Thread Info
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 15900 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OSPF multicast traffic gets droped

DanielKrueger

Hello,


I'm playing with OSPF on a UTM 105, config has been done but the firewall seems to block all multicast conversation traffic.


What's missing?

10:39:39 Default DROP OSPFIGP  
192.168.10.1    
224.0.0.5    
 
len=68 ttl=1 tos=0x00 srcmac=00:1a:8c:40:5e:d5
10:39:41 Default DROP OSPFIGP  
192.168.10.1    
224.0.0.5    
 
len=64 ttl=1 tos=0x00 srcmac=00:1a:8c:40:5e:d5

10:39:41 Default DROP OSPFIGP  
100.1.3.1    
224.0.0.5    
 
len=64 ttl=1 tos



This thread was automatically locked due to age.
  • What do you want it to do with that traffic, Daniel?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • in reply to BAlfson
    Hi Bob,

    I want to use the OSPF routing protocol in oder to automatically exchange the routes between multiple routes. I do that now with a bunch of cisco routers without problems.
  • in reply to DanielKrueger
    It sounds like there's something incomplete in the UTM OSPF configuration. Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly. Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file. Please post one line corresponding to those above.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA

  • Hi Daniel,

     

    I've being able to replicate this problem as well. I flushed iptables and set all tables to allow and stopped dropping packets. In my case I was using a tunnel interface. I'm found a post on there that talks about
    needing the right object on the allow rule for OSPF ( you added a rule right? from interface object to neighour IP and 224.0.0.5 service proto 89 ) This object needs to be an interface object rather than network or any other type of object. I would check your rules and confirm. I'll 
    be doing write up on my setup later today to help everyone else.

    Regards,

    Peter Tiggerdine

Unfiltered HTML