[Firehol-support] How to permit RIP Protocol Multicast from FIREWALL with FireHOL

Rèmy Arthur de Abreu Pestana remy at cepel.br
Thu Aug 11 00:52:41 BST 2005 

Tanks

Em Tue 09 Aug 2005 19:47, você escreveu:
> Hi,
>
> FireHOL logs the packets with: OUT-unknown
> This means that no interface has been defined to match the traffic.
> Try adding an interface with the correct src/dst parameters and add the
> multicast service to it.
>
> Regards,
>
> Costa
>
> On Wed, August 3, 2005 21:51, Rθmy Arthur de Abreu Pestana said:
> > Hi,
> >
> >  I have FireHol running with RIP protocol in this maquine that need to
> > exchange route information to some windows machines (RIP packets using
> > multicast from firewall/Router to internal subnets).  FireHol seems to be
> > blocking the packets from being received in the client machines.
> > I have tried unsuccessfully to allow the packets by placing the following
> > commands in the LAN interface sections of firehol config in the
> > firewall/router machine:
> >
> > server multicast accept
> > client multicast accept
> >
> > What's the correct approach?
> > Any sugestions/ideas?
> >
> > Tanks.
> > Sorry about my english!!!
> >
> > PS: There΄s my Actual FireHol Logs about RIP:
> > Aug  3 15:23:55 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
> > DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
> > DPT=520 LEN=72
> > Aug  3 15:24:19 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
> > DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
> > DPT=520 LEN=72
> > Aug  3 15:24:43 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
> > DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
> > DPT=520 LEN=72
> > Aug  3 15:25:19 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
> > DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
> > DPT=520 LEN=72
> > Aug  3 15:26:58 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
> > DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
> > DPT=520 LEN=72
> >
> > Thee are other messages in console logs about RIP:
> > OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2 DST=224.0.0.1 DF PROTO=ICMP
> > TYPE=8
> > OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2 DST=224.0.0.22 DF PROTO=2
> > OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2 DST=224.0.0.251 DF PROTO=UDP
> > SPT=5353
> > OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2 DST=224.0.0.9 DF PROTO=UDP
> > SPT=520
> >
> > and:
> >
> > Aug  3 15:23:55 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
> > DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
> > DPT=520 LEN=72
> > Aug  3 15:24:19 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
> > DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
> > DPT=520 LEN=72
> > Aug  3 15:24:43 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
> > DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
> > DPT=520 LEN=72
> > Aug  3 15:25:19 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
> > DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
> > DPT=520 LEN=72
> > Aug  3 15:26:58 fw-sr004 kernel: OUT-unknown:IN= OUT=eth0 SRC=192.168.4.2
> > DST=224.0.0.9 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=520
> > DPT=520 LEN=72
> >
> >
> >
> >
> > -------------------------------------------------------
> > SF.Net email is Sponsored by the Better Software Conference & EXPO
> > September 19-22, 2005 * San Francisco, CA * Development Lifecycle
> > Practices
> > Agile & Plan-Driven Development * Managing Projects & Teams * Testing &
> > QA Security * Process Improvement & Measurement *
> > http://www.sqe.com/bsce5sf
> > _______________________________________________
> > Firehol-support mailing list
> > Firehol-support at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/firehol-support

More information about the Firehol-support mailing list