Re: how to 'dcc'(in IRC) with iptables
On Tue, 21 May 2002, Raffael Ferenc wrote:
> > If you use NAT, you have to load in the IRC nat helper module with the
> > same parameters as you used at the IRC conntrack helper.
>
> IMHO DCC uses random unprivports, so you have to enable all ports
> between 1025 and 65535 for the target ip address. (which is quite
> unsecure, so use it with care)
The IRC conntrack/NAT helper is responsible to handle the requested data
channels on the unprivileged ports together with the state matching in
netfilter/iptables. (Therefore iptables is a big step ahead compared to
ipchains.)
There is no need to open up all unprivileged ports at all.
Regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
WWW-Home: http://www.kfki.hu/~kadlec
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: