[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to 'dcc'(in IRC) with iptables

On Tue, 21 May 2002, Raffael Ferenc wrote:

> > If you use NAT, you have to load in the IRC nat helper module with the
> > same parameters as you used at the IRC conntrack helper.
> IMHO DCC uses random unprivports, so you have to enable all ports
> between 1025 and 65535 for the target ip address. (which is quite
> unsecure, so use it with care)

The IRC conntrack helper actually does what the ftp conntrack helper does:
it is somewhat capable of "understanding" the IRC protocol and to detect
that a legitimate DCC connection has been requested, and on which port(s);
then, if "RELATED" connections are allowed, it opens exactly those ports
just for as long as needed and afterwards it closes them again. That's
what connection tracking is all about. You _don't_ open all high ports



Giacomo Mulas <gmulas@ca.astro.it, giacomo.mulas@tin.it>

Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)

Tel.: +39 070 71180 248     Fax : +39 070 71180 222

"When the storms are raging around you, stay right where you are"
                         (Freddy Mercury)

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: