On 05.03.2010 11:53, netfilter-owner@xxxxxxxxxxxxxxx wrote: > My gateway machine has two interfaces , eth0 is connected to wan and > eth1 is connected to lan side . > > > iptable -A INPUT -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT > iptables -A INPUT -i eth0 -p igmp -d 224.0.0.2 -j ACCEPT > iptables -A INPUT -i eth0 -j DROP > iptables -A INPUT -i eth1 -j ACCEPT > > > iptables -A FORWARD -i eth0 -o eth1 -p udp -d mutlicast-address -j ACCEPT > > I have above rules , but i cannot see mutlicast packets in my lan > client . But if i have > below rules , it is working . Why i need all rules to be called both > in forward and input chain ? > Am i missing something ? > > > iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT > iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.2 -j ACCEPT > iptables -A igmp-rule -i eth0 -o eth1 -p udp -d mutlicast-address -j ACCEPT > > iptables -A INPUT -j igmp-rule > iptables -A FORWARD -j igmp-rule > > > > > > > On Fri, Mar 5, 2010 at 11:16 AM, ratheesh k <ratheesh.ksz@xxxxxxxxx> wrote: >> Hi, >> >> "packets those are forwarded traverse thru "NAT prerouting -> >> Filter Forward -> NAT post Routing chains ." >> >> But in case of multicast packets , i can see packets flowing >> thru "NAT prerouting -> Filter INPUT -> Filtert Forward -> NAT post >> routing chains . why it is so ? . >> >> Note - > I am running igmpproxy for for multicast proxy . >> >> >> Thanks, >> Ratheesh. >> Because you don't do any DNAT, it's your igmproxy which routes the packets. Thus what was INPUT has become FORWARD. Best regards Mart -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
