Hi
Thank you, Rodney and Ivan, for coming back to me (and so quickly).
On 20.03.18 00:11, Rodney W. Grimes wrote:
...
So I suspect that "something" is dropping the M-SEARCH packets for some
reason after they are received. And I cannot get rid of the feeling that
it has something to do with the fact that the incoming interface is a
VLAN interface...
My first guess, anti spoofing, seems not to be the problem (I am using
ipfw and "not antispoof in" but that does not seem to drop any traffic).
Are you running with "firewall_type="simple""?
If so it is set to block all 224/4 packets, see this part
of /etc/rc.firewall:
...
No, my firewall is made from "hand curated" ipfw rules.
And I am pretty sure (never 100%, but 99% this time), that this is not a
firewall issue. Why?
I have the following rule that should accept traffic from my client(s)
to 239.255.255.250:1900 in place:
allow ip from any to not me in recv re1\*
And, when I place a rule like this just before and after that rule:
count log ip from any to any via re1\*
I see hits before but not after the "allow" rule. Hence, the policy
accepts the packet(s). No?
Also, just adding the route for 224.0.0.0/4, without touching the ipfw
rules, makes things work... And I am *not* using "verrevpath" in my ifpw
rules (I do use "antispoof", but as the packets hit the rule(s)
mentioned above, that does not seem to be the problem).
I might give Ivan's code a try, but I am not very good at compiling and
installing software :(
If anybody is able to provide an additional hint in the mean time, I am
more than happy to follow up.
Best
andreas
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
