Hello Jamin, >> But what if I want to allow ICQ file transfers on two machines on my >> internal network? Will I have to assign different port ranges for both >> machines (and if there are ever other machines that are added to my >> network, that implies that I will have to go back and create another >> port range) ? > > That or locate/write an iptables conntrack module for the ICQ transfers (if that's even possible).
Just to close this discussion, following your lead I searched for iptables conntrack ICQ on Google and got this on the Netfilter FAQ: (http://www.netfilter.org/documentation/FAQ/netfilter-faq.html#toc1.3) <<<---- snip ---->>> 1.3 Is there an ICQ conntrack/NAT helper module? If you are used to masquerading on a Linux 2.2 box, you always used the ip_masq_icq module in order to get direct client-to-client ICQ working. Nobody re-implemented this module for netfilter, because the ICQ protocol is too ugly :) But I guess it's just a matter of time until one is available. Rusty once pointed out that only modules for protocols with at least one free client and one free server are going to get integrated into the main netfilter distribution. As for ICQ, there are only free clients, so it doesn't match this criteria. (free as in freedom, not in free beer, i.e. RMS' definition) <<<---- snip ---->>> I thought I had seen something like that (distant memory of an ipchains icq module), but it seems (from that last part) there are little chances of someone writing something for iptables/Linux 2.4+ So I guess I'll have to try forwarding ports for both machines. Thanks for your help, ________________________________________________ Jean-Sébastien Guay [EMAIL PROTECTED] http://whitestar02.webhop.org/
