Date: Mon, 3 Mar 1997 10:36:44 PST From: Bill Fenner <fenner@parc.xerox.com> To: Archie Cobbs <archie@whistle.com> Cc: freebsd-multimedia@freebsd.org Subject: Re: multicast firewall implications Message-ID: <97Mar3.103653pst.177476@crevenia.parc.xerox.com> In-Reply-To: Your message of "Sun, 02 Mar 97 18:28:27 PST." <199703030228.SAA23088@bubba.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Archie Cobbs <archie@whistle.com> wrote: >Is it sufficient to open a hole in the firewall for all traffic between >A and B for IP protocol 4 (IP-in-IP) only? You also need IP protocol 2 (IGMP) for the DVMRP routing messages. >To what degree does opening this hole compromise the security of the >internal network? It allows multicast traffic destined for groups to which internal machines are joined to flow onto your network. >What non-multicast traffic is associated with multi-cast routing or >with the popular MBONE applications (sdr, vat, vic, etc.), if any? Just the tunnel traffic you mentioned above. >Do IP packets destined for 224.x.x.x ever "jump across" into normal >class A, B, or C addresses? Only through an application designed to do so. Bill
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?97Mar3.103653pst.177476>