Date: Sun, 02 Mar 1997 19:10:51 -0800 From: Amancio Hasty <hasty@rah.star-gate.com> To: Archie Cobbs <archie@whistle.com> Cc: freebsd-multimedia@freebsd.org Subject: Re: multicast firewall implications Message-ID: <199703030310.TAA11521@rah.star-gate.com> In-Reply-To: Your message of "Sun, 02 Mar 1997 18:28:27 PST." <199703030228.SAA23088@bubba.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I think is safe to run ip multicast because usually there are no servers listening to ip multicast address. Most of the ip multicast apps are for audio, video, text, etc.. In a firewall environment , the problems come in when you want to do ip multicast to unicast, like with mtrace. Cheers, Amancio >From The Desk Of Archie Cobbs : > > I have a lot of questions... :-) > > What are the firewall implications of having a multicast router? Is there > an accepted standard way of safely combining the two? > > Suppose machine A is a protected internal machine, and this machine is to > run mrouted(8), serving as the local end of a multi-cast tunnel. The other > (upstream) end of the tunnel is machine B which is external. > > Is it sufficient to open a hole in the firewall for all traffic between > A and B for IP protocol 4 (IP-in-IP) only? > > To what degree does opening this hole compromise the security of the > internal network? > > What non-multicast traffic is associated with multi-cast routing or > with the popular MBONE applications (sdr, vat, vic, etc.), if any? > > Do IP packets destined for 224.x.x.x ever "jump across" into normal > class A, B, or C addresses? > > Thanks, > -Archie > > ___________________________________________________________________________ > Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703030310.TAA11521>