[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to 'dcc'(in IRC) with iptables

On Tue, 21 May 2002, Raffael Ferenc wrote:

> > If you use NAT, you have to load in the IRC nat helper module with the
> > same parameters as you used at the IRC conntrack helper.
> IMHO DCC uses random unprivports, so you have to enable all ports
> between 1025 and 65535 for the target ip address. (which is quite
> unsecure, so use it with care)

The IRC conntrack/NAT helper is responsible to handle the requested data
channels on the unprivileged ports together with the state matching in
netfilter/iptables. (Therefore iptables is a big step ahead compared to

There is no need to open up all unprivileged ports at all.

E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
WWW-Home: http://www.kfki.hu/~kadlec
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: