> I run an IRC server (IRCd) on the same box that does the packet filtering > (netfilter/iptables). I connect to that box with one of my other local > machines and I am unable to send/receive DCC stuff. I think it's because > the local box sees our local IP addresses (192.168.1.0/24) so it can't > forward the packets appropriately (or maybe because the local addresses > can't resolve via DNS). Is ther any way I can fix this, other than using an > actual proxy?
First, the usual things. You need to have the irc modules loaded in order to send DCC. Type 'lsmod' and look for ip_nat_irc and ip_conntrack_irc. I they aren't there you need to load them with modprobe. Also, if you aren't connecting to your server on port 6667, make sure you use the ports= line when you load the modules. Make sure you are allowing tcp connections to unpriviledged ports through the FORWARD chain. The setup you described should work, but you can try connecting to you server on the external IP instead of the LAN IP. Either way, you should be able to receive DCC without the netfilter modules loaded at all, so rmmod ip_nat_irc ip_conntrack_irc and see if someone outside you site can DCC something to you. If you can't receive DCC now, something else is wrong. Can you use passive FTP? If this works, reload the modules and try again, you should still be able to receive DCC. Now try sending something with DCC. If you can't there is probably something in your ruleset that is blocking DCC. -Bob
