From owner-freebsd-multimedia  Mon Mar  3 10:41:55 1997
Return-Path: <owner-multimedia>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id KAA19971
          for multimedia-outgoing; Mon, 3 Mar 1997 10:41:55 -0800 (PST)
Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93])
          by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id KAA19966
          for <freebsd-multimedia@freebsd.org>; Mon, 3 Mar 1997 10:41:51 -0800 (PST)
Received: from crevenia.parc.xerox.com ([13.2.116.11]) by alpha.xerox.com with SMTP id <16885(6)>; Mon, 3 Mar 1997 10:37:18 PST
Received: from localhost by crevenia.parc.xerox.com with SMTP id <177476>; Mon, 3 Mar 1997 10:36:53 -0800
To: Archie Cobbs <archie@whistle.com>
cc: freebsd-multimedia@freebsd.org
Subject: Re: multicast firewall implications 
In-reply-to: Your message of "Sun, 02 Mar 97 18:28:27 PST."
             <199703030228.SAA23088@bubba.whistle.com> 
Date: Mon, 3 Mar 1997 10:36:44 PST
From: Bill Fenner <fenner@parc.xerox.com>
Message-Id: <97Mar3.103653pst.177476@crevenia.parc.xerox.com>
Sender: owner-multimedia@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Archie Cobbs <archie@whistle.com> wrote:
>Is it sufficient to open a hole in the firewall for all traffic between
>A and B for IP protocol 4 (IP-in-IP) only?

You also need IP protocol 2 (IGMP) for the DVMRP routing messages.

>To what degree does opening this hole compromise the security of the
>internal network?

It allows multicast traffic destined for groups to which internal
machines are joined to flow onto your network.

>What non-multicast traffic is associated with multi-cast routing or
>with the popular MBONE applications (sdr, vat, vic, etc.), if any?

Just the tunnel traffic you mentioned above.

>Do IP packets destined for 224.x.x.x ever "jump across" into normal
>class A, B, or C addresses?

Only through an application designed to do so.

  Bill