Date: Tue, 15 Nov 2005 23:35:02 +0100 From: Jany <sebosik@demax.sk> To: freebsd-pf@freebsd.org Subject: Multicast over NAT Message-ID: <437A6296.2010105@demax.sk>
next in thread | raw e-mail | index | archive | help
Hello in our network it is possible to watch TV and to hear radio over net (they are multicasted). I`ve got simple NAT on my FreeBSD 6 (pf.conf) box: ## PF config for my test box # ## macros ext_if = "fxp0" int_if = "ex0" ## tables table <lan_net> const { 192.168.1.0/24 } ## packet normalization scrub in all ## NAT nat on $ext_if from $int_if:network to any -> $ext_if # FTP workaround rdr pass on $int_if proto tcp from any to !($ext_if) port 21 -> 127.0.0.1 port 8021 # DC++ redir -port 19670 rdr pass on $ext_if proto {tcp,udp} from any to 195.62.17.204 port 19670 \ -> 192.168.1.2 # torrent to local LAN on port 41800:41810 rdr pass on $ext_if proto {tcp,udp} from any to $ext_if port 41800:41810 \ -> 192.168.1.2 port 41800:* ## packet filtering ####################################################################### ## default blocking policy block in log on $ext_if all ## antispoof-ing :) antispoof quick for $int_if inet ## lo0 all traffic passing pass on lo0 all ## allowing traffic to the LAN pass on $int_if from any to any flags S/SA keep state ## allow traffic to remote hosts from $ext_if pass out on $ext_if proto {tcp, udp} from $ext_if to any flags S/SA modulate state pass in log on $ext_if proto {tcp, udp} from any to $ext_if port {123, 53}\ keep state flags S/SA ## allow DNS resolving from local to 195.62.17.204 pass out on $int_if proto {tcp, udp} from $int_if:network to $int_if \ port 53 flags S/SA keep state pass out on lo0 proto {tcp, udp} from $ext_if to $ext_if port 53 keep state ## allowing ICMP from internet, 8-echo 0-echoreply 3-destination unreachable pass inet proto { icmp } icmp-type { 0, 3, 8 } keep state ## allowing torrent traffic pass in on $ext_if proto {tcp,udp} from any to 195.62.17.204 port \ { 6880 >< 6890, 40800 >< 40810, 41800 >< 41810 } flags S/SA keep state ## allow DC++ traffic pass in on $ext_if proto { tcp, udp } from any to 195.62.17.204 port 19670 flags S/SA keep state ## allow accessing FTP server from internet pass in log on $ext_if proto { tcp, udp } from any to 195.62.17.204 port 21 \ flags S/SA keep state pass in log on $ext_if proto { tcp, udp } from any to 195.62.17.204 port >= 49152 \ flags S/SA keep state ## FTP from local net pass in on $ext_if inet proto tcp from port 20 to ($ext_if) \ user proxy flags S/SA keep state I found that I need to allow packets with allow-opts (IGMP) - which I also tried, but it doesn`t help... If i trie to fetch playlist in VLC via SAP announces, it sends some IGMP packets to $int_if, but they won`t pass out on $ext_if. Is it possible to config Packet Filter to support multicast traffic.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?437A6296.2010105>