From owner-freebsd-multimedia  Sun Mar  2 19:10:56 1997
Return-Path: <owner-multimedia>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id TAA23999
          for multimedia-outgoing; Sun, 2 Mar 1997 19:10:56 -0800 (PST)
Received: from rah.star-gate.com (rah.star-gate.com [204.188.121.18])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id TAA23994
          for <freebsd-multimedia@freebsd.org>; Sun, 2 Mar 1997 19:10:53 -0800 (PST)
Received: from rah.star-gate.com (localhost.star-gate.com [127.0.0.1]) by rah.star-gate.com (8.8.5/8.7.3) with ESMTP id TAA11521; Sun, 2 Mar 1997 19:10:52 -0800 (PST)
Message-Id: <199703030310.TAA11521@rah.star-gate.com>
X-Mailer: exmh version 1.6.9 8/22/96
To: Archie Cobbs <archie@whistle.com>
cc: freebsd-multimedia@freebsd.org
Subject: Re: multicast firewall implications 
In-reply-to: Your message of "Sun, 02 Mar 1997 18:28:27 PST."
             <199703030228.SAA23088@bubba.whistle.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 02 Mar 1997 19:10:51 -0800
From: Amancio Hasty <hasty@rah.star-gate.com>
Sender: owner-multimedia@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Hi,

I think is safe to run ip multicast because usually there are no servers
listening to ip multicast address. Most of the ip multicast apps are for
audio, video, text, etc..

In a firewall environment , the problems come in when you want to do
ip multicast to unicast, like with mtrace.

	Cheers,
	Amancio

>From The Desk Of Archie Cobbs :
> 
> I have a lot of questions... :-)
> 
> What are the firewall implications of having a multicast router? Is there
> an accepted standard way of safely combining the two?
> 
> Suppose machine A is a protected internal machine, and this machine is to
> run mrouted(8), serving as the local end of a multi-cast tunnel. The other
> (upstream) end of the tunnel is machine B which is external.
> 
> Is it sufficient to open a hole in the firewall for all traffic between
> A and B for IP protocol 4 (IP-in-IP) only?
> 
> To what degree does opening this hole compromise the security of the
> internal network?
> 
> What non-multicast traffic is associated with multi-cast routing or
> with the popular MBONE applications (sdr, vat, vic, etc.), if any?
> 
> Do IP packets destined for 224.x.x.x ever "jump across" into normal
> class A, B, or C addresses?
> 
> Thanks,
> -Archie
> 
> ___________________________________________________________________________
> Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com