From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Furniss Date: Mon, 12 Dec 2005 02:08:54 +0000 Subject: Re: [LARTC] UDP multicast stream and NAT Message-Id: <439CDBB6.5070307@dsl.pipex.com> List-Id: References: <20051207221003.32802.qmail@web60924.mail.yahoo.com> In-Reply-To: <20051207221003.32802.qmail@web60924.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Andy Furniss wrote: > Gabriel wrote: > >> Hi, my ISP is streaming some local concert using UDP >> multicasting. I followed the instructions on the site which >> described how to set VLC in order to view the stream, but >> it didn't work. I am behind a Linux router/firewall doing >> NAT. Using google, I quickly found out that the >> netfilter/conntrack code doesn't support NATing multicast >> traffic. I thought about bridging the internet facing >> interface (eth0) and (one of) the internal interfaces (the >> one my computer is plugged into). This way I could set my >> IP to be public and no routing/NAT would be done on the >> Linux box. The only problem is that the box has 2 more NICs >> in it and there are other people connected to those NICs >> that need to use that connection (hence need to be NATed). >> >> Then I tried thinking about a DMZ-like solution where my >> box would be in the DMZ, but I can't see that working >> either because I only have one public IP assigned. >> >> Can anyone think of any other way for me to be able to view >> the stream? >> >> Thanks. >> > > I also don't think the bridging will work. > > AIUI stateless NAT using ip doesn't work with 2.6 kernels so thinking > about iptables only. > > Maybe you could get something working with the raw table, you can bypass > conntrack with that but then I am not sure if you could dnat it ... > > There is another iptables target ROUTE maybe you could use that. If the > LAN PC is running Linux then you could setup a vlan/tunnel/something and > ROUTE it down there. > > I would also ask this on the netfilter users list. Anothe thought - I would tcpdump on the internet interface and check if you can see multicast traffic. If you can then try making a normal dnat rule something like - iptables -I PREROUTING -t nat -i ppp0 --src 224.0.0.0/4 -j DNAT --to 192.168.0.3 I don't think my isp does multicast - so I have never tried to get it to work and haven't got a clue really :-) Andy. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc