DCC sends from behind Iptables firewall with Mirc Client.
Fri, 22 Mar 2002 13:52:13 -0500
I've sent this direct to Oscar (thanks for great tutorials guy)
I've sent this direct to Mirc's creator.
Big block capitals on several websites, hopefully the
help file and stamped smack in the middle of my forhead for all
After building, rebuilding, trying, twisting, hammering and
I've finally thumped through enough of the messages in my
(I've all the mail digest from the mailinglists for about the
three months) I finally noted that at least three other people
see this problem.
1) DCC sends DO NOT work from Mirc client when behind IPtables
DCC modules (nat/conntrack) loaded, but other clients do
succeed, Mirc in default 'i'm behind a
2) using Mirc in the standard 'i'm behind a firewall'
configuration works for
connection to server, chatting, getting files.
3) Iptables spits up a Forged DCC send packet error when the
above default configuration
attempts a DCC send.
4) the issue lies with the default 'I'm behind a firewall
configuration' Mirc does NOT
expect the firewall to be smart enough to handle natting the
send properly between the
three (3) relevant points (client here, server, client
there) and thus dummies in the
outside ip that it has been TOLD by the IRC server it has
... which IpTables sees as
5) setting Mirc to behave as if it is NOT behind a firewall
allows *all* functionality
transparently, AS LONG AS the IRC server PORT is in the
(insmod irc_nat and insmod irc_conntrack)
(P.S. Core team -- I personally Upped the #define MAX_PORTS
in both ip_conntrack_irc.c and
ip_nat_irc.c to 20 -- the clients I've looked at seem to use
other ports that I'm slightly leery
of adding to the list.... but ... )
I've several installations of Iptables where this has been
driving me out of my tree over the last
few weeks, 'specially since I'd thought from reading that irc
stuff was now all functional
on 2.4.14 or > and iptables 1.2.4 or >
(personally I'd though it was a lack of sleep and a lack of
coffee on my part causing the problem)
Since the irc stuff in iptables DOES work *thanks Harald and
*EVERYONE* else on the netfilter team*
I think it important that everyone using the combined packages
be told, advised, warned, and
beaten on until they leave the poor sysadmins to their duties
Can the above combined list of bodies plaster this in as many
places as possible?
Please and thank you and on bended knee ....