[Firehol-support] How to permit RIP Protocol Multicast from FIREWALL with FireHOL

Rèmy Arthur de Abreu Pestana remy at cepel.br
Wed Aug 3 19:51:48 BST 2005 

Hi,
  
 I have FireHol running with RIP protocol in this maquine that need to 
exchange route information to some windows machines (RIP packets using 
multicast from firewall/Router to internal subnets).  FireHol seems to be 
blocking the packets from being received in the client machines.
I have tried unsuccessfully to allow the packets by placing the following 
commands in the LAN interface sections of firehol config in the 
firewall/router machine:

server multicast accept
client multicast accept
 
What's the correct approach?
Any sugestions/ideas?

Tanks.
Sorry about my english!!!

PS: There´s my Actual FireHol Logs about RIP:
Aug  3 15:23:55 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
DPT=520 LEN=72
Aug  3 15:24:19 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
DPT=520 LEN=72
Aug  3 15:24:43 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
DPT=520 LEN=72
Aug  3 15:25:19 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
DPT=520 LEN=72
Aug  3 15:26:58 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
DPT=520 LEN=72

Thee are other messages in console logs about RIP:
OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2 DST=224.0.0.1 DF PROTO=ICMP TYPE=8
OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2 DST=224.0.0.22 DF PROTO=2
OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2 DST=224.0.0.251 DF PROTO=UDP SPT=5353
OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2 DST=224.0.0.9 DF PROTO=UDP SPT=520

and:

Aug  3 15:23:55 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
DPT=520 LEN=72
Aug  3 15:24:19 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
DPT=520 LEN=72
Aug  3 15:24:43 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
DPT=520 LEN=72
Aug  3 15:25:19 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
DPT=520 LEN=72
Aug  3 15:26:58 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
DPT=520 LEN=72

More information about the Firehol-support mailing list