Management, Networking, Logging and Reporting OSPF multicast traffic gets droped

UTM Firewall requires membership for participation - click to join

Thread Info

Locked Locked
Replies 4 replies
Subscribers 3 subscribers
Views 16050 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OSPF multicast traffic gets droped

DanielKrueger over 9 years ago

Hello,

I'm playing with OSPF on a UTM 105, config has been done but the firewall seems to block all multicast conversation traffic.

What's missing?

10:39:39
Default DROP
OSPFIGP
 
192.168.10.1
 
→

224.0.0.5
 
len=68
ttl=1
tos=0x00
srcmac=00:1a:8c:40:5e:d5

10:39:41
Default DROP
OSPFIGP
 
192.168.10.1
 
→

224.0.0.5
 
len=64
ttl=1
tos=0x00
srcmac=00:1a:8c:40:5e:d5

10:39:41
Default DROP
OSPFIGP
 
100.1.3.1
 
→

224.0.0.5
 
len=64
ttl=1
tos

This thread was automatically locked due to age.

Parents

Peter Tiggerdine over 7 years ago

Hi Daniel,

I've being able to replicate this problem as well. I flushed iptables and set all tables to allow and stopped dropping packets. In my case I was using a tunnel interface. I'm found a post on there that talks about
needing the right object on the allow rule for OSPF ( you added a rule right? from interface object to neighour IP and 224.0.0.5 service proto 89 ) This object needs to be an interface object rather than network or any other type of object. I would check your rules and confirm. I'll
be doing write up on my setup later today to help everyone else.

Regards,

Peter Tiggerdine
Cancel
Vote Up 0 Vote Down

Cancel

Reply

Peter Tiggerdine over 7 years ago

Hi Daniel,

I've being able to replicate this problem as well. I flushed iptables and set all tables to allow and stopped dropping packets. In my case I was using a tunnel interface. I'm found a post on there that talks about
needing the right object on the allow rule for OSPF ( you added a rule right? from interface object to neighour IP and 224.0.0.5 service proto 89 ) This object needs to be an interface object rather than network or any other type of object. I would check your rules and confirm. I'll
be doing write up on my setup later today to help everyone else.

Regards,

Peter Tiggerdine
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data