Traversal of chains for muticast packets .

All of lore.kernel.org
 help / color / mirror / Atom feed

* Traversal of chains for muticast packets .
@ 2010-03-05  5:46 ratheesh k
  2010-03-05 10:52 ` ratheesh k
  0 siblings, 1 reply; 5+ messages in thread
From: ratheesh k @ 2010-03-05  5:46 UTC (permalink / raw)
  To: netfilter

Hi,

     "packets those are forwarded traverse thru   "NAT prerouting ->
Filter Forward -> NAT post Routing chains ."

      But in case of  multicast packets , i can see packets flowing
thru  "NAT prerouting -> Filter INPUT -> Filtert  Forward -> NAT post
routing chains . why it is so ?  .

      Note - > I am running igmpproxy for for multicast proxy .


Thanks,
Ratheesh.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Traversal of chains for muticast packets .
  2010-03-05  5:46 Traversal of chains for muticast packets ratheesh k
@ 2010-03-05 10:52 ` ratheesh k
  2010-03-05 11:00   ` Mart Frauenlob
  0 siblings, 1 reply; 5+ messages in thread
From: ratheesh k @ 2010-03-05 10:52 UTC (permalink / raw)
  To: netfilter

My gateway machine has two interfaces , eth0 is connected to wan and
eth1 is connected to lan side .


iptable -A    INPUT   -i eth0  -p igmp -d 224.0.0.1 -j ACCEPT
iptables -A  INPUT   -i eth0  -p igmp -d 224.0.0.2  -j ACCEPT
iptables  -A INPUT  -i eth0  -j   DROP
iptables  -A INPUT -i eth1 -j ACCEPT


iptables -A FORWARD -i eth0 -o eth1 -p udp -d  mutlicast-address -j ACCEPT

I have above rules , but  i cannot see mutlicast packets in my lan
client . But if i have
below rules , it is working . Why i need all rules to be called both
in forward and input chain ?
Am i missing something ?


iptables -A  igmp-rule -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT
iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.2  -j ACCEPT
iptables -A igmp-rule -i eth0 -o eth1 -p udp -d  mutlicast-address -j ACCEPT

iptables -A INPUT -j igmp-rule
iptables -A FORWARD -j igmp-rule






On Fri, Mar 5, 2010 at 11:16 AM, ratheesh k <ratheesh.ksz@gmail.com> wrote:
> Hi,
>
>     "packets those are forwarded traverse thru   "NAT prerouting ->
> Filter Forward -> NAT post Routing chains ."
>
>      But in case of  multicast packets , i can see packets flowing
> thru  "NAT prerouting -> Filter INPUT -> Filtert  Forward -> NAT post
> routing chains . why it is so ?  .
>
>      Note - > I am running igmpproxy for for multicast proxy .
>
>
> Thanks,
> Ratheesh.
>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Traversal of chains for muticast packets .
  2010-03-05 10:52 ` ratheesh k
@ 2010-03-05 11:00   ` Mart Frauenlob
  2010-03-05 11:37     ` ratheesh k
  0 siblings, 1 reply; 5+ messages in thread
From: Mart Frauenlob @ 2010-03-05 11:00 UTC (permalink / raw)
  To: netfilter

On 05.03.2010 11:53, netfilter-owner@vger.kernel.org wrote:
> My gateway machine has two interfaces , eth0 is connected to wan and
> eth1 is connected to lan side .
> 
> 
> iptable -A    INPUT   -i eth0  -p igmp -d 224.0.0.1 -j ACCEPT
> iptables -A  INPUT   -i eth0  -p igmp -d 224.0.0.2  -j ACCEPT
> iptables  -A INPUT  -i eth0  -j   DROP
> iptables  -A INPUT -i eth1 -j ACCEPT
> 
> 
> iptables -A FORWARD -i eth0 -o eth1 -p udp -d  mutlicast-address -j ACCEPT
> 
> I have above rules , but  i cannot see mutlicast packets in my lan
> client . But if i have
> below rules , it is working . Why i need all rules to be called both
> in forward and input chain ?
> Am i missing something ?
> 
> 
> iptables -A  igmp-rule -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT
> iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.2  -j ACCEPT
> iptables -A igmp-rule -i eth0 -o eth1 -p udp -d  mutlicast-address -j ACCEPT
> 
> iptables -A INPUT -j igmp-rule
> iptables -A FORWARD -j igmp-rule
> 
> 
> 
> 
> 
> 
> On Fri, Mar 5, 2010 at 11:16 AM, ratheesh k <ratheesh.ksz@gmail.com> wrote:
>> Hi,
>>
>>     "packets those are forwarded traverse thru   "NAT prerouting ->
>> Filter Forward -> NAT post Routing chains ."
>>
>>      But in case of  multicast packets , i can see packets flowing
>> thru  "NAT prerouting -> Filter INPUT -> Filtert  Forward -> NAT post
>> routing chains . why it is so ?  .
>>
>>      Note - > I am running igmpproxy for for multicast proxy .
>>
>>
>> Thanks,
>> Ratheesh.
>>

Because you don't do any DNAT, it's your igmproxy which routes the
packets. Thus what was INPUT has become FORWARD.

Best regards

Mart

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Traversal of chains for muticast packets .
  2010-03-05 11:00   ` Mart Frauenlob
@ 2010-03-05 11:37     ` ratheesh k
  2010-03-07  6:34       ` ratheesh k
  0 siblings, 1 reply; 5+ messages in thread
From: ratheesh k @ 2010-03-05 11:37 UTC (permalink / raw)
  To: netfilter

On Fri, Mar 5, 2010 at 4:30 PM, Mart Frauenlob <mart.frauenlob@chello.at> wrote:
> On 05.03.2010 11:53, netfilter-owner@vger.kernel.org wrote:
>> My gateway machine has two interfaces , eth0 is connected to wan and
>> eth1 is connected to lan side .
>>
>>
>> iptable -A    INPUT   -i eth0  -p igmp -d 224.0.0.1 -j ACCEPT
>> iptables -A  INPUT   -i eth0  -p igmp -d 224.0.0.2  -j ACCEPT
>> iptables  -A INPUT  -i eth0  -j   DROP
>> iptables  -A INPUT -i eth1 -j ACCEPT
>>
>>
>> iptables -A FORWARD -i eth0 -o eth1 -p udp -d  mutlicast-address -j ACCEPT
>>
>> I have above rules , but  i cannot see mutlicast packets in my lan
>> client . But if i have
>> below rules , it is working . Why i need all rules to be called both
>> in forward and input chain ?
>> Am i missing something ?
>>
>>
>> iptables -A  igmp-rule -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT
>> iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.2  -j ACCEPT
>> iptables -A igmp-rule -i eth0 -o eth1 -p udp -d  mutlicast-address -j ACCEPT
>>
>> iptables -A INPUT -j igmp-rule
>> iptables -A FORWARD -j igmp-rule
>>
>>
>>
>>
>>
>>
>> On Fri, Mar 5, 2010 at 11:16 AM, ratheesh k <ratheesh.ksz@gmail.com> wrote:
>>> Hi,
>>>
>>>     "packets those are forwarded traverse thru   "NAT prerouting ->
>>> Filter Forward -> NAT post Routing chains ."
>>>
>>>      But in case of  multicast packets , i can see packets flowing
>>> thru  "NAT prerouting -> Filter INPUT -> Filtert  Forward -> NAT post
>>> routing chains . why it is so ?  .
>>>
>>>      Note - > I am running igmpproxy for for multicast proxy .
>>>
>>>
>>> Thanks,
>>> Ratheesh.
>>>
>
> Because you don't do any DNAT, it's your igmproxy which routes the
> packets. Thus what was INPUT has become FORWARD.
>
> Best regards
>
> Mart
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Iif so , can   we remove  following rules from FORWARD chain ?

   iptables -A FORWARD -p igmp -d 224.0.0.1 -j ACCEPT
   iptables -A FORWARD -p igmp -d 224.0.0.2 -j ACCEPT

Thanks,
Ratheesh

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Traversal of chains for muticast packets .
  2010-03-05 11:37     ` ratheesh k
@ 2010-03-07  6:34       ` ratheesh k
  0 siblings, 0 replies; 5+ messages in thread
From: ratheesh k @ 2010-03-07  6:34 UTC (permalink / raw)
  To: netfilter

On Fri, Mar 5, 2010 at 5:07 PM, ratheesh k <ratheesh.ksz@gmail.com> wrote:
> On Fri, Mar 5, 2010 at 4:30 PM, Mart Frauenlob <mart.frauenlob@chello.at> wrote:
>> On 05.03.2010 11:53, netfilter-owner@vger.kernel.org wrote:
>>> My gateway machine has two interfaces , eth0 is connected to wan and
>>> eth1 is connected to lan side .
>>>
>>>
>>> iptable -A    INPUT   -i eth0  -p igmp -d 224.0.0.1 -j ACCEPT
>>> iptables -A  INPUT   -i eth0  -p igmp -d 224.0.0.2  -j ACCEPT
>>> iptables  -A INPUT  -i eth0  -j   DROP
>>> iptables  -A INPUT -i eth1 -j ACCEPT
>>>
>>>
>>> iptables -A FORWARD -i eth0 -o eth1 -p udp -d  mutlicast-address -j ACCEPT
>>>
>>> I have above rules , but  i cannot see mutlicast packets in my lan
>>> client . But if i have
>>> below rules , it is working . Why i need all rules to be called both
>>> in forward and input chain ?
>>> Am i missing something ?
>>>
>>>
>>> iptables -A  igmp-rule -i eth0 -p igmp -d 224.0.0.1 -j ACCEPT
>>> iptables -A igmp-rule -i eth0 -p igmp -d 224.0.0.2  -j ACCEPT
>>> iptables -A igmp-rule -i eth0 -o eth1 -p udp -d  mutlicast-address -j ACCEPT
>>>
>>> iptables -A INPUT -j igmp-rule
>>> iptables -A FORWARD -j igmp-rule
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Mar 5, 2010 at 11:16 AM, ratheesh k <ratheesh.ksz@gmail.com> wrote:
>>>> Hi,
>>>>
>>>>     "packets those are forwarded traverse thru   "NAT prerouting ->
>>>> Filter Forward -> NAT post Routing chains ."
>>>>
>>>>      But in case of  multicast packets , i can see packets flowing
>>>> thru  "NAT prerouting -> Filter INPUT -> Filtert  Forward -> NAT post
>>>> routing chains . why it is so ?  .
>>>>
>>>>      Note - > I am running igmpproxy for for multicast proxy .
>>>>
>>>>
>>>> Thanks,
>>>> Ratheesh.
>>>>
>>
>> Because you don't do any DNAT, it's your igmproxy which routes the
>> packets. Thus what was INPUT has become FORWARD.
>>
>> Best regards
>>
>> Mart
>> --
>> To unsubscribe from this list: send the line "unsubscribe netfilter" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>
>
> Iif so , can   we remove  following rules from FORWARD chain ?
>
>   iptables -A FORWARD -p igmp -d 224.0.0.1 -j ACCEPT
>   iptables -A FORWARD -p igmp -d 224.0.0.2 -j ACCEPT
>
> Thanks,
> Ratheesh
>

do we need to forward packets destined to 224.0.0.1 , 224.0.0.2 ????

thanks,
ratheesh

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2010-03-07  6:34 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-03-05  5:46 Traversal of chains for muticast packets ratheesh k
2010-03-05 10:52 ` ratheesh k
2010-03-05 11:00   ` Mart Frauenlob
2010-03-05 11:37     ` ratheesh k
2010-03-07  6:34       ` ratheesh k

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.