Re: how to 'dcc'(in IRC) with iptables
On Fri, May 17, 2002 at 09:38:54AM +0200, Jozsef Kadlecsik wrote:
> On Thu, 16 May 2002, Michael Renner wrote:
>
> > On Thursday 16 May 2002 14:24, Frederik Schueler wrote:
> > > Hi,
> > >
> > > On Thu, May 16, 2002 at 10:34:15AM +0200, Michael Renner wrote:
> > > > The module 'ip_nat_irc' is loaded, I gave the parameters
> > > > options ip_conntrack_irc ports=5555,6666,6667,6668,6669,7000
> > > > in /etc/modules.conf
> > > > However: the transfer won't start, neither in one, not into
> > > > the other direction.
> > >
> > > Try not giving any parameters at all, simply load the module and connect
> > > to irc. the module should show an usage of 1 in the lsmod output (your
> > > connection), and it should work.
> >
> > OK, I did so, but lsmod shows
> > hyaden:~# lsmod | grep irc
> > ip_nat_irc 3104 0 (unused)
> > ip_conntrack_irc 3008 0 [ip_nat_irc]
> > iptable_nat 20916 2 [ipt_MASQUERADE ip_nat_ftp ip_nat_irc]
> > ip_conntrack 20972 4 [ipt_MASQUERADE ipt_state ip_nat_ftp
> > ip_nat_irc ip_conntrack_irc ip_conntrack_ftp iptable_nat]
>
> If you use NAT, you have to load in the IRC nat helper module with the
> same parameters as you used at the IRC conntrack helper.
IMHO DCC uses random unprivports, so you have to enable all ports
between 1025 and 65535 for the target ip address. (which is quite
unsecure, so use it with care)
Cheers
Feco
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: