Okay folks:
I've sent this direct to Oscar (thanks for great tutorials guy)
I've sent this direct to Mirc's creator.
Big block capitals on several websites, hopefully the
patch-o-matic
help file and stamped smack in the middle of my forhead for all
to see
After building, rebuilding, trying, twisting, hammering and
whatnot,
I've finally thumped through enough of the messages in my
mailbox
(I've all the mail digest from the mailinglists for about the
last
three months) I finally noted that at least three other people
have
see this problem.
1) DCC sends DO NOT work from Mirc client when behind IPtables
firewall with
DCC modules (nat/conntrack) loaded, but other clients do
succeed, Mirc in default 'i'm behind a
firewall configuration'.
2) using Mirc in the standard 'i'm behind a firewall'
configuration works for
connection to server, chatting, getting files.
3) Iptables spits up a Forged DCC send packet error when the
above default configuration
attempts a DCC send.
4) the issue lies with the default 'I'm behind a firewall
configuration' Mirc does NOT
expect the firewall to be smart enough to handle natting the
send properly between the
three (3) relevant points (client here, server, client
there) and thus dummies in the
outside ip that it has been TOLD by the IRC server it has
... which IpTables sees as
a no-no.
5) setting Mirc to behave as if it is NOT behind a firewall
allows *all* functionality
transparently, AS LONG AS the IRC server PORT is in the
(insmod irc_nat and insmod irc_conntrack)
commands.
(P.S. Core team -- I personally Upped the #define MAX_PORTS
in both ip_conntrack_irc.c and
ip_nat_irc.c to 20 -- the clients I've looked at seem to use
other ports that I'm slightly leery
of adding to the list.... but ... )
I've several installations of Iptables where this has been
driving me out of my tree over the last
few weeks, 'specially since I'd thought from reading that irc
stuff was now all functional
on 2.4.14 or > and iptables 1.2.4 or >
(personally I'd though it was a lack of sleep and a lack of
coffee on my part causing the problem)
Since the irc stuff in iptables DOES work *thanks Harald and
*EVERYONE* else on the netfilter team*
I think it important that everyone using the combined packages
be told, advised, warned, and
beaten on until they leave the poor sysadmins to their duties
.. *grin*
Can the above combined list of bodies plaster this in as many
places as possible?
Please and thank you and on bended knee ....
Alistair Tonner
