Should I configure a firewall to allow multicast?

---

• From: Dave <foo@xxxxxxx>
• Date: Mon, 23 Mar 2009 13:29:52 +0000

---

I'm using IP filter on a Sun workstation (IP 192.168.1.9) and see the firewall is blocking various hosts to 192.168.1.255 port 138. Note this machine is not a router, so really no machine on the network should rely on this one even being running.

Anyway, this is my ipfilter log, showing data from 192.168.1.101 (a PC) port 138 and 192.168.1.128 (another PC) going to 192.168.1.255 (this is not any machine as such).

I think there was


the following in the log from various local hosts


23/03/2009 12:58:44.000795 eri0 @0:15 b 192.168.1.101,138 -> 192.168.1.255,138 PR udp len 20 229 IN multicast
23/03/2009 13:04:16.665658 eri0 @0:15 b 192.168.1.128,138 -> 192.168.1.255,138 PR udp len 20 240 IN multicast
23/03/2009 13:14:16.667128 eri0 @0:15 b 192.168.1.128,138 -> 192.168.1.255,138 PR udp len 20 240 IN multicast
23/03/2009 13:17:28.791530 eri0 @0:15 b 192.168.1.101,138 -> 192.168.1.255,138 PR udp len 20 244 IN multicast
23/03/2009 13:18:18.926805 eri0 @0:15 b 192.168.1.128,138 -> 192.168.1.255,138 PR udp len 20 229 IN multicast
23/03/2009 13:22:43.225333 eri0 @0:15 b 192.168.1.101,138 -> 192.168.1.255,138 PR udp len 20 229 IN multicast

I tried creating some rules to allow this, but for some reason it is still being blocked.


pass out quick on eri0 proto udp from 192.168.1.9 to 192.168.1.255
pass out quick on eri0 proto udp from 192.168.1.0/24 to 192.168.1.255 port = 137
pass in quick on eri0 proto udp from 192.168.1.0/24 to 192.168.1.255 port = 137

So I'm not sure if it's best to allow these packets or stop them. If its better to allow them, which is a suitable firewall rule for ipfilter?


--
I respectfully request that this message is not archived by companies as
unscrupulous as 'Experts Exchange' . In case you are unaware,
'Experts Exchange' take questions posted on the web and try to find
idiots stupid enough to pay for the answers, which were posted freely
by others. They are leeches.
.

---

• Follow-Ups:
  • Re: Should I configure a firewall to allow multicast?
    • From: Moe Trin

• Prev by Date: How to get NS5GT to Route
• Next by Date: Re: Should I configure a firewall to allow multicast?
• Previous by thread: How to get NS5GT to Route
• Next by thread: Re: Should I configure a firewall to allow multicast?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Should I configure a firewall to allow multicast? ... firewall is blocking various hosts to 192.168.1.255 port 138. ... but I know for certain there are no hosts with an address of 192.168.1.255. ... inet 192.168.1.9 netmask ffffff00 broadcast 192.168.1.255 ... (comp.security.firewalls) Re: Discovering Live Hosts ... 1)You hint that your targets may be behind a firewall. ... until you actually connect to each and every port. ... Some hosts support no ... initial target pool is large. ... (Pen-Test) Re: sshd / ftpd break-in attempts ... be port 123. ... Your firewall system sees the connection attempt, ... and opens a hole to the actual SSH server location (which could be ... percent of those hosts to your block rules, ... (comp.os.linux.misc) Re: SNPP proxy ... port 444 is open on the firewall but I still can ... only resolve (DNS) intranet hosts and NOT internet hosts. ... (comp.lang.perl.misc) Re: Discovering Live Hosts ... Yes, arp spoofing, and port monitoring as well, will ... only show you traffic on your current network, ... range in communication with hosts on your LAN; ... firewall. ... (Pen-Test)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2009-03