Quoting Fredrik Jagenheim <[EMAIL PROTECTED]>: > On Thu, Oct 04, 2001 at 05:02:12PM +0100, Andrew Pritchard wrote: > > Quoting dman <[EMAIL PROTECTED]>: > > > I've got a Debian firewall setup, which is working ok. I can DCC > > > receive files, but I can't DCC send. The ip_masq_irc module is | > > > installed on the firewall. If I try to send, it starts trying to | > > > send, the receiver gets the right IP address, and sends the | > > > acknowledgement, but the transfer never starts. Have I | > > > misconfiguered something or is this by design? > > > > > > > ipchains, fairly loose rules. It's a debian stable box, very very > > little running on the machine. > > > > I'm a little unsure of the DCC protcol, but could it be that you never > see the ack? > That is, you send 'I have a file for you' over _normal_ IRC channel. > He receives this and then sends the ack to a different port on your > computer telling you 'fine, I accept that fine file you have for me, > let's use this socket-pair for the transfer'. > And as you're probably running NAT, your firewall won't know that the > port your friend is sending to should go to your IRC program, thus it > simply drops it, and you never see the ack, and the transfer doesn't > start. > As I said, I don't remember the IRC protocol, haven't been on there > for ages, but check your firewalls logging for what it drops... > > Oh, you wanted to know the solution too? > Check if you can't either get a SOCKS-server running on the firewall > (I've tried it, and I can't make it work at all) or tell the IRC > program to use specific ports for DCC transfers and forward those > ports inward. For example, I've done this for accepting files through > ICQ (using iptables, but you get the idea): > iptables -t nat -A PREROUTING -i eth1 -p TCP --dport 6060 -j DNAT --to > 192.168.1.2 > > HTH, > //Fredde
Yes that very much sounds like the problem - but isn't that supposed to be handled by the ip_masq_irc module? I'm also using 2.2.19 kernel, so it's IPchains. *sigh* don't really want to start using a socks proxy on the firewall, but I will if I have to. Andrew "I do not agree with what you say, but I will defend to the death your right to say it." Francois Marie Arouet Voltaire (1694-1778)
