Re: how to 'dcc'(in IRC) with iptables
On Tue, 21 May 2002, Raffael Ferenc wrote:
> > If you use NAT, you have to load in the IRC nat helper module with the
> > same parameters as you used at the IRC conntrack helper.
>
> IMHO DCC uses random unprivports, so you have to enable all ports
> between 1025 and 65535 for the target ip address. (which is quite
> unsecure, so use it with care)
The IRC conntrack helper actually does what the ftp conntrack helper does:
it is somewhat capable of "understanding" the IRC protocol and to detect
that a legitimate DCC connection has been requested, and on which port(s);
then, if "RELATED" connections are allowed, it opens exactly those ports
just for as long as needed and afterwards it closes them again. That's
what connection tracking is all about. You _don't_ open all high ports
unconditionally.
Bye
Giacomo
--
_________________________________________________________________
Giacomo Mulas <gmulas@ca.astro.it, giacomo.mulas@tin.it>
_________________________________________________________________
OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel.: +39 070 71180 248 Fax : +39 070 71180 222
_________________________________________________________________
"When the storms are raging around you, stay right where you are"
(Freddy Mercury)
_________________________________________________________________
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: