Skip to main content
Unix & Linux

Return to Revisions

2 of 4
added 3092 characters in body
jc__
jc__
  • 2.8k
  • 2
  • 18
  • 23

Okay it looks like iptables alone is NOT the way to go.

I will try smcroute and/or pimd from the ubuntu repositories. So far I have not been able to make either one work.

Work in progress

I almost have it working right...

iptables

-A INPUT -i lo -j ACCEPT
-A FORWARD -i slan1 -o olan1 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p igmp -j ACCEPT
-A FORWARD -i olan1 -o slan1 -p tcp -m tcp --dport 50000 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -i olan1 -o slan1 -p udp -m udp --dport 50000 -m conntrack --ctstate NEW -j ACCEPT
-A PREROUTING -d 239.255.100.100/32 -j TTL --ttl-set 64

smcroute 2.3.1 from troglobit.

Extracted to /opt

./configure used default options.

configuration file at:

/usr/local/etc/smcroute.conf

phyint olan1 enable ttl-threshold 1
phyint slan1 enable ttl-threshold 3
mgroup from olan1 group 239.255.100.100
mgroup from slan1 group 239.255.100.100
mroute from olan1 group 239.255.100.100 to slan1
mroute from slan1 group 239.255.100.100 to olan
  • ttl-threshold -- is that minimum threshold?
  • if the TTL on my packet is 1 does that mean the phyint will... ignore it

sudo smcrouted

sudo smcroutectl show groups

GROUP (S,G)                        INBOUND                                                                                                    
(*, 239.255.100.100)               slan1
(*, 239.255.100.100)               olan1

sudo smcroutectl show routs

ROUTE (S,G)                        INBOUND          PACKETS    BYTES  OUTBOUND                                                                
(*, 239.255.100.100)               slan1                  0        0  olan1
(*, 239.255.100.100)               olan1                  0        0  slan1
(10.10.10.154, 239.255.100.100)    slan1                  2      344  olan1
(192.168.2.53, 239.255.255.250)    olan1                  4      776 
(10.10.10.101, 239.255.100.100)    slan1                  1       32  olan1
(192.168.2.101, 239.255.100.100)   olan1                  1       32  slan1
(10.10.10.1, 239.255.100.100)      slan1                  2       64  olan1

Not quite everybody...

On a WinXP multi-homed pc had to change a route:

route add 224.0.0.0 mask 240.0.0.0 10.10.10.153

need to use the interface number in place of the nic ip address...

  • The metric goes to 1. Is this a TTL issue...

sudo smcroutectl show routs

ROUTE (S,G)                        INBOUND          PACKETS    BYTES  OUTBOUND
(*, 239.255.100.100)               slan1                  0        0  olan1
(*, 239.255.100.100)               olan1                  0        0  slan1
(192.168.2.53, 239.255.255.250)    olan1                  4      776 
(10.10.10.153, 239.255.100.100)    slan1                  1       32  olan1

Closer. A Win7 pc is not "talking" across the subnet...

TODO

  • Make smcroute a daemon
  • Make route additions persistent
  • Verify iptables rule... is required
  • Make Win7 pc see subnet
jc__
  • 2.8k
  • 2
  • 18
  • 23