netfilter

[Daniel Stone]

On Mon, 27 Dec 1999, Rusty Russell wrote:

> In message <3862E7CD.8EBD3F44@midlink.com> you write:
> > i need a little help, or ive found a bug :)
> 
> Hi Bob,
> 
> 	The netfilter list is the preferred place for this traffic.
> In particular, the IRC expert (Hi Daniel!) is on that list...
Gidday Rusty =) 
> I'm surprised it doesn't `just work'.
> Rusty.
> 
> > im using netfilter 0.1.14 (also tried cvs) and kernel 2.3.34
> > 
> > right now im trying to get nothing but NAT working, ill work on security
> > after thats up.
> > 
> > i start nat by :
> > /sbin/modprobe netfilter_dev
> > /sbin/modprobe ip_conntrack
> > /sbin/modprobe ip_nat
> > /sbin/modprobe ip_conntrack_ftp
> > /sbin/modprobe ip_nat_ftp
> > ipnatctl -I -s 192.168.0.0/24 -o ppp0 -b source -m masquerade
> > 
> > everything masquerades fine, except irc.
> > on any machine, including the maching running netfilter this happens.
> > the client connects to the server, passes ident information back and
> > forth
> > says "found hostname" etc .. then just sits there.
> > 
> > but if i telnet somewhere and log onto irc , i can see that my client on
> > the netfilter machine
> > is actually connected to the irc server.. im just not recieving any of
> > the text .
> > make sense?
> > 
> > id say theres a 99% chance im doing something wrong here.. but after 3+
> > days, i cant figure it out

Bob,
The way IRC works, it shouldn't need a NAT module, just straight
masquerading, unless you want to do DCC stuff, which is where it gets a
little messy. You will probably need to set up a forwarder for port 113 -
forward all traffic destined for 113 on the Internet box with the modem to
the IRC box. That's the main thing I can think of. Some Undernet servers
are particularly screwy about this - I had my firewall set to drop (no
response) for port 113, and it never really connected. So just try setting
up a port forwarder for port 113, and make that one through to the box
you're trying to IRC from. When I've done it, this will all be covered in
my ip_conntrack_irc module. But, at the moment, itfreezes the system dead,
so it's nowhere near ready for evan a pre-alpha release yet. I'm working
on it, though, but just try setting up a port forwarder. That's all I can
think of.

Summary so you can just skip the above paragraph:
a) forward port 113 on the Internet box through to the IRC box because
some servers are anal-retentive (recommended)
or b) Wait for my ip_conntrack_irc and ip_nat_irc modules (if you don't
mind going without IRC for a month or so).

Enjoy, and, like Rusty says so well - "Hacking time." =) d

PS, if you have any masq-related or otherwise IRC queries/stuff-ups,
contact me at this address, or find me on Undernet as EkinCheng.
 
> --
> Hacking time.
>