From owner-freebsd-multimedia  Mon Mar  3 14:07:33 1997
Return-Path: <owner-multimedia>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id OAA01581
          for multimedia-outgoing; Mon, 3 Mar 1997 14:07:33 -0800 (PST)
Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93])
          by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id OAA01575
          for <freebsd-multimedia@freebsd.org>; Mon, 3 Mar 1997 14:07:29 -0800 (PST)
Received: from crevenia.parc.xerox.com ([13.2.116.11]) by alpha.xerox.com with SMTP id <15925(3)>; Mon, 3 Mar 1997 14:06:48 PST
Received: from localhost by crevenia.parc.xerox.com with SMTP id <177476>; Mon, 3 Mar 1997 14:06:42 -0800
To: Archie Cobbs <archie@whistle.com>
cc: fenner@parc.xerox.com (Bill Fenner), freebsd-multimedia@freebsd.org
Subject: Re: multicast firewall implications 
In-reply-to: Your message of "Mon, 03 Mar 97 12:01:04 PST."
             <199703032001.MAA26146@bubba.whistle.com> 
Date: Mon, 3 Mar 1997 14:06:31 PST
From: Bill Fenner <fenner@parc.xerox.com>
Message-Id: <97Mar3.140642pst.177476@crevenia.parc.xerox.com>
Sender: owner-multimedia@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Archie Cobbs <archie@whistle.com> wrote:
>So assuming you had a mrouted(8) tunnel between remote-gw (external
>machine on the ISP's network) and local-gw (internal machine behind
>the firewall) you might install these "holes" on some intervening
>packet filtering machine...
>
>  ipfw add 100 allow igmp    from remote-gw local-gw
>  ipfw add 100 allow igmp    from local-gw  remote-gw
>  ipfw add 100 allow ipencap from remote-gw local-gw
>  ipfw add 100 allow ipencap from local-gw  remote-gw
>
>...and this would be all you would need? Looks pretty easy then.

Yup, looks right.

  Bill