Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Quagga>
  3. Znog
Quagga, OSPF and IPFW
smtpspy007-tech at yahoo
Oct 3, 2005, 6:51 AM
Post #1 of 2 (9449 views)
Permalink
Hello!

I am using Quagga on FreeBSD 5.4 to pass routing
information via OSPF to a Cisco router.

My problem is that OSPF works fine when I allow
everything through the firewall, but breaks when I try
to implement more restrictive rules.

I am new to OSPF and to IPFW, so I'm sure there is
something I am missing. My understanding is that all
I should need to do is to allow the OSPF protocol (IP
type 89) and IGMP from 224.0.0.5/6 through both ways.
I thought my rules did that, but OSPF remains in the
INIT state and never reaches FULL.

This is what my rule list looks like:

00010 allow ip from any to any via lo0
00015 check-state
00100 allow tcp from me to any out via bge0 setup
keep-state
00105 allow ip from me to any out via bge0
00200 allow icmp from any to any in via bge0
00225 allow ospf from any to me in via bge0
00230 allow ip from 224.0.0.5 to me in via bge0
00235 allow ip from 224.0.0.6 to me in via bge0
00999 deny ip from any to any

Can anyone tell me what I'm doing wrong?

Rich Parkin
Talk America, Network Systems Engineer

Rich
(aka BlueBard, aka Bluegeek)
www.bluegeek.net
Re: Quagga, OSPF and IPFW [ In reply to ]
carton at Ivy
Oct 3, 2005, 3:35 PM
Post #2 of 2 (9097 views)
Permalink
smtpspy> 00230 allow ip from 224.0.0.5 to me in via bge0
smtpspy> 00235 allow ip from 224.0.0.6 to me in via bge0

I don't know the proper way to configure your firewall, but I can tell
you one thing: no valid packet will ever have a multicast address in
the source, neither for IPv4 nor v6. Multicast addresses are valid
for destination only.

You can ping the multicast addresses to see if you are getting joined
properly. Maybe you can use 'ifmcstat' but for me that works for v6
multicast only.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal