On Tue, May 21, 2002 at 10:52:30AM +0200, Giacomo Mulas wrote: > On Tue, 21 May 2002, Raffael Ferenc wrote: > > > > If you use NAT, you have to load in the IRC nat helper module with the > > > same parameters as you used at the IRC conntrack helper. > > > > IMHO DCC uses random unprivports, so you have to enable all ports > > between 1025 and 65535 for the target ip address. (which is quite > > unsecure, so use it with care) > > The IRC conntrack helper actually does what the ftp conntrack helper does: > it is somewhat capable of "understanding" the IRC protocol and to detect > that a legitimate DCC connection has been requested, and on which port(s); > then, if "RELATED" connections are allowed, it opens exactly those ports > just for as long as needed and afterwards it closes them again. That's > what connection tracking is all about. You _don't_ open all high ports > unconditionally.
Hm. Not bad. I think I'll experience a bit with iptables... :) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
