[KLUG Members] multicast
Peter Buxton
members@kalamazoolinux.org
Thu, 4 Sep 2003 03:15:04 -0400
Adam Williams said:
> Yep, you have to have a userspace daemon to establish the tunnels over
> the non-multicasting routers. We use zebra for OSPF and OSPF
> propogation into RIP. I really like Zebra, and the configuration and
> management is extremely Cisco like. Most distro's provide a package
> of Zebra.
Okay, but so far no one has admitted to using any of these userspace
daemons. ;-) I think that is our dilemma.
We have three options:
1. Transparent bridging. Since this works at the Ethernet level,
Multicast/IGMP is a no-brainer -- ALL packets will be forwarded. This
may work if Pesce's foreign side has no rules against multicast
traffic, as it is just UDP/IP packets with a reserved IP address. It
will definitely work for Pesce's two LANs and Rusty Yonker's four
LANs.
2. Semi-bridging. A mixture of packet mangling, proxy ARP and a router
daemon.
3. I forget number 3.
On Wed, Sep 03, 2003 at 05:20:51PM -0400, John Pesce was only escaped
alone to tell thee:
> If I ping -c 2 224.0.0.1 I only get responses from machines on eth2.
No wonder:
> 224.0.0.0 * 240.0.0.0 U 0 0 0 eth2
> 224.0.0.0 * 240.0.0.0 U 0 0 0 eth1
> 224.0.0.0 * 240.0.0.0 U 0 0 0 eth0
What comes first, eh? eth2. Guess where all the packets go?
See? Not hard at all. I suspected this in my last post. See, 'route' or
'ip route' ONLY affects your Linux box's own outgoing packets. ip is a
little more sophisticated, and possesses an ip tunnel facility, but it
doesn't mangle packets. If you want to transform other packets and/or
move them around, you use netfilter.
> I have LAN A and LAN B connected to a Linux box as eth0 and eth1 with
> IP_FORWARD turned on to pass TCP/IP traffic between them.
/var/home/linux-2.4.20/Documentation/networking/ip-sysctl.txt says:
ip_forward - BOOLEAN
0 - disabled (default)
not 0 - enabled
Forward Packets between interfaces.
This variable is special, its change resets all configuration
parameters to their default state (RFC1122 for hosts, RFC1812 for
routers)
ip_forward does NOT turn on any routing or packet filtering. If your
Linux box is passing IP packets, netfilter is involved. What are your
rules?
> Yesturday the T1 in question came online and at the moment I plugged the
> Ethernet port on the Cisco conencted to it into a new eth2 on my Linux
> box.
You mean eth1:
10.7.31.0 10.7.35.1 255.255.255.0 UG 0 0 0 eth1
10.7.36.0 10.7.35.1 255.255.255.0 UG 0 0 0 eth1
10.7.32.0 10.7.35.1 255.255.255.0 UG 0 0 0 eth1
10.7.33.0 10.7.35.1 255.255.255.0 UG 0 0 0 eth1
10.7.34.0 10.7.35.1 255.255.255.0 UG 0 0 0 eth1
10.7.35.0 * 255.255.255.0 U 0 0 0 eth1
> On the other side of the T1 are more T1s connecting serveral LANs. All
> the T1 routers have PIM-DM turned on.
But not 10.7.35.1? What do you know about it?
If they're speaking PIM-DM over there, you need to speak it over here.
You need the address of one or more boxes on their side that are allowed
to pass mcast traffic to an mcast router on your network.
> I need to forward pass the multicast traffic through the Linux box so
> everyone can talk while running a firewall on the Linux box to protect my
> two LANs from everything over the T1 except the multicast traffic.
That's easy.
> I looked at the kernel config on my RH9 install and multicast
> forwarding is enabled by default. I just need to know how to get the
> multicast flowing through the firewall.
The kernel capability of multicast forwarding is indeed installed,
probably as a kernel module, on rts. But you won't be forwarding
anything with that module until you install a router daemon with
multicast capability to use that module.
Or, you can use netfilter to solve some of that problem.
Post the output of iptables-save from rts.
--
-16
Rah! My re-tox weekend has been declared
a success! -- James Coates, 29 Oct 2001.