Re: [Shorewall-users] Enabling multicast through shorewall

Fri, 01 Aug 2008 03:34:42 -0700 

Ok, got it.  Here's what it took (and I was just misreading the Shorewall
docs, as usual):

zones:
mc      ipv4

hosts:
mc      eth0:224.0.0.0/4        destonly

policy:
mc      all     REJECT  INFO
all     mc      REJECT  INFO

rules:
ACCEPT  $FW     mc      udp     45564
ACCEPT  loc     $FW     udp     45564

shorewall.conf:
MULTICAST=Yes

routing table:
be sure there's a route for net 224.0.0.0 netmask 240.0.0.0 dev eth0

As usual, get this working first before setting up Shorewall.

Easy.  This was non-intuitive for me because in this case, the dest IP for
incoming packets is 228.0.0.4, not the IP address for eth0.

    John


On Fri, Aug 1, 2008 at 1:50 PM, John Morris <[EMAIL PROTECTED]> wrote:
> Dear list,
>
> Our tomcat cluster is working on our DMZ, and we would like to protect the
> individual nodes with Shorewall.
>
> Tomcat clustering uses multicast on the LAN for nodes to advertise that
they
> are running and to join a cluster.  Here are two packets from two nodes at
> 192.168.200.11+17 captured by tcpdump:
>
> 19:53:00.695849 IP 192.168.200.11 > 224.0.0.22: igmp v3 report, 1 group
> record(s)
> 19:53:02.693806 IP 192.168.200.11.45564 > 228.0.0.4.45564: UDP, length 52
> 19:53:02.696124 IP 192.168.200.17.45564 > 228.0.0.4.45564: UDP, length 52
>
> The first type of packet is seemingly only transmitted for some time after
> tomcat is first started.
> The second type of packet is transmitted once a second from each node as
> long as the cluster is running.
>
> There's a MULTICAST switch for shorewall.conf and a destonly flag for the
> shorewall-hosts file.  I understand these are for outgoing packets.  What
> kind of configuration should there be to allow the above types of incoming
> packets?
>
> Thanks.
>
>     John
>
>

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to