* Celso Gonz?lez ([EMAIL PROTECTED]) said: > Also depends on the irc client. > I remember i had problems with ircap and kvirc, but the same > configuration worked with xchat and bitchx
My current firewall runs FreeBSD, so I don't know about the linux module. In some cases where the firewall does stateful nating it tries to change the inner address to the outer address. So in protocols which require a connection back to the host, the nat box has to change the application layer info sent (the ip to connect back). One of the problems was that the software you're using can sometimes tell it's behind a firewall (you can tell x-chat your firewall ip or to find out your ip from the server, which will return the external ip of your firewall). So the irc program uses this ip when it's sending a request. Where is the problem you ask? Well (again, let me say as a disclaimer that I don't know whether this might happen in the linux one), when the firewall tries to do the nating of the address, it has a table of nated addresses (based also on the rules of what addresses to translate), and when it does the lookup for the address contained in the packet, it doesn't find it, because the program already sent an translated address. Did I explain myself or just make a mess out of the english language? Anyway, I've no idea if this is the case, but since we were on topic. Nacho -- "In Googlis non est, ergo non est." - Anonymous Coward Homepage: http://www.cse.ucsc.edu/~isolis/ | EEE8 08C9 FBAE B471 9691 GPG Public Key: http://www.igso.net/isolis.gpg | CE7A 1CC8 D3DE B31E 10AB
