Argh; I'm sorry; forgot the attachment.
On Jan 19, 2008 8:00 PM, Matt Feifarek <[EMAIL PROTECTED]> wrote: > I sent this a couple of days ago, and don't see it in the archive, so I'm > assuming it didn't go through. If it did (or does) please excuse the > duplicate message. > > I've improved this a bit since then, based on some new discoveries and > I've included a "shorewall dump" in hopes that one of you generous folks > might find it useful. > > > ---------- Forwarded message ---------- > Date: Jan 17, 2008 4:31 PM > Subject: Allow multicast in Shorewall 3.4.4 > To: shorewall-users@lists.sourceforge.net > > Hello. > > I'm trying to allow multicast between zone $FW and zone loc. I have > verified that loc <--> loc is working, and I have verified that with > shorewall stopped, the machine that is $FW works with multicast, so > everything should be good with the kernel and modules needed for multicast. > > I'm using shorewall 3.4.4 on Ubuntu Gutsy x64, (the shell version not the > perl version). FWIW, I'm trying to run PulseAudio on the $FW machine and > have it use RTP audio sinks. > > Note that I do NOT need to route between interfaces; I just want the > internet subnet 10.0.0.0/24 to have RTP support, and have verified that it > works when shorewall is stopped when the $FW machine is part of > 10.0.0.0/24 with no firewalling. > > Looking through the archives, I see some very old (2002, 2005) > instructions for enabling multicast. I tried these instructions to no avail. > > I've tried this in policy: > loc $FW ACCEPT:allowBcast > $FW loc ACCEPT:allowBcast > > and this in rules: > ACCEPT:allowBcast $FW $FW: 224.0.0.0/4 > ACCEPT:allowBcast $FW loc:224.0.0.0/4 > ACCEPT:allowBcast loc $FW: 224.0.0.0/4 > > and this in rules: > allowBcast $FW $FW > allowBcast $FW loc > allowBcast loc $FW > > and this in rules: > ACCEPT $FW loc: 224.0.0.0/4 > ACCEPT loc $FW: 224.0.0.0/4 > > But no luck. > > Interestingly, I had to explicitly block 224.0.0.0/4 from going out my net > zone, or my connection got saturated and became useless. Still, I'm not > seeing anything in my logs about loc <--> $FW being dropped or rejected. > > I'd appreciate a tip; I'm sure it's something obvious that I'm > overlooking. > > Thanks; Shorewall has served me and my company very well with more > conventional configurations for more than 5 years! It's excellent software! > > -- Matt > >
shorewalldump.txt.bz2
Description: BZip2 compressed data
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
