LARTC - Nov 2001 - IRC and DCC

Hello

I''m running NAT on my Linux box (192.168.0.1) with this command

/usr/local/sbin/iptables -t nat -A POSTROUTING -o ippp0 -j MASQUERADE

Everything is working fine, except DCC in IRC.
When I try to send something the remote machine get''s
"can''t connect"

Have I missed something, or what?
It does work when I NAT with ipchains, but I like iptables more.

Thanks,
   Joachim

I have compiled everything into the kernel

  ----- Original Message ----- 
  From: Greg Scott 
  To: ''Joachim Wickman'' ; lartc@mailman.ds9a.nl 
  Sent: Saturday, November 03, 2001 12:31 AM
  Subject: RE: [LARTC] IRC and DCC


  There are some modules you need to modprobe.  Try this:
   
      /sbin/modprobe ip_conntrack_irc

  I''ll bet there are also others.  Is there some central list of
modules and what they do anywhere?
   
  - Greg
   
   
    -----Original Message-----
    From: Joachim Wickman [mailto:jwickman@tawi.fi]
    Sent: Friday, November 02, 2001 3:47 PM
    To: lartc@mailman.ds9a.nl
    Subject: [LARTC] IRC and DCC


    Hello

    I''m running NAT on my Linux box (192.168.0.1) with this command
     
    /usr/local/sbin/iptables -t nat -A POSTROUTING -o ippp0 -j MASQUERADE
     
    Everything is working fine, except DCC in IRC.
    When I try to send something the remote machine get''s
"can''t connect"
     
    Have I missed something, or what?
    It does work when I NAT with ipchains, but I like iptables more.
     
    Thanks,
       Joachim

There are some modules you need to modprobe.  Try this:
 
    /sbin/modprobe ip_conntrack_irc

I''ll bet there are also others.  Is there some central list of modules
and
what they do anywhere?
 
- Greg
 
 

-----Original Message-----
From: Joachim Wickman [mailto:jwickman@tawi.fi]
Sent: Friday, November 02, 2001 3:47 PM
To: lartc@mailman.ds9a.nl
Subject: [LARTC] IRC and DCC


Hello
 
I''m running NAT on my Linux box (192.168.0.1) with this command
 
/usr/local/sbin/iptables -t nat -A POSTROUTING -o ippp0 -j MASQUERADE
 
Everything is working fine, except DCC in IRC.
When I try to send something the remote machine get''s
"can''t connect"
 
Have I missed something, or what?
It does work when I NAT with ipchains, but I like iptables more.
 
Thanks,
   Joachim

i had this same problem... dcc''s sent to me after i requested them
within a
few seconds would work, but dcc''s sent to me  minutes after would
drop...(can''t connect)

the solution for me was to install socks5 on gateway only allowing relaying
from internal interface and opening up port tcp/1080 (or whatever your
socks5 port is) on the external interface for incoming connections.

my two questions are:
1) is this a security issue to open up 1080 externally?
2) i can only connect to irc servers that dont require ident.... (ie.
underet, but not dalnet)... any ideads?

thanks,
fernando pando
  -----Original Message-----
  From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On
Behalf Of Joachim Wickman
  Sent: Friday, November 02, 2001 5:25 PM
  To: Greg Scott; lartc@mailman.ds9a.nl
  Subject: Re: [LARTC] IRC and DCC


  I have compiled everything into the kernel

    ----- Original Message -----
    From: Greg Scott
    To: ''Joachim Wickman'' ; lartc@mailman.ds9a.nl
    Sent: Saturday, November 03, 2001 12:31 AM
    Subject: RE: [LARTC] IRC and DCC


    There are some modules you need to modprobe.  Try this:

        /sbin/modprobe ip_conntrack_irc

    I''ll bet there are also others.  Is there some central list of
modules
and what they do anywhere?

    - Greg


      -----Original Message-----
      From: Joachim Wickman [mailto:jwickman@tawi.fi]
      Sent: Friday, November 02, 2001 3:47 PM
      To: lartc@mailman.ds9a.nl
      Subject: [LARTC] IRC and DCC


      Hello

      I''m running NAT on my Linux box (192.168.0.1) with this command

      /usr/local/sbin/iptables -t nat -A POSTROUTING -o ippp0 -j MASQUERADE

      Everything is working fine, except DCC in IRC.
      When I try to send something the remote machine get''s
"can''t connect"

      Have I missed something, or what?
      It does work when I NAT with ipchains, but I like iptables more.

      Thanks,
         Joachim

hi!
> 2) i can only connect to irc servers that dont require ident.... (ie.
> underet, but not dalnet)... any ideads?
Which identd did you install? If you use NAT/MASQ your identd should
be able to forward requests to the proper machine and you have to run
an identd on the client machines. The client-machine''s identd also has
to allow the gateway-identd to ask him even if the connection goes out
to the internet. Or if you don''t care about your idents let the
gateway-identd just return a dummy-string.

best regards

		Sebastian

-- 
Sebastian ''spax'' Pape          | Three things are certain:
Death, taxes, and
mailto: sebastian@p-a-p-e.de   | lost data. Guess which has occurred...  
pgp: http://p-a-p-e.de/pgp.asc | 
         --- Do you want to know more? http://www.p-a-p-e.de/ ---

download the sources of the last iptables distribution and read the INSTALL,
there''s a make most-of-pom (or make patch-o-matic for the brave) that
asks you to patch your kernel with the latest (and coolest) features of
netfilter, conntracking of dcc''s included

ivan

On Nov/02/2001, Joachim Wickman wrote:
> 
> Hello
>  
> I''m running NAT on my Linux box (192.168.0.1) with this command
>  
> /usr/local/sbin/iptables -t nat -A POSTROUTING -o ippp0 -j MASQUERADE
>  
> Everything is working fine, except DCC in IRC.
> When I try to send something the remote machine get''s
"can''t connect"
>  
> Have I missed something, or what?
> It does work when I NAT with ipchains, but I like iptables more.
>  
> Thanks,
>    Joachim
>

Jepp

I noticed that they included it in kernel 2.4.14 too.

Joachim

Kernel 2.4.14

Legend: [*] built-in  [ ] excluded  <M> module  < > module capable

<*> Connection tracking (required for masq/NAT)
<*>   FTP protocol support
<*>   IRC protocol support
..
..
..

and

/sbin/modprobe ip_conntrack_irc
modprobe: Can''t locate module ip_conntrack_irc

so no, it isn''t a module.

It doesn''t work with my secondary ISP.(maybe because I get private IPs
10.x.x.x), but it works to irc from the router.
Haven''t tried with my primary yet. 

// Joachim

> Is this from a piece of documentation someplace?  If so where?
> Could this be the list of modules and what they do?
> 
> - Greg
No. I took it out from the kernel configuration

// Joachim

> Kernel 2.4.14
>
> Legend: [*] built-in  [ ] excluded  <M> module  < > module
capable
>
> <*> Connection tracking (required for masq/NAT)
> <*>   FTP protocol support
> <*>   IRC protocol support
> ..
> ..
> ..
Is this from a piece of documentation someplace?  If so where?
Could this be the list of modules and what they do?

- Greg