To help you get past the problem immediately, try turning off
anti-spoofing on
all the interfaces on your firewall. That way, the day
will then proceed through
the ruleset. You'll then see if you have defined rules
to allow the multicast to
proceed.
1. Make sure you have a rule that allows
multicast. Note that the
DESTINATION will be the multicast
network and the service will be the
actual protocol you are using.
I would think that due to the frequency of the
updates and routing, you'd probably
want this near the top of your rulebase.
2. Create a network object for the multicast
network.
3. When you enable anti-spoofing for the network card
that actually performs
the multi-cast or is part of the
multicast network, then you can add the
network under the option
Specific. You may need to define a group
object which includes the multicast
network as well as the "real" network
the NIC supports.
4. Save, push, test, and good luck.
David C. Diemer, CCSE Enterprise Security Firewall Engineer Georgia
Department of Administrative Services (DOAS) 200 Piedmont Ave. SE Suite
1420, West Tower Atlanta, GA 30334 [email protected](V) (F) >>> jose Amador
< [email protected]> 03/07/01 07:26AM >>>
Hi !
We have a linux system ( Mandrake 7.2 with kernel options for multicast
enable ) with firewall-1 ( 4.1 SP3), the multicast routing is working fine
while the firewall is turn off. When the firewall is on, the igmp packets are
drop. The message in log viewer is local interface
address spoofing for the packets send to 224.0.0.2 and 224.0.0.13,
and we are sure that the anti-spoofing options are
off. Help ,
please.
Thanks in
advance. ================================================================================
To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html================================================================================
|