From: Mart Frauenlob <mart.frauenlob@chello.at>
To: netfilter@vger.kernel.org
Subject: Re: Traversal of chains for muticast packets .
Date: Fri, 05 Mar 2010 12:00:02 +0100 [thread overview]
Message-ID: <4B90E432.8080802@chello.at> (raw)
In-Reply-To: <cfeab66d1003050252n27fb7fa2s5ff92a30b0874566@mail.gmail.com>
On 05.03.2010 11:53, netfilter-owner@vger.kernel.org wrote:
> My gateway machine has two interfaces , eth0 is connected to wan and
> eth1 is connected to lan side .
>
>
> iptable -A INPUT -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT
> iptables -A INPUT -i eth0 -p igmp -d 224.0.0.2 -j ACCEPT
> iptables -A INPUT -i eth0 -j DROP
> iptables -A INPUT -i eth1 -j ACCEPT
>
>
> iptables -A FORWARD -i eth0 -o eth1 -p udp -d mutlicast-address -j ACCEPT
>
> I have above rules , but i cannot see mutlicast packets in my lan
> client . But if i have
> below rules , it is working . Why i need all rules to be called both
> in forward and input chain ?
> Am i missing something ?
>
>
> iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT
> iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.2 -j ACCEPT
> iptables -A igmp-rule -i eth0 -o eth1 -p udp -d mutlicast-address -j ACCEPT
>
> iptables -A INPUT -j igmp-rule
> iptables -A FORWARD -j igmp-rule
>
>
>
>
>
>
> On Fri, Mar 5, 2010 at 11:16 AM, ratheesh k <ratheesh.ksz@gmail.com> wrote:
>> Hi,
>>
>> "packets those are forwarded traverse thru "NAT prerouting ->
>> Filter Forward -> NAT post Routing chains ."
>>
>> But in case of multicast packets , i can see packets flowing
>> thru "NAT prerouting -> Filter INPUT -> Filtert Forward -> NAT post
>> routing chains . why it is so ? .
>>
>> Note - > I am running igmpproxy for for multicast proxy .
>>
>>
>> Thanks,
>> Ratheesh.
>>
Because you don't do any DNAT, it's your igmproxy which routes the
packets. Thus what was INPUT has become FORWARD.
Best regards
Mart
next prev parent reply other threads:[~2010-03-05 11:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-05 5:46 Traversal of chains for muticast packets ratheesh k
2010-03-05 10:52 ` ratheesh k
2010-03-05 11:00 ` Mart Frauenlob [this message]
2010-03-05 11:37 ` ratheesh k
2010-03-07 6:34 ` ratheesh k
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B90E432.8080802@chello.at \
--to=mart.frauenlob@chello.at \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox