[ previous ] [ next ] [ threads ]
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: AW: [m0n0wall-dev] Multicast support
 Date:  Sun, 12 Sep 2004 16:36:37 -0700 (PDT)
On Fri, 3 Sep 2004, Björn Axelsson wrote:

> 1. First step is to enable multicast routing in the kernel and
> recompile. You need to add options MROUTING" to your kernel
> configuration file for this.

Even if multicasting doesn't get made a standard feature, I'd suggest
making this part standard, since I doubt that it increases the kernel size
that much, and it avoids needing a custom kernel for multicasting.

It doesn't conflict with anything, does it?

> 4. By default m0n0wall filters out IGMP packets with hard-coded firewall
> rules, so we need to add the following lines to /etc/inc/filter.inc:

That doesn't appear to be the case here.  IGMP hits my user rule just
fine.  But (in case you're not on the main m0n0wall list), you may have to
watch out for the "block private networks" feature.

> 5. Another simple firewall rule is needed to allow multicast traffic
> from the WAN through the router. Add the following firewall rule using
> the web gui:
> Action: pass
> Interface: WAN
> Protocol: any
> Source: any
> Destination: network

Is mrouted the *only* path for forwarding multicasts?  If the kernel
forwarded any on its own, the above would be a pretty big security hole.

> For our purposes (broadcast-quality IP-TV) we had to use the traffic
> shaper to reduce priority on all non-multicast traffic, and modify
> mrouted to decrease the multicast group membership timeout. We are also
> planning other modifications to mrouted to further optimize it for
> IP-TV.

Is that because the ToS values aren't set reasonably, or because the ISP's
router isn't using them effectively?

					Fred Wright