On Fri, Mar 5, 2010 at 5:07 PM, ratheesh k <ratheesh.ksz@xxxxxxxxx> wrote: > On Fri, Mar 5, 2010 at 4:30 PM, Mart Frauenlob <mart.frauenlob@xxxxxxxxx> wrote: >> On 05.03.2010 11:53, netfilter-owner@xxxxxxxxxxxxxxx wrote: >>> My gateway machine has two interfaces , eth0 is connected to wan and >>> eth1 is connected to lan side . >>> >>> >>> iptable -A INPUT -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT >>> iptables -A INPUT -i eth0 -p igmp -d 224.0.0.2 -j ACCEPT >>> iptables -A INPUT -i eth0 -j DROP >>> iptables -A INPUT -i eth1 -j ACCEPT >>> >>> >>> iptables -A FORWARD -i eth0 -o eth1 -p udp -d mutlicast-address -j ACCEPT >>> >>> I have above rules , but i cannot see mutlicast packets in my lan >>> client . But if i have >>> below rules , it is working . Why i need all rules to be called both >>> in forward and input chain ? >>> Am i missing something ? >>> >>> >>> iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT >>> iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.2 -j ACCEPT >>> iptables -A igmp-rule -i eth0 -o eth1 -p udp -d mutlicast-address -j ACCEPT >>> >>> iptables -A INPUT -j igmp-rule >>> iptables -A FORWARD -j igmp-rule >>> >>> >>> >>> >>> >>> >>> On Fri, Mar 5, 2010 at 11:16 AM, ratheesh k <ratheesh.ksz@xxxxxxxxx> wrote: >>>> Hi, >>>> >>>> "packets those are forwarded traverse thru "NAT prerouting -> >>>> Filter Forward -> NAT post Routing chains ." >>>> >>>> But in case of multicast packets , i can see packets flowing >>>> thru "NAT prerouting -> Filter INPUT -> Filtert Forward -> NAT post >>>> routing chains . why it is so ? . >>>> >>>> Note - > I am running igmpproxy for for multicast proxy . >>>> >>>> >>>> Thanks, >>>> Ratheesh. >>>> >> >> Because you don't do any DNAT, it's your igmproxy which routes the >> packets. Thus what was INPUT has become FORWARD. >> >> Best regards >> >> Mart >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> > > Iif so , can we remove following rules from FORWARD chain ? > > iptables -A FORWARD -p igmp -d 224.0.0.1 -j ACCEPT > iptables -A FORWARD -p igmp -d 224.0.0.2 -j ACCEPT > > Thanks, > Ratheesh > do we need to forward packets destined to 224.0.0.1 , 224.0.0.2 ???? thanks, ratheesh -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
