Re: IRC DCC through a firewall
On Thu, Oct 04, 2001 at 05:02:12PM +0100, Andrew Pritchard wrote:
> Quoting dman <dsh8290@rit.edu>:
> > I've got a Debian firewall setup, which is working ok. I can DCC
> > receive files, but I can't DCC send. The ip_masq_irc module is |
> > installed on the firewall. If I try to send, it starts trying to |
> > send, the receiver gets the right IP address, and sends the |
> > acknowledgement, but the transfer never starts. Have I |
> > misconfiguered something or is this by design?
> >
>
> ipchains, fairly loose rules. It's a debian stable box, very very
> little running on the machine.
>
I'm a little unsure of the DCC protcol, but could it be that you never
see the ack?
That is, you send 'I have a file for you' over _normal_ IRC channel.
He receives this and then sends the ack to a different port on your
computer telling you 'fine, I accept that fine file you have for me,
let's use this socket-pair for the transfer'.
And as you're probably running NAT, your firewall won't know that the
port your friend is sending to should go to your IRC program, thus it
simply drops it, and you never see the ack, and the transfer doesn't
start.
As I said, I don't remember the IRC protocol, haven't been on there
for ages, but check your firewalls logging for what it drops...
Oh, you wanted to know the solution too?
Check if you can't either get a SOCKS-server running on the firewall
(I've tried it, and I can't make it work at all) or tell the IRC
program to use specific ports for DCC transfers and forward those
ports inward. For example, I've done this for accepting files through
ICQ (using iptables, but you get the idea):
iptables -t nat -A PREROUTING -i eth1 -p TCP --dport 6060 -j DNAT --to 192.168.1.2
HTH,
//Fredde
Reply to: