My my point of view the address of the 
ethernet port on the Cisco is 10.7.35.1 and will be the gateway to 
everything else. I added static routes to those networks on my Linux box.
I don't have direct control over those Cisco routers.

So, the deal is I have a multicast program that will be run on Linux boxes 
on all the above mentioned LANs joining the same multicast group.

I need to forward pass the multicast traffic through the Linux box so 
everyone can talk while running a firewall on the Linux box to protect my 
two LANs from everything over the T1 except the multicast traffic.

I looked at the kernel config on my RH9 install and multicast forwarding 
is enabled by default. I just need to know how to get the multicast 
flowing through the firewall.

John

On Wed, 3 Sep 2003, Peter Buxton wrote:

> 
> Okay. I just went back and read all of your posts, John. I have a much
> better grip on just who said what when. On 14 August you said you have
> two subnets and a third to a foreign group of subnets across a T1
> router/CSU/DSU. I take it this router doesn't do multicast routing? And
> as I understand it, you don't have any multicast connectivity between
> the three? Correct?
> 
> Is this a different problem than the 6 August post:
> 
> > We started testing it between LANs using multicast routers.  Linux
> > reports that the computer is joining the group, the routers show that
> > the host on the port joined a group so it joins the group. but the
> > traffic doesn't seem to flow, at least not as expected. We played with
> > it for over an hour last week with no packets getting through and then
> > suddently they did and everything worked with no explaination.
> > Yesturday we tried again and again there was nothing.
> 
> Can you post the netfilter script on the gateway between your networks
> and the foreign nets?
> 
> Okay, Rusty has the four network segments.
> 
> > I have a system with 4 network segments that are connected with a
> > single Linux firewall system... I need to get multicast info from one
> > side of the system to the others.... I have done some research ... it
> > seems like if the kernel is setup to support it (not sure if the stock
> > SuSE 8.2 kernel is) then I might only have to put in a static route.
> 
> No, not with route, I don't think. Remember that the route command
> simply establishes the internal, "Where do I send this next outgoing
> packet?" routing table. It is very different than iptables.
> 
> ip route might do what you want, but the LARTC document says you need
> kernel-side:
> 
> CONFIG_IP_MULTICAST:
> CONFIG_IP_MROUTE:
>  CONFIG_IP_PIMSM_V1: for the PIM-SM/DIM protocols
>  CONFIG_IP_PIMSM_V2: ditto
> 
> Also, the userspace Zebra, mrouted or pimd is needed to route these
> packets.  Which of these are you using? Or you, John? They are used
> mainly by MBONE hosts, not LAN gateways. Are your network segments
> joined by iptables or ip route?
> 
> > I have ip forwarding turned on.  I am using iptables to perform
> > firewalling and nat'ing to the one side that ultimately goes to the
> > Internet....   I think I just need to add the ip route command.  Not
> > sure which device to use though... the one that has the multicast
> > server on it??? 
> 
> That would be most convenient. As long as you are relaying all the
> multicast traffic along all the segments, you can just add one interface
> as a multicast receiver -- as opposed to forwarder.
> 
> However, I think you need to add iptables commands if your four segments
> are being joined by iptables, as well.
> 
> iptables -A FORWARD -m pkttype --pkt-type multicast -j ACCEPT
> 
> 

-- 
+--------------------------------------------------------------------+
|                                    Software Engineer               |
|       John Pesce          o     o  Air Traffic Management Lab      |
| pescej@sprl.db.erau.edu    \|||/   Space Physics Research Lab      |
|     (386) 226-7437         (o o)   Embry-Riddle Aeronautical Univ. |
+------------------------oOO--(_)--OOo-------------------------------+
Previous message: [KLUG Members] multicast
Next message: [KLUG Members] multicast
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]