Punching IRC DCC connections through a nat/conntrack firewall

To: debian-user@lists.debian.org
Subject: Punching IRC DCC connections through a nat/conntrack firewall
From: Charles Briscoe-Smith <charles@briscoe-smith.org.uk>
Date: Sat, 16 Nov 2002 02:10:40 +0000
Message-id: <[🔎] 20021116021040.A13187@merry.bs.lan>

Hi,

My firewall runs woody, with my build of Linux 2.4.18 (plain vanilla
Linus version).  I'm using IP conntrack and NAT, with iptables/netfilter
firewalling.  I'm NATting all outgoing connections to a single source
address, which is obtained via DHCP using pump.  I've got ip_nat_irc
and ip_conntrack_irc loaded.  I have a rule which accepts all packets
in ESTABLISHED and RELATED states.

When using IRC, I can DCC SEND files out through the firewall with
no problem.

However, I can't receive DCC SENDs from others; the firewall kernel
logs show my client's TCP SYN packets are not being forwarded out when
it tries to make its connection to the remote client.

Is there anything special I have to do to get outgoing IRC DCC connections
to punch through this firewall setup?  Are there any known bugs that
could be causing this problem?

I've tried googling on this subject, but my searches turn up nothing
useful.

Any ideas?

Thanks.

-- 
Charles Briscoe-Smith             Hacking Free Software for fun and profit
Mead error: Connection reset by beer.  -- seen on IRC

Reply to:

Prev by Date: Re: [OT] Moving away from KDE to what?
Next by Date: Re: Proposal - non-free software removal
Previous by thread: Re: Power outage: partition lost
Next by thread: Icons on a Blackbox Desktop
Index(es):
- Date
- Thread