I know this one's been done a thousand times..

Mark Lambert mark@lambcom.com.au
Sun, 07 Oct 2001 01:22:13 +1000 

Im trying to get IRC DCC send working.

I've read the tutes' I've read the FAQs. I've even read (some of) the 
source code. Nope, cant get it to work.

This is an RH 7.1 system running a custom 2.4.3-12 kernel.
i.e. I compiled it myself to be leaner and to include a very old SCSI card.
config flags thus:
#
#   IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_UNCLEAN=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_MIRROR=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_COMPAT_IPCHAINS=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_COMPAT_IPFWADM=m
CONFIG_IP_NF_NAT_NEEDED=y

note that the module code is probably about 1.2.1a maturity because it's 
stock redhat kernel 2.4.3-12 source, but I'm running iptables 1.2.3-2 
courtesy of a source RPM.

I'm loading the following rules (based loosely on the rc.firewall.txt example):
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED 
-j ACCEPT

Im loading:
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
/sbin/insmod ip_nat_irc
/sbin/modprobe ip_conntrack_irc

I'm insmoding the ip_nat_irc module because modprobe won't find it and 
modprobe of ip_contrack_irc doesnt load it as a dependancy (like 
ip_contrack_ftp does it's ip_nat_ftp)

when I attempt a DCC send the module tables look like this:
Module                  Size  Used by
ip_nat_irc              5216   0  (unused)
ipt_limit                896   2  (autoclean)
ip_nat_ftp              2848   0  (unused)
ipt_state                576   9  (autoclean)
iptable_filter          1728   0  (autoclean) (unused)
ip_conntrack_irc        2400   0  (unused)
ip_conntrack_ftp        3344   0  (unused)
ipt_owner               1056   0  (unused)
ipt_MASQUERADE          1232   3
iptable_nat            13072   2  [ip_nat_irc ip_nat_ftp ipt_MASQUERADE]
ip_conntrack           12720   4  [ip_nat_irc ip_nat_ftp ipt_state 
ip_conntrack_
irc ip_conntrack_ftp ipt_MASQUERADE iptable_nat]
ipt_LOG                 3280   5
ip_tables              11136   9  [ipt_limit ipt_state iptable_filter ipt_owner
ipt_MASQUERADE iptable_nat ipt_LOG]
ne2k-pci                4192   1  (autoclean)
8390                    6080   0  (autoclean) [ne2k-pci]
8139too_old            11936   1  (autoclean)

note the ip_contrack_irc and ip_nat_irc modules are unused. any ideas why 
these modules aren't even being used?

Or am I doing something really stupid? Ideas guys?

---
Mark J Lambert
Director, Lambcom Computer Services
Unix Systems Administrator and Consultant.
Sysadmins of the world untie!  -  ok, so I'm dyslexic too!
www.lambcom.com.au