Fwd: Re: IRC DCC through a firewall

To: Debian User List <debian-user@lists.debian.org>
Subject: Fwd: Re: IRC DCC through a firewall
From: Andrew Pritchard <andrew@teppic.co.uk>
Date: Thu, 04 Oct 2001 17:50:32 +0100 (BST)
Message-id: <[🔎] 1002214232.3bbc93588f0e7@dios.teppic.co.uk>

Quoting Fredrik Jagenheim <humming@pobox.com>:

> On Thu, Oct 04, 2001 at 05:02:12PM +0100, Andrew Pritchard wrote:
> > Quoting dman <dsh8290@rit.edu>:
> > > I've got a Debian firewall setup, which is working ok. I can DCC
> > > receive files, but I can't DCC send. The ip_masq_irc module is |
> > > installed on the firewall. If I try to send, it starts trying to |
> > > send, the receiver gets the right IP address, and sends the |
> > > acknowledgement, but the transfer never starts. Have I |
> > > misconfiguered something or is this by design?
> > >
> >
> > ipchains, fairly loose rules. It's a debian stable box, very very
> > little running on the machine.
> >
>
> I'm a little unsure of the DCC protcol, but could it be that you never
> see the ack?
> That is, you send 'I have a file for you' over _normal_ IRC channel.
> He receives this and then sends the ack to a different port on your
> computer telling you 'fine, I accept that fine file you have for me,
> let's use this socket-pair for the transfer'.
> And as you're probably running NAT, your firewall won't know that the
> port your friend is sending to should go to your IRC program, thus it
> simply drops it, and you never see the ack, and the transfer doesn't
> start.
> As I said, I don't remember the IRC protocol, haven't been on there
> for ages, but check your firewalls logging for what it drops...
>
> Oh, you wanted to know the solution too?
> Check if you can't either get a SOCKS-server running on the firewall
> (I've tried it, and I can't make it work at all) or tell the IRC
> program to use specific ports for DCC transfers and forward those
> ports inward. For example, I've done this for accepting files through
> ICQ (using iptables, but you get the idea):
> iptables -t nat -A PREROUTING -i eth1 -p TCP --dport 6060 -j DNAT --to
> 192.168.1.2
>
> HTH,
> //Fredde

Yes that very much sounds like the problem - but isn't that supposed to be
handled by the ip_masq_irc module? I'm also using 2.2.19 kernel, so it's
IPchains. *sigh* don't really want to start using a socks proxy on the
firewall, but I will if I have to.

Andrew

"I do not agree with what you say,
but I will defend to the death your right to say it." 
Francois Marie Arouet Voltaire (1694-1778)

Reply to:

Prev by Date: Re: Upgradeing for largefile support?
Next by Date: I nedd help with coccon !!
Previous by thread: Re: IRC DCC through a firewall
Next by thread: HELP: system hangs at boot
Index(es):
- Date
- Thread