Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: openbsd.org > tech > 03 > 071857.html (Request Expert openbsd.org Support)

did you ever get bridge firewall working with multicast?

From: <cmartinez(at)csom.umn.edu>
Date: Wed Jul 09 2003 - 12:30:51 EDT


Has anyone successfully added Multicast support to a bridge firewall? I need to allow multicasting to our users.
Im running OpenBSD 3.3 .

Thanks

CM

transparent bridge dropping some multicast


--- 
  a.. To: tech@openbsd.org
  b.. Subject: transparent bridge dropping some multicast
  c.. From: Mark Nejedlo 
  d.. Date: Thu, 24 May 2001 23:32:29 -0500
  e.. Sender: owner-tech@openbsd.org


-----------------------------------------------------------------------------
---

I have an OpenBSD 2.8 machine that I am trying to set up as a transparent firewall between 2 routers. It appears to work fine except that traffic to multicast addresses is sometimes dropped. One case I know of is traffic to PIM-ROUTERS.MCAST.NET (224.0.0.13) is able to pass in one direction (wx0->wx1) but not the other. The configuration is as follows:

zuul# brconfig bridge0
bridge0: flags=41<UP,RUNNING> 

        Interfaces:
                wx1 flags=3
                wx0 flags=3
        Addresses (max cache: 100, timeout: 240):
                aa:00:04:00:22:c5 wx0 1 flags=0<>
                00:10:0d:03:ab:fe wx0 1 flags=0<>
                00:01:30:b5:01:30 wx1 1 flags=0<>
zuul# ifconfig wx0
wx0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 
        media: Ethernet 1000baseSX full-duplex (autoselect full-duplex)
        status: active
        inet6 fe80::2d0:b7ff:fe82:6b95%wx0 prefixlen 64 scopeid 0x1
zuul# ifconfig wx1
wx1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 
        media: Ethernet 1000baseSX full-duplex (autoselect full-duplex)
        status: active
        inet6 fe80::203:47ff:fe42:7598%3 prefixlen 64 scopeid 0x3
zuul#

Currently ipf is disabled so that shouldn't be affecting anything. I tried disabling learning and staticly configuring the MAC addresses so that anything to a different MAC would be flooded out, but this didn't change the behavior. If the routers are directly connected so that the bridge is not between them, they work fine. Does anyone have a suggestion of what to try to make this work? I noticed there were changes to the bridging code listed on the 2.9 changes page, but they were not descriptive enough to give me an idea if they addressed this problem. If this is likely addressed in 2.9, I'll just wait a week and see. Thanks
Mark


---

  a.. Prev by Date: Re: pgrep and pkill Received on Wed Jul 23 11:08:15 2003

Do you need help?X

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:48:43 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library