On Tue, Dec 01, 2020 at 02:56:24PM -0600, Greg Oliver wrote: > On Tue, Dec 1, 2020 at 1:19 PM Marcin Szewczyk <marcin.szewczyk@xxxxxxxxx> > wrote: > > Brian Aanderud on 23 Mar 2015 wrote: > > > What must I do to get the multicast frames routed out a 'different' > > > interface from the default one after applying a fwmark in iptables the > > > routing table? I am able to do this with unicast with a combination > > > of 'ip rule', 'ip route' to a different table, and iptables to apply a > > > 'mark'. But, the marked multicast frames never seem to follow the > > > other routing table's routes. > > > [...] > > > > I've stumbled upon the same problem as the one discussed over 5 years > > ago (with no answer) on this mailing list[1], ie. locally generated > > multicast and broadcast traffic do not seem to follow policy routing > > when it is constructed using `iptables --set-mark` and `ip rule fwmark`. > > [...] > > Can anyone suggest if I am trying to do something that just should not > > work, am I missing some small but vital detail or is it some kind of a > > bug? > > > > [...] > > [1]: https://marc.info/?l=netfilter&m=142714167809246&w=2 > > [2]: > > https://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg > > You are both trying to route multicast traffic, so wouldn't `ip mroute' be > appropriate and not `ip route' ? > > I have not tried it, but it is a different routing table all together. I have looked at it but ip-mroute(8) on my Debian says: > mroute objects are multicast routing cache entries created by a > user-level mrouting daemon (f.e. pimd or mrouted ). > > Due to the limitations of the current interface to the multi‐ > cast routing engine, it is impossible to change mroute objects > administratively, so we can only display them. This limitation > will be removed in the future. I have tried playing with smcroute but with no success. I wasn't sure if mroute and friends is for locally generated traffic or for forwarding of multicast inbound traffic. Is broadcast (eg. 255.255.255.255) treated like multicast in the Linux kernel? I thought that because of IGMP and membership management they are quite separate. -- Marcin Szewczyk http://wodny.org
