View Full Version : [ubuntu] Limit multicast forwarding on local network

July 3rd, 2009, 08:10 PM
I have a problem limiting IPTV multicast fowrarding to certain IPs.
The setup: #MODEM#<--->#UBUNTU-SERVER#<--->#PC1#
On Ubuntu server:
- the forwarding is set up by ubuntu-ufw (https://help.ubuntu.com/8.04/serverguide/C/firewall.html) instructions,
- igmpproxy (http://sourceforge.net/projects/igmpproxy) is installed.

PC1 can open internet sites and watch IPTV that was forwarded by igmpprogy.
But there is also an wireless access point connected on Ubuntu server. A lot of packets are send to the PCs connected through wireless. That makes wireless (internet) connection very slow.

I'm wondering - is there a way to limit the forwarding of the IPTV igmp packets and streams?

For testing I tried to block the traffic to PC1 (IP=.201, eth1 is connected to local lan) with UFW rules in "/etc/ufw/before.rules":
-A ufw-before-forward -p igmp -o eth1 -d -j DROP
-A ufw-before-forward -o eth1 -s -d -j DROP
-A ufw-before-forward -o eth1 -s -d -j DROP
-A ufw-before-forward -o eth1 -d -j DROP
but nothing works.

The last filter only disables internet sharing but not IPTV. How can I write the filter, so that IPTV traffic will only be send to PC1?

Thank you for your help,

August 1st, 2009, 09:07 AM
Below are the instructions for enabling multicast forwarding from eth0 (internet) to eth1 (lan).

# Internet Connection Sharing
/etc/init.d/ufw enable
if [ ! -f /etc/default/ufw.orig ]; then
mv /etc/default/ufw /etc/default/ufw.orig
sed "s/^DEFAULT_FORWARD_POLICY=\"DROP\"$/DEFAULT_FORWARD_POLICY=\"ACCEPT\"/" /etc/default/ufw.orig > /etc/default/ufw
if [ ! -f /etc/ufw/sysctl.conf.orig ]; then
mv /etc/ufw/sysctl.conf /etc/ufw/sysctl.conf.orig
sed "s/^#net\/ipv4\/ip_forward=1$/net\/ipv4\/ip_forward=1/" /etc/ufw/sysctl.conf.orig > /etc/ufw/sysctl.conf
if [ ! -f /etc/ufw/before.rules.orig ]; then
mv /etc/ufw/before.rules /etc/ufw/before.rules.orig
sed "10s/^$/\n# Internet connection sharing\n*nat\n:POSTROUTING ACCEPT [0:0]\n-A POSTROUTING -o eth0 -s\/16 -j MASQUERADE\nCOMMIT\n/" /etc/ufw/before.rules.orig > /etc/ufw/before.rules
/etc/init.d/ufw restart

# Install igmpproxy
apt-get install gcc make
# Check http://sourceforge.net/projects/igmpproxy/ for latest version
wget http://downloads.sourceforge.net/project/igmpproxy/igmpproxy/0.1_beta4/igmpproxy-0.1_beta4.tar.gz?use_mirror=switch
tar -xzf igmpproxy-0.1_beta4.tar.gz
cd igmpproxy-0.1_beta4
make install
vim /usr/local/etc/igmpproxy.conf # or /etc/igmpproxy.conf

Add source IPs under "phyint eth0" using "altnet" command.

# Start ...
sudo igmpproxy /usr/local/etc/igmpproxy.conf -d 2>/dev/null &

There is no need to configure VLC in any ways to display the streams.