On Tue, 16 Apr 2002 10:53:58 -0400, you wrote: I have experienced the same thing as this you. I dont have my ircdserver installed at this moment so I cant test a sollution I have heard about, whitch is:
The IRCd, probably an UnrealIRCd, has the x flag set default I have heard someone say, that if you mode yourself -x in your server you should be able to send DCC Write /mode nick -x If this does not work (and as I say I cant test it atm) then I must assume that this is an issue that is not though of during the netfilter developement. Ofcourse one can not expect that every issue on earth is though of. But this could may be something for the dev team to have a look at for future versions. ------------------------------------------------------------------------------------------------------------ This was my earlier experiences when running that server; A: Linux iptables firewalled server connected to internet (On this box I also run my IRC server B:Window workstation box running NAT/MASQUARADED behind the A box in LAN (From this workstation (B) I run my ircclient When connecting this ircclient (from B) to the server (A) etiher thrue my intenet public ip, or from the windowsboks local ip (192.168.1.20) to the serverbox (A)'s lan interface 192.168.1.10, I am not able to send DCC on that server. If I (from B) connect my ircclient to ANY other IRC server on the internet, I am able to send DCC. My masquarading is working, I have loaded (ofcourse) the ip_conntrack_irc, and ip_nat_irc modules. Everything is actually working by the book, exercpt from this particular issue. >OK, let's try clarifying some things here... > >> > I run an IRC server (IRCd) on the same box that does the packet filtering >> > (netfilter/iptables). I connect to that box with one of my other local >> > machines and I am unable to send/receive DCC stuff. I think it's because >> > the local box sees our local IP addresses (192.168.1.0/24) so it can't >> > forward the packets appropriately (or maybe because the local addresses >> > can't resolve via DNS). Is ther any way I can fix this, other than using an >> > actual proxy? >> >> First, the usual things. You need to have the irc modules loaded in order to >> send DCC. Type 'lsmod' and look for ip_nat_irc and ip_conntrack_irc. I they >> aren't there you need to load them with modprobe. Also, if you aren't >+++ > >OK, all the modules that I need are already loaded. DCC works on ANY OTHER >IRC server except the one on my local LAN box. > >> connecting to your server on port 6667, make sure you use the ports= line >+++ > >As far as I'm aware and have been told, these modules do NOT allow port= >parameters. Even if they do, I am already using port 6667 to connect. > >> when you load the modules. Make sure you are allowing tcp connections to >> unpriviledged ports through the FORWARD chain. >+++ > >Well, I have nothing in my FORWARD chain, but it's policy is set to ACCEPT. > >Also, if DCC works on all other IRC servers, then having ports blocked >should not be the problem. > >> >> The setup you described should work, but you can try connecting to you server >> on the external IP instead of the LAN IP. Either way, you should be able to >> receive DCC without the netfilter modules loaded at all, so >+++ > >I have been connecting to my IRC server on it's external IP. In fact, it won't >allow me to connect to IRC on it's internal IP. Yet it still sees my >IP as 192.168.1.177 . > >> >> rmmod ip_nat_irc ip_conntrack_irc >> >> and see if someone outside you site can DCC something to you. If you >> can't receive DCC now, something else is wrong. Can you use passive FTP? >++ > >No, no one can DCC to me with the modules loaded or unloaded. >Yes, I can passive FTP just fine. > >> >> If this works, reload the modules and try again, you should still be able to >> receive DCC. Now try sending something with DCC. If you can't there is >> probably something in your ruleset that is blocking DCC. >+++ > >For testing purposes my ruleset is wide open. Secondly, (I say again) I am >able to DCC on any other IRC server that sees my address as the remote address >of my gateway/routing (iptables) computer. The IRC server is running on the >same computer that is doing the routing (iptables). > >> >> -Bob > >Here's a crude diagram of my setup for anyone who needs a visual of what >I'm talking about. > >(* The Internet *) <---> [ gateway/router (iptables) *** IRCd *** ] ><---> [ Workstation #2 ] > External IP: 12.207.4.70 :: Internal IP: 192.168.1.1 > IP: 192.168.177 > ((Port 6667)) >((Making IRC Connection)) > ^ > V > | > | > | > | > >--------------------------------------------------------- > >Workstation #2 IRC connection log: > >[10:41:50] --> MyNick ([EMAIL PROTECTED]) has joined #Channel > >If this text diagram isn't enough, I'll be willing to make a graphical one >as long as someone will try to help me. > >-------------------------end spam----------------------------- > >Thanks for your suggestions, > >GRE > Cheers Rabalder ------- Norwegian PostNuke Community http://postnuke.d2g.com
