[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to 'dcc'(in IRC) with iptables

On Tue, May 21, 2002 at 10:52:30AM +0200, Giacomo Mulas wrote:

> On Tue, 21 May 2002, Raffael Ferenc wrote:
> > > If you use NAT, you have to load in the IRC nat helper module with the
> > > same parameters as you used at the IRC conntrack helper.
> >
> > IMHO DCC uses random unprivports, so you have to enable all ports
> > between 1025 and 65535 for the target ip address. (which is quite
> > unsecure, so use it with care)
> The IRC conntrack helper actually does what the ftp conntrack helper does:
> it is somewhat capable of "understanding" the IRC protocol and to detect
> that a legitimate DCC connection has been requested, and on which port(s);
> then, if "RELATED" connections are allowed, it opens exactly those ports
> just for as long as needed and afterwards it closes them again. That's
> what connection tracking is all about. You _don't_ open all high ports
> unconditionally.

Hm. Not bad. I think I'll experience a bit with iptables... :)

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: