|
multicast and firewall, Please help!
Hi! Could someone pass me the syntax to enable certain(or all) multicast address in iptables?
I have a program does multicast, it runs well only if I shut down my firewall. I am using Fedora 9. Thanks in advance! |
Hi qspares,
You could try something like: iptables -A INPUT -m addrtype --src-type MULTICAST -j ACCEPT cheers, kbp |
Tried it, but doesn't seem to work, also tried dst-type, still doesn't work.
As soon as I shut the firewall off, I immediately got the multicast packages :( |
Could you post the whole iptables config please qspares?
'iptables -L' thanks |
Here it is:
rt@sun#/>iptables -A INPUT -m addrtype --src-type MULTICAST -j ACCEPT rt@sun#/>iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination DROP all -- softbank220000000000.bbtec.net/6 anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:yo-main ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns REJECT all -- anywhere anywhere reject-with icmp-host-prohibited ACCEPT all -- anywhere anywhere ADDRTYPE match src-type MULTICAST Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination rt@sun#/> |
Hi qspares,
I see the problem, you have a 'reject all' line, you will need to insert the multicast line before this one. Use 'iptables -L --line-numbers' to display the line number of each rule then change: iptables -A INPUT -m addrtype --src-type MULTICAST -j ACCEPT to iptables -I INPUT rule_number -m addrtype --src-type MULTICAST -j ACCEPT where rule_number is the line before the 'reject all' line cheers, kbp |
| All times are GMT -5. The time now is 11:15 PM. |