Multicast Firewall/Router HOWTO
This is currently rather rough.. please email troy@scl.ameslab.gov if you try this.
Install openbsd 3.6
get: ports.tar.gz, sys.tar.gz, src.tar.gz
# cd /usr
# tar zxvf /root/ports.tar.gz
# cd /usr/src
# tar zxvf /root/src.tar.gz
# tar zxvf /root/sys.tar.gz
cd /usr/ports
export CVSROOT=anoncvs@anoncvs2.usa.openbsd.org:/cvs
cvs update -r OPENBSD_3_6
cd /usr/src/sys
cvs update -r OPENBSD_current
cat > /etc/rc.conf.local
pf=YES
multicast_host=NO
multicast_router=YES
EOF
enable ip forwarding in /etc/sysctl.conf
cd /usr/ports/lang/egcs
make install
cd /root
cvs -d :pserver:xorpcvs@cvs.xorp.org:/cvs co xorp
export CC=/usr/local/bin/egcc
export CXX=/usr/local/bin/eg++
cd xorp
( ./configure
gmake && gmake install ) 2>&1 | tee buildlog
Now, some important bits about firewalling:
The default OpenBSD firewall setup blocks packets with IP options, so you need something like the following in /etc/pf.conf:
mcast_ll="224.0.0.0/24"
mcast_sap="224.2.0.0/16"
mcast_ssm="232.0.0/8"
mcast_as="233.0.0/8"
pass from any to $mcast_ll allow-opts
pass from any to $mcast_as allow-opts
pass in on lo
pass in on $if_EXT
pass in on $if_DESKTOP keep state
pass in on $if_LAPTOP keep state
pass in on $if_TEST keep state
More to come later!
|
