/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
Will Kim <[EMAIL PROTECTED]> wrote:
>
> > It is extremely annoying; there don't seem to be any decent options
> > to get ICQ protocol to work well behind a firewall. Even SOCKS has
> > its down side.
>
> What downsides have you seen to the Socks5 solution? I haven't
> experienced anything yet, though I just started using it.
The biggest problem seems to be one that comes out of the SOCKS protocol
itself. I don't think there is any way for a SOCKS client to request an
"open" listening socket on the server; in other words, a SOCKS client
can only request an incoming connection from a specific host, and
moreover, it must be a host to which there is already an outstanding
connection (think FTP). As such, an ICQ client cannot simply listen for
any mesage that it wants to from anywhere. Another ICQ client, wanting
to talk to a client behind a SOCKS server, must send the first message
through the ICQ server, and then let the other client connect directly
to it in reply, thus establishing an actual connection.
However, many of my ICQ friends are using the same masq setup as I.
Therefore, when I helped get everyone to using SOCKS, we all discovered
that we were unable to initiate connections to each other, and so all of
our messages were forced to go through the ICQ server. Not the best
thing, for efficiency, and security of communications...
I really thought that the port-forwarding solution would do the trick.
But there are still cases where a user cannot be contacted despite the
fact that the forwarding and ICQ client are correctly set up. So more
investigation is needed, I guess; perhaps the module is the best
solution, if it could be fixed to support more of the protocol.
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Good judgment comes from experience.
sometimes known as David DeSimone || Experience comes from bad judgment."
http://www.dallas.net/~fox/ || -- Life Lessons
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES
UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
