Re: how to 'dcc'(in IRC) with iptables

To: Raffael Ferenc <raffaelf@ieb.hu>
Cc: <debian-firewall@lists.debian.org>
Subject: Re: how to 'dcc'(in IRC) with iptables
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Tue, 21 May 2002 11:06:56 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.33.0205211103330.728-100000@blackhole.kfki.hu>
In-reply-to: <[🔎] 20020521104012.A17400@localhost>

On Tue, 21 May 2002, Raffael Ferenc wrote:

> > If you use NAT, you have to load in the IRC nat helper module with the
> > same parameters as you used at the IRC conntrack helper.
>
> IMHO DCC uses random unprivports, so you have to enable all ports
> between 1025 and 65535 for the target ip address. (which is quite
> unsecure, so use it with care)

The IRC conntrack/NAT helper is responsible to handle the requested data
channels on the unprivileged ports together with the state matching in
netfilter/iptables. (Therefore iptables is a big step ahead compared to
ipchains.)

There is no need to open up all unprivileged ports at all.

Regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
WWW-Home: http://www.kfki.hu/~kadlec
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: how to 'dcc'(in IRC) with iptables
  - From: Raffael Ferenc <raffaelf@ieb.hu>

Prev by Date: Re: how to 'dcc'(in IRC) with iptables
Next by Date: My first firewall
Previous by thread: Re: how to 'dcc'(in IRC) with iptables
Next by thread: Chastity-list content
Index(es):
- Date
- Thread