All things related to multicast

[John Kristoff <>]

On Wed, 30 Jul 2003 18:43:57 -0400
Wilson Dillaway 
<>
 wrote:

> However, as the popularity of Windows XP (versus W2K, W98, 
> etc.) has risen, we have encountered a number of people who
> choose to run Microsoft's Internet Connection Firewall (ICF),

That is good.  :-)

> do local packet filtering.  When ICF is enabled, StreamPlayer
> no longer sees the SAP announcements (or the streams 
> themselves).  While ICF does have some customization options 
> as regarding blocking certain TCP or UDP ports, etc., it
> does not seem to have any mechanism for selective treatment
> of multicast.

While it does not have knobs for multicast specifically, you can get
SAPs through be adding a new service in the list of filtered services. 
You'd set the options as follows:

  Name/IP: *
  External port: 9875
  Internal port: 9875
  Protocol: UDP

Be sure that the checkbox for this service is checked/enabled.  However,
this will only allow SAPs.  You would then also have to add additional
services to pass the ICF.  For each group, you need to know the stream
characteristics, which you'll learn from the SAPs (the UDP ports for
audio, video or whatever).  VBrick often uses 4444 by default, so adding
one rule for that port may let a few things through, but this is a major
pain to manage otherwise.

Another option would be to have users just use the IPsec filtering
capability instead.  This has its own set of problems as well, but you
could deny specific services and allow everything else through, which
would make working with multicast a little easier in that regard.

John