From owner-freebsd-multimedia Sun Mar 2 18:29:25 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id SAA21947 for multimedia-outgoing; Sun, 2 Mar 1997 18:29:25 -0800 (PST) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA21939 for ; Sun, 2 Mar 1997 18:29:23 -0800 (PST) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id SAA04525 for ; Sun, 2 Mar 1997 18:28:51 -0800 (PST) Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3) id sma004521; Sun Mar 2 18:28:27 1997 Received: (from archie@localhost) by bubba.whistle.com (8.7.5/8.6.12) id SAA23088 for freebsd-multimedia@freebsd.org; Sun, 2 Mar 1997 18:28:27 -0800 (PST) From: Archie Cobbs Message-Id: <199703030228.SAA23088@bubba.whistle.com> Subject: multicast firewall implications To: freebsd-multimedia@freebsd.org Date: Sun, 2 Mar 1997 18:28:27 -0800 (PST) X-Mailer: ELM [version 2.4ME+ PL25 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-multimedia@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I have a lot of questions... :-) What are the firewall implications of having a multicast router? Is there an accepted standard way of safely combining the two? Suppose machine A is a protected internal machine, and this machine is to run mrouted(8), serving as the local end of a multi-cast tunnel. The other (upstream) end of the tunnel is machine B which is external. Is it sufficient to open a hole in the firewall for all traffic between A and B for IP protocol 4 (IP-in-IP) only? To what degree does opening this hole compromise the security of the internal network? What non-multicast traffic is associated with multi-cast routing or with the popular MBONE applications (sdr, vat, vic, etc.), if any? Do IP packets destined for 224.x.x.x ever "jump across" into normal class A, B, or C addresses? Thanks, -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com