On Tue, Jan 13, 2004 at 07:22:46AM -0500, Jean-S?bastien Guay wrote: > Hello Jamin, thanks for your answer, > > >> I put these lines in my firewall.conf: > >> ALLOWED_PORTS_TCP="22 5400 5762:5772" > > > > By setting 5762:5772 here you're saying that the firewall will be > > accepting these ports, not forwarding them. > > Meaning there is nothing to accept the packets on the firewall (such as > Apache for HTTP connections), right?
Correct. Nothing actually on the firewall box responding to these requests. > > You need to forward them > > on to the internal IP address of the Windows machine. Something like: > > > > PORT_FORWARDS="$external_ip(5762:5772)-$internal_ip(5762:5772)" > > > > may work. > > But what if I want to allow ICQ file transfers on two machines on my > internal network? Will I have to assign different port ranges for both > machines (and if there are ever other machines that are added to my > network, that implies that I will have to go back and create another > port range) ? That or locate/write an iptables conntrack module for the ICQ transfers (if that's even possible). -- Jamin W. Collins "Never underestimate the power of very stupid people in large groups." -- John Kenneth Galbraith