If an IP rule exists in the rule set which applies to a multicast packet's destination IP address, then
that Ethernet interface automatically gets its receive mode set to promiscuous in order to receive
multicast packets. Promiscuous mode means that traffic with a destination MAC address that does
not match the Ethernet interface's MAC address will be sent to NetDefendOS and not discarded
by the interface. Promiscuous mode is enabled automatically by NetDefendOS and the
administrator does not need to worry about doing this.
With multicast only, the usage of promiscuous mode can be explicitly controlled using the
Ethernet object property Receive Multicast Traffic which has a default value of Auto. If this
property is set to Off, the multicast forwarding feature cannot function.
If the administrator enters a CLI ifstat <ifname> command, the Receive Mode status line will show
the value Promiscuous next to it instead of Normal to indicate the mode has changed. This is
discussed further in Section 3.4.2, “Ethernet Interfaces”.
4.7.2. Multicast Forwarding with SAT Multiplex Rules
The SAT Multiplex rule is used to achieve duplication and forwarding of packets through more
than one interface. This feature implements multicast forwarding in NetDefendOS, where a
multicast packet is sent through several interfaces.
Note that since this rule overrides the normal routing tables, packets that should be duplicated
by the multiplex rule needs to be routed to the core interface.
By default, the multicast IP range 224.0.0.0/4 is always routed to core and does not have to be
manually added to the routing tables. Each specified output interface can individually be
configured with static address translation of the destination address. The Interface field in the
Interface/Net Tuple dialog may be left empty if the IPAddress field is set. In this case, the
output interface will be determined by a route lookup on the specified IP address.
The multiplex rule can operate in one of two modes:
• Using IGMP
The traffic flow specified by the multiplex rule must have been requested by hosts using
IGMP before any multicast packets are forwarded through the specified interfaces. This is the
default behavior of NetDefendOS.
• Not using IGMP
The traffic flow will be forwarded according to the specified interfaces directly without any
inference from IGMP.
Note: An Allow or NAT rule is also needed
Since the Multiplex rule is a SAT rule, an Allow or NAT rule also has to be specified as
well as the Multiplex rule.
4.7.2.1. Multicast Forwarding - No Address Translation
This scenario describes how to configure multicast forwarding together with IGMP. The multicast
sender is 192.168.10.1 and generates the multicast streams 239.192.10.0/24:1234. These multicast
streams should be forwarded from interface wan through the interfaces if1, if2 and if3. The
streams should only be forwarded if some host has requested the streams using the IGMP
protocol.
The example below only covers the multicast forwarding part of the configuration. The IGMP
Chapter 4: Routing
362
To Next Page
Loading...
