LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Iptables reroute to multicast (https://www.linuxquestions.org/questions/linux-networking-3/iptables-reroute-to-multicast-919871/)

UnixL 12-21-2011 02:49 PM
Iptables reroute to multicast
 
I created a thread on another forum that isn't as busy as this one, but I'm not sure that I explained it right. I hope you guys don't mind if I give it a go here. I read the sticky and it seems like my problem fits in here.

I have 3 linux desktops. A, B, and C.
A sends Multicast Packets to B(which has 2 NICs, a receive and a send). B is subscribing to 231.1.1.1. I verified that B gets the packets with tcpdump.

If I want to stop B from getting the packets, I can do:
Code:
iptables -A INPUT -i [interface] -j DROP
.
This works. As soon as I do the same command with -D instead of -A, the packets start showing up again.

I then use the command:
Code:
route add -net 232.1.1.1 netmast 255.255.255.255 dev [interface]
on B.
And then on C I use the command:
Code:
route add -host 232.1.1.1 dev [interface]
While on B if I use the command
Code:
ping 232.1.1.1
, then C will receive the ping (I can see the ping with tcpdump).

I just want B to be a router, so in the future when I get MC packets from local machines (it is not connected to the outside world), it will forward them to machine C.

I found out about "prerouting", which basically takes the destination address and changes it, right? So I thought if it was destined for 231.1.1.1, and I did a command that rerouted it to 232.1.1.1, then it would work. Apparently not. I used the command:
Code:
iptables -t nat -A PREROUTING -i [interface] -j DNAT --to 232.1.1.1
[I thought]This would change anything coming in through this interface and send it to 232.1.1.1. Nope.
I dropped -i [interface]. So [I thought] anything coming in would get sent to 232.1.1.1. Nope.

I looked at [Click Here to Find Similar Threads], but I'm not sure that they applied to what I'm trying to do.

Is there a program that would make this job easier? Am I missing something? Btw, I deleted all iptable rules before doing this. I went back and allowed everything.

Sorry for the wall of text, please let me know if I left something out. I would really appreciate any input. I've been troubleshooting this and a bunch of other stuff on this the past couple of weeks.

Edit: I've also tried adding -m pkttype --pkt-type multicast and it did not help.

[idea]Is there something similar to ping that I could test to see if B forwards after getting it from A?

I'm pretty sure that it's something that I'm not understanding, and not something that's failing.

Now that I've re-read this 5 times, maybe it was dumb to delete all of the rules. Time to do more reading. I am allowing everything in INPUT/OUTPUT/FORWARD.

It looks like I had forwarding disabled.
in /etc/sysctl.conf (make a backup if you do this)
net.ipv4.ip_forward = 0 (change to = 1)
execute:
Code:
sysctl -p /etc/sysctl.conf


All times are GMT -5. The time now is 10:10 PM.