Multicast support

Multicast is a method used to deliver the same data packets to multiple clients. Multicast.

IP layer multicast uses special IP addresses to mark multicast packets.

Link layer multicast uses special MAC addresses to mark multicast packets.

Multicast clients listen after such marked packets to receive the multicasted data. All clients receive the same packet; the server does not need to address each client specifically. Multicast is often used to “broadcast” radio and TV on the Internet.

To be able to receive multicast packets all routers located between you and the multicast server must support multicast.

:!: Many Internet service providers do not support multicast.
If you have such an Internet provider you are not able to receive multicasted data streams.

IGMP Proxy

Multicast transmissions are usually controlled using IGMP (Internet Group Management Protocol). The Internet Gate has an IGMP proxy to control the way IGMP and multicast packets are allowed through the firewall. Internet Gate supports the IGMPv2 protocol. IGMP

IGMP and multicast packets are by default blocked by the Internet Gate firewall at Hi security level, and allowed through at Lo security level. You can change this configuration on the Security Profile page.

Internet Gate's IGMP proxy keeps track of all multicast clients on the LAN. It forwards IGMP packets to multicast servers on the WAN and allows multicast packets requested by LAN clients through the firewall. Multicast packets not requested by any client on the LAN are blocked by the firewall.

Multiple IGMP clients

Without an IGMP proxy two clients on the LAN requesting the same multicast group would interfere with each other. If one of the clients sends an IGMP message requesting end of multicast transmission the server would stop sending multicast packets – even though the other client still wants to continue receiving them. The IGMP proxy forwards IGMP leave group packets only if there are no other clients on the LAN listening to the same multicast group.

Link layer unicast

Internet Gate's IGMP proxy also performs link layer unicast, meaning it does not use the link layer special multicast MAC addresses if there is only one client on LAN listening to the multicast group. Instead it sends the multicast packets directly to that client's MAC address, improving network performance through Ethernet switches. Such packets are also sent only on the Internet Gate Ethernet port the client is connected to, improving network performance.

Multicast packets requested by multiple clients on the LAN are still sent using link layer multicast, to ensure they reach all clients.


The Security profile page has two fields controlling IGMP/multicast:

Applications from inside
General settings
IGMP/Multicast proxy
Resulting behaviour
No IGMP nor multicast packets allowed through the firewall
x No IGMP nor multicast packets allowed through the firewall
x All IGMP and multicast packets allowed through the firewall without any changes
x x Only valid IGMP and multicast packets (actually requested by clients on the LAN) are allowed through the firewall, link layer unicast to single LAN client, multiple IGMP clients support.

If you have multiple WAN interfaces you select which WAN interface to receive multicast data streams from on the Extra WAN interfaces page. Read more about how IGMP proxy uses extra WAN interfaces.


Multicast packets are by default not included into the firewall log, as the amount of data multicasted usually is so much it would clog the firewall log down. You can however turn on logging of multicast packets by enabling Log UDP multicast packets under Firewall Log on the Log Configuration page. (You must of course also set Firewall Log to other than off on that same page too, to start logging packets.)

network/multicast.txt · Last modified: 2010/11/17 16:43 by tibor
CC Attribution-Noncommercial-Share Alike 3.0 Unported Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0