Re: UDP multicast stream and NAT

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 12 Dec 2005 04:08:54 +0200, Andy Furniss
<andy.furniss@xxxxxxxxxxxxx> wrote:

> Andy Furniss wrote:
>> Gabriel wrote:
>>
>>> Hi, my ISP is streaming some local concert using UDP
>>> multicasting. I followed the instructions on the site
which
>>> described how to set VLC in order to view the stream,
but
>>> it didn't work. I am behind a Linux router/firewall
doing
>>> NAT. Using google, I quickly found out that the
>>> netfilter/conntrack code doesn't support NATing
multicast
>>> traffic. I thought about bridging the internet facing
>>> interface (eth0) and (one of) the internal interfaces
(the
>>> one my computer is plugged into). This way I could set
my
>>> IP to be public and no routing/NAT would be done on the
>>> Linux box. The only problem is that the box has 2 more
NICs
>>> in it and there are other people connected to those
NICs
>>> that need to use that connection (hence need to be
NATed).
>>>
>>> Then I tried thinking about a DMZ-like solution where
my
>>> box would be in the DMZ, but I can't see that working
>>> either because I only have one public IP assigned.
>>>
>>> Can anyone think of any other way for me to be able to
view
>>> the stream?
>>>
>>> Thanks.
>>>
>>
>> I also don't think the bridging will work.
>>
>> AIUI stateless NAT using ip doesn't work with 2.6
kernels so thinking
>> about iptables only.
>>
>> Maybe you could get something working with the raw
table, you can bypass
>> conntrack with that but then I am not sure if you could
dnat it ...
>>
>> There is another iptables target ROUTE maybe you could
use that. If the
>> LAN PC is running Linux then you could setup a
vlan/tunnel/something and
>> ROUTE it down there.
>>
>> I would also ask this on the netfilter users list.
>
> Anothe thought - I would tcpdump on the internet
interface and check if
> you can see multicast traffic.
>
> If you can then try making a normal dnat rule something
like -
>
> iptables -I PREROUTING -t nat -i ppp0 --src 224.0.0.0/4
-j DNAT --to
> 192.168.0.3
>
> I don't think my isp does multicast - so I have never
tried to get it to
> work and haven't got a clue really :-)
>
> Andy.

I am familiar with only some of the iptables features
(ROUTE not included :) ), so I'll have to read about that.
I also don't know the details of how multicast works, but,
from what I've seen, there is an initial IGMP packet (a
Membership Report packet according to Ethereal) that,
theoretically, I would  still need to NAT. From there on,
the UDP multicast stream is one way only (but the incoming
stream would need to somehow be forwarded to my computer).

I have to say that I can't see this working without NATting
and if multicast traffic can not be NATed, then...

I also found out the TTL of the initial multicast packet
was 1, so I issued -j TTL --ttl-inc 1 on the router to
increment it. On the LAN facing interface, they would still
appear with the TTL=1 (according to tcpdump), so I guess
the incrementation is done sometime after tcpdump sees the
packet. Still, the packet did not show up on the internet
interface.

Then, I manually added a route to 224.0.0.0/4 through eth0
(internet facing NIC), it still didn't work. I also tried
to compile mrouted, but I got some errors (it's kinda old,
I think it was designed for 2.2 kernels), so I got stuck.

In the end, I managed to see the stream by plugging my
desktop PC directly into the cable modem. :))


-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux