[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: masquerading woes with icq



On Mon, 5 Nov 2001, Haim Gelfenbeyn wrote:

> Mulix,
> I was looking into the same problem... The issue is that developers of
> 2.4 netfilter code agree to write specific modules for protocols only
> when GPL-ed client and server software exist. There is no free ICQ
> server, so such module does not exist. Since ICQ protocol is
> brain-damaged (they encode the sending IP inside the data packet
> itself), it won't work property out of the box... The solution I found
> working is this:
>
> 1. Get more or less modern ICQ client

the person is using 99b. is this version recent enough?

> 2. In recent versions you can specify range of upper ports which ICQ
> will use, in the client.

yes, we did that.

> 3. use iptables to forward all requests to these ports directly to your
> windows machine.

did that too.

> 4. Yes I know this jeopardizes security, but anything else won't really
> work for me.
> You can try to use different approaches, like using HTTP proxy mode in
> ICQ, but without direct connection people won't be able to chat you, and
> other problems will exist also. If you find better solution then above,
> please let me know.

actually, i did all of this before mailing the list, and *it didnt
work*. is it working for you? do you not encounter any of the problems i
mentioned? what icq clients do your users use?

thanks for your help!
-- 
mulix

http://www.pointer.co.il/~mulix/
http://syscalltrack.sf.net/



=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il