On Mon, 12 Dec 2005 04:08:54 +0200, Andy Furniss <andy.furniss@xxxxxxxxxxxxx> wrote: > Andy Furniss wrote: >> Gabriel wrote: >> >>> Hi, my ISP is streaming some local concert using UDP >>> multicasting. I followed the instructions on the site which >>> described how to set VLC in order to view the stream, but >>> it didn't work. I am behind a Linux router/firewall doing >>> NAT. Using google, I quickly found out that the >>> netfilter/conntrack code doesn't support NATing multicast >>> traffic. I thought about bridging the internet facing >>> interface (eth0) and (one of) the internal interfaces (the >>> one my computer is plugged into). This way I could set my >>> IP to be public and no routing/NAT would be done on the >>> Linux box. The only problem is that the box has 2 more NICs >>> in it and there are other people connected to those NICs >>> that need to use that connection (hence need to be NATed). >>> >>> Then I tried thinking about a DMZ-like solution where my >>> box would be in the DMZ, but I can't see that working >>> either because I only have one public IP assigned. >>> >>> Can anyone think of any other way for me to be able to view >>> the stream? >>> >>> Thanks. >>> >> >> I also don't think the bridging will work. >> >> AIUI stateless NAT using ip doesn't work with 2.6 kernels so thinking >> about iptables only. >> >> Maybe you could get something working with the raw table, you can bypass >> conntrack with that but then I am not sure if you could dnat it ... >> >> There is another iptables target ROUTE maybe you could use that. If the >> LAN PC is running Linux then you could setup a vlan/tunnel/something and >> ROUTE it down there. >> >> I would also ask this on the netfilter users list. > > Anothe thought - I would tcpdump on the internet interface and check if > you can see multicast traffic. > > If you can then try making a normal dnat rule something like - > > iptables -I PREROUTING -t nat -i ppp0 --src 224.0.0.0/4 -j DNAT --to > 192.168.0.3 > > I don't think my isp does multicast - so I have never tried to get it to > work and haven't got a clue really :-) > > Andy. I am familiar with only some of the iptables features (ROUTE not included :) ), so I'll have to read about that. I also don't know the details of how multicast works, but, from what I've seen, there is an initial IGMP packet (a Membership Report packet according to Ethereal) that, theoretically, I would still need to NAT. From there on, the UDP multicast stream is one way only (but the incoming stream would need to somehow be forwarded to my computer). I have to say that I can't see this working without NATting and if multicast traffic can not be NATed, then... I also found out the TTL of the initial multicast packet was 1, so I issued -j TTL --ttl-inc 1 on the router to increment it. On the LAN facing interface, they would still appear with the TTL=1 (according to tcpdump), so I guess the incrementation is done sometime after tcpdump sees the packet. Still, the packet did not show up on the internet interface. Then, I manually added a route to 224.0.0.0/4 through eth0 (internet facing NIC), it still didn't work. I also tried to compile mrouted, but I got some errors (it's kinda old, I think it was designed for 2.2 kernels), so I got stuck. In the end, I managed to see the stream by plugging my desktop PC directly into the cable modem. :)) -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
