Re: [tlug] [Was: iptables] Forward multicats

[Curt Sampson <cjs@example.com>]

On 2008-06-16 22:01 +0900 (Mon), Bruno Raoult wrote:

> > I'm not clear on what your "forwarding rule" is, but if it's NAT, you
> > probably want to disable that entirely.
...
> In fact, my forwarding rule is that one:
>    iptables -A POSTROUTING -t nat -o ${LAN_PORT} -s ${DSK_NET} -j MASQUERADE

Ok, kill that. NAT is a True Pain in the Ass, and is useful only as a
hack when you can't get enough IP addresses that hosts on both sides
of the router know about. You're not in this situation, since you can
assign, say, all of 192.168.10.0/24 to one side and 192.168.11.0/24 to
the other, so you can remove that problem from your life entirely and be
much happier. Set your system up for just standard routing.

That right there might fix your entire problem.

> LAN_PORT is my wifi network interface, DSK_NET is my ethernet network.
> I guess multicast addresses don't get automatically routed...

They may, in fact, so long as the clients are using IGMP. The problem,
is, you've said, by using NAT, you don't want to route, you want to
screw around with things, pretending that hosts are what they aren't and
vice versa, and muck up the packets as they pass through.

I really don't have enough bad things to say about NAT, as you can see.

cjs
-- 
Curt Sampson       <cjs@example.com>        +81 90 7737 2974   
Mobile sites and software consulting: http://www.starling-software.com