* Traversal of chains for muticast packets .
@ 2010-03-05 5:46 ratheesh k
2010-03-05 10:52 ` ratheesh k
0 siblings, 1 reply; 5+ messages in thread
From: ratheesh k @ 2010-03-05 5:46 UTC (permalink / raw)
To: netfilter
Hi,
"packets those are forwarded traverse thru "NAT prerouting ->
Filter Forward -> NAT post Routing chains ."
But in case of multicast packets , i can see packets flowing
thru "NAT prerouting -> Filter INPUT -> Filtert Forward -> NAT post
routing chains . why it is so ? .
Note - > I am running igmpproxy for for multicast proxy .
Thanks,
Ratheesh.
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: Traversal of chains for muticast packets . 2010-03-05 5:46 Traversal of chains for muticast packets ratheesh k @ 2010-03-05 10:52 ` ratheesh k 2010-03-05 11:00 ` Mart Frauenlob 0 siblings, 1 reply; 5+ messages in thread From: ratheesh k @ 2010-03-05 10:52 UTC (permalink / raw) To: netfilter My gateway machine has two interfaces , eth0 is connected to wan and eth1 is connected to lan side . iptable -A INPUT -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT iptables -A INPUT -i eth0 -p igmp -d 224.0.0.2 -j ACCEPT iptables -A INPUT -i eth0 -j DROP iptables -A INPUT -i eth1 -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -p udp -d mutlicast-address -j ACCEPT I have above rules , but i cannot see mutlicast packets in my lan client . But if i have below rules , it is working . Why i need all rules to be called both in forward and input chain ? Am i missing something ? iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.2 -j ACCEPT iptables -A igmp-rule -i eth0 -o eth1 -p udp -d mutlicast-address -j ACCEPT iptables -A INPUT -j igmp-rule iptables -A FORWARD -j igmp-rule On Fri, Mar 5, 2010 at 11:16 AM, ratheesh k <ratheesh.ksz@gmail.com> wrote: > Hi, > > "packets those are forwarded traverse thru "NAT prerouting -> > Filter Forward -> NAT post Routing chains ." > > But in case of multicast packets , i can see packets flowing > thru "NAT prerouting -> Filter INPUT -> Filtert Forward -> NAT post > routing chains . why it is so ? . > > Note - > I am running igmpproxy for for multicast proxy . > > > Thanks, > Ratheesh. > ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Traversal of chains for muticast packets . 2010-03-05 10:52 ` ratheesh k @ 2010-03-05 11:00 ` Mart Frauenlob 2010-03-05 11:37 ` ratheesh k 0 siblings, 1 reply; 5+ messages in thread From: Mart Frauenlob @ 2010-03-05 11:00 UTC (permalink / raw) To: netfilter On 05.03.2010 11:53, netfilter-owner@vger.kernel.org wrote: > My gateway machine has two interfaces , eth0 is connected to wan and > eth1 is connected to lan side . > > > iptable -A INPUT -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT > iptables -A INPUT -i eth0 -p igmp -d 224.0.0.2 -j ACCEPT > iptables -A INPUT -i eth0 -j DROP > iptables -A INPUT -i eth1 -j ACCEPT > > > iptables -A FORWARD -i eth0 -o eth1 -p udp -d mutlicast-address -j ACCEPT > > I have above rules , but i cannot see mutlicast packets in my lan > client . But if i have > below rules , it is working . Why i need all rules to be called both > in forward and input chain ? > Am i missing something ? > > > iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT > iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.2 -j ACCEPT > iptables -A igmp-rule -i eth0 -o eth1 -p udp -d mutlicast-address -j ACCEPT > > iptables -A INPUT -j igmp-rule > iptables -A FORWARD -j igmp-rule > > > > > > > On Fri, Mar 5, 2010 at 11:16 AM, ratheesh k <ratheesh.ksz@gmail.com> wrote: >> Hi, >> >> "packets those are forwarded traverse thru "NAT prerouting -> >> Filter Forward -> NAT post Routing chains ." >> >> But in case of multicast packets , i can see packets flowing >> thru "NAT prerouting -> Filter INPUT -> Filtert Forward -> NAT post >> routing chains . why it is so ? . >> >> Note - > I am running igmpproxy for for multicast proxy . >> >> >> Thanks, >> Ratheesh. >> Because you don't do any DNAT, it's your igmproxy which routes the packets. Thus what was INPUT has become FORWARD. Best regards Mart ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Traversal of chains for muticast packets . 2010-03-05 11:00 ` Mart Frauenlob @ 2010-03-05 11:37 ` ratheesh k 2010-03-07 6:34 ` ratheesh k 0 siblings, 1 reply; 5+ messages in thread From: ratheesh k @ 2010-03-05 11:37 UTC (permalink / raw) To: netfilter On Fri, Mar 5, 2010 at 4:30 PM, Mart Frauenlob <mart.frauenlob@chello.at> wrote: > On 05.03.2010 11:53, netfilter-owner@vger.kernel.org wrote: >> My gateway machine has two interfaces , eth0 is connected to wan and >> eth1 is connected to lan side . >> >> >> iptable -A INPUT -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT >> iptables -A INPUT -i eth0 -p igmp -d 224.0.0.2 -j ACCEPT >> iptables -A INPUT -i eth0 -j DROP >> iptables -A INPUT -i eth1 -j ACCEPT >> >> >> iptables -A FORWARD -i eth0 -o eth1 -p udp -d mutlicast-address -j ACCEPT >> >> I have above rules , but i cannot see mutlicast packets in my lan >> client . But if i have >> below rules , it is working . Why i need all rules to be called both >> in forward and input chain ? >> Am i missing something ? >> >> >> iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT >> iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.2 -j ACCEPT >> iptables -A igmp-rule -i eth0 -o eth1 -p udp -d mutlicast-address -j ACCEPT >> >> iptables -A INPUT -j igmp-rule >> iptables -A FORWARD -j igmp-rule >> >> >> >> >> >> >> On Fri, Mar 5, 2010 at 11:16 AM, ratheesh k <ratheesh.ksz@gmail.com> wrote: >>> Hi, >>> >>> "packets those are forwarded traverse thru "NAT prerouting -> >>> Filter Forward -> NAT post Routing chains ." >>> >>> But in case of multicast packets , i can see packets flowing >>> thru "NAT prerouting -> Filter INPUT -> Filtert Forward -> NAT post >>> routing chains . why it is so ? . >>> >>> Note - > I am running igmpproxy for for multicast proxy . >>> >>> >>> Thanks, >>> Ratheesh. >>> > > Because you don't do any DNAT, it's your igmproxy which routes the > packets. Thus what was INPUT has become FORWARD. > > Best regards > > Mart > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Iif so , can we remove following rules from FORWARD chain ? iptables -A FORWARD -p igmp -d 224.0.0.1 -j ACCEPT iptables -A FORWARD -p igmp -d 224.0.0.2 -j ACCEPT Thanks, Ratheesh ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Traversal of chains for muticast packets . 2010-03-05 11:37 ` ratheesh k @ 2010-03-07 6:34 ` ratheesh k 0 siblings, 0 replies; 5+ messages in thread From: ratheesh k @ 2010-03-07 6:34 UTC (permalink / raw) To: netfilter On Fri, Mar 5, 2010 at 5:07 PM, ratheesh k <ratheesh.ksz@gmail.com> wrote: > On Fri, Mar 5, 2010 at 4:30 PM, Mart Frauenlob <mart.frauenlob@chello.at> wrote: >> On 05.03.2010 11:53, netfilter-owner@vger.kernel.org wrote: >>> My gateway machine has two interfaces , eth0 is connected to wan and >>> eth1 is connected to lan side . >>> >>> >>> iptable -A INPUT -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT >>> iptables -A INPUT -i eth0 -p igmp -d 224.0.0.2 -j ACCEPT >>> iptables -A INPUT -i eth0 -j DROP >>> iptables -A INPUT -i eth1 -j ACCEPT >>> >>> >>> iptables -A FORWARD -i eth0 -o eth1 -p udp -d mutlicast-address -j ACCEPT >>> >>> I have above rules , but i cannot see mutlicast packets in my lan >>> client . But if i have >>> below rules , it is working . Why i need all rules to be called both >>> in forward and input chain ? >>> Am i missing something ? >>> >>> >>> iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT >>> iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.2 -j ACCEPT >>> iptables -A igmp-rule -i eth0 -o eth1 -p udp -d mutlicast-address -j ACCEPT >>> >>> iptables -A INPUT -j igmp-rule >>> iptables -A FORWARD -j igmp-rule >>> >>> >>> >>> >>> >>> >>> On Fri, Mar 5, 2010 at 11:16 AM, ratheesh k <ratheesh.ksz@gmail.com> wrote: >>>> Hi, >>>> >>>> "packets those are forwarded traverse thru "NAT prerouting -> >>>> Filter Forward -> NAT post Routing chains ." >>>> >>>> But in case of multicast packets , i can see packets flowing >>>> thru "NAT prerouting -> Filter INPUT -> Filtert Forward -> NAT post >>>> routing chains . why it is so ? . >>>> >>>> Note - > I am running igmpproxy for for multicast proxy . >>>> >>>> >>>> Thanks, >>>> Ratheesh. >>>> >> >> Because you don't do any DNAT, it's your igmproxy which routes the >> packets. Thus what was INPUT has become FORWARD. >> >> Best regards >> >> Mart >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" in >> the body of a message to majordomo@vger.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> > > Iif so , can we remove following rules from FORWARD chain ? > > iptables -A FORWARD -p igmp -d 224.0.0.1 -j ACCEPT > iptables -A FORWARD -p igmp -d 224.0.0.2 -j ACCEPT > > Thanks, > Ratheesh > do we need to forward packets destined to 224.0.0.1 , 224.0.0.2 ???? thanks, ratheesh ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2010-03-07 6:34 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2010-03-05 5:46 Traversal of chains for muticast packets ratheesh k 2010-03-05 10:52 ` ratheesh k 2010-03-05 11:00 ` Mart Frauenlob 2010-03-05 11:37 ` ratheesh k 2010-03-07 6:34 ` ratheesh k
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.