Re: Traversal of chains for muticast packets .

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Mar 5, 2010 at 4:30 PM, Mart Frauenlob <mart.frauenlob@xxxxxxxxx> wrote:
> On 05.03.2010 11:53, netfilter-owner@xxxxxxxxxxxxxxx wrote:
>> My gateway machine has two interfaces , eth0 is connected to wan and
>> eth1 is connected to lan side .
>>
>>
>> iptable -A    INPUT   -i eth0  -p igmp -d 224.0.0.1 -j ACCEPT
>> iptables -A  INPUT   -i eth0  -p igmp -d 224.0.0.2  -j ACCEPT
>> iptables  -A INPUT  -i eth0  -j   DROP
>> iptables  -A INPUT -i eth1 -j ACCEPT
>>
>>
>> iptables -A FORWARD -i eth0 -o eth1 -p udp -d  mutlicast-address -j ACCEPT
>>
>> I have above rules , but  i cannot see mutlicast packets in my lan
>> client . But if i have
>> below rules , it is working . Why i need all rules to be called both
>> in forward and input chain ?
>> Am i missing something ?
>>
>>
>> iptables -A  igmp-rule -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT
>> iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.2  -j ACCEPT
>> iptables -A igmp-rule -i eth0 -o eth1 -p udp -d  mutlicast-address -j ACCEPT
>>
>> iptables -A INPUT -j igmp-rule
>> iptables -A FORWARD -j igmp-rule
>>
>>
>>
>>
>>
>>
>> On Fri, Mar 5, 2010 at 11:16 AM, ratheesh k <ratheesh.ksz@xxxxxxxxx> wrote:
>>> Hi,
>>>
>>>     "packets those are forwarded traverse thru   "NAT prerouting ->
>>> Filter Forward -> NAT post Routing chains ."
>>>
>>>      But in case of  multicast packets , i can see packets flowing
>>> thru  "NAT prerouting -> Filter INPUT -> Filtert  Forward -> NAT post
>>> routing chains . why it is so ?  .
>>>
>>>      Note - > I am running igmpproxy for for multicast proxy .
>>>
>>>
>>> Thanks,
>>> Ratheesh.
>>>
>
> Because you don't do any DNAT, it's your igmproxy which routes the
> packets. Thus what was INPUT has become FORWARD.
>
> Best regards
>
> Mart
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Iif so , can   we remove  following rules from FORWARD chain ?

   iptables -A FORWARD -p igmp -d 224.0.0.1 -j ACCEPT
   iptables -A FORWARD -p igmp -d 224.0.0.2 -j ACCEPT

Thanks,
Ratheesh
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux