[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to 'dcc'(in IRC) with iptables

On Fri, May 17, 2002 at 09:38:54AM +0200, Jozsef Kadlecsik wrote:

> On Thu, 16 May 2002, Michael Renner wrote:
> 
> > On Thursday 16 May 2002 14:24, Frederik Schueler wrote:
> > > Hi,
> > >
> > > On Thu, May 16, 2002 at 10:34:15AM +0200, Michael Renner wrote:
> > > > The module 'ip_nat_irc' is loaded, I gave the parameters
> > > > options ip_conntrack_irc ports=5555,6666,6667,6668,6669,7000
> > > > in /etc/modules.conf
> > > > However: the transfer won't start, neither in one, not into
> > > > the other direction.
> > >
> > > Try not giving any parameters at all, simply load the module and connect
> > > to irc. the module should show an usage of 1 in the lsmod output (your
> > > connection), and it should work.
> >
> > OK, I did so, but lsmod shows
> > hyaden:~# lsmod | grep irc
> > ip_nat_irc              3104   0  (unused)
> > ip_conntrack_irc        3008   0  [ip_nat_irc]
> > iptable_nat            20916   2  [ipt_MASQUERADE ip_nat_ftp ip_nat_irc]
> > ip_conntrack           20972   4  [ipt_MASQUERADE ipt_state ip_nat_ftp
> > ip_nat_irc ip_conntrack_irc ip_conntrack_ftp iptable_nat]
> 
> If you use NAT, you have to load in the IRC nat helper module with the
> same parameters as you used at the IRC conntrack helper.

IMHO DCC uses random unprivports, so you have to enable all ports
between 1025 and 65535 for the target ip address. (which is quite
unsecure, so use it with care)

Cheers
Feco


-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: