/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
Nathan Giuliani <[EMAIL PROTECTED]> wrote:
>
> ICQ wont work properly.
I have invested a lot of useless time and energy into getting ICQ to
work behind masq. There are several ways to do it, and they all have
disadvantages.
1. The ICQ module at http://members.tripod.com/~djsf/masq-icq/
This module works pretty well. You tell your ICQ clients that they
are NOT behind a firewall.
However, file transfers and direct chat will NOT work. Messaging
works fine, as well as URL's.
2. Use SOCKS. You can get a free SOCKS server from
http://www.socks.nec.com/cgi-bin/download.pl
The SOCKS server is not exactly fun to configure, but a config like
this works well enough (/etc/socks5.conf):
auth 192.168.0. - n
permit - - 192.168.0. - - -
deny - - - - - -
The ICQ clients must be told that they are behind a SOCKS5 firewall,
and then you must give the name of the SOCKS server, meaning your
masq firewall. This solution DOES NOT ACTUALLY USE MASQ for ICQ at
all; it will work regardless of your masq configuration.
You will find that all features work, including file transfers and
chat, although other ICQ users will find themselves having to send
through the server on their first message; this seems to be the
nature of SOCKS.
3. Use port-forwarding. This is the most cumbersome method, but seems
to offer the best functionality.
You must forward a range of ports to EACH of your ICQ clients.
Port-forwarding can only forward one port to one machine behind the
masq firewall, so you get the best results by writing a script like
this:
ipmasqadm portfw -f
port=10000
while [ $port -lt 10020 ]
do
ipmasqadm portfw -a -P tcp -L $ext_ip $port -R client1 $port
port=$((port+1))
done
while [ $port -lt 10040 ]
do
ipmasqadm portfw -a -P tcp -L $ext_ip $port -R client2 $port
port=$((port+1))
done
As you can see, this forward ports 10000 - 10019 to the machine
called client1, and ports 10020 - 10039 to the machine called
client2. On client1, you must configure ICQ and tell it that it is
behind a non-SOCKS firewall, and that it must use the restricted
port range of 10000 to 10019. You client2, you do the same thing,
but configure it to use port range 10020 to 10039.
After this, you should find ICQ works for all functions. I still
find the occasional glitch, where I can't seem to contact another
ICQ user, or vice-versa, without using the ICQ server. But I don't
know what to do to improve the situation. This is also a cumbersome
setup if you have more than a couple of ICQ users.
I'd recommend the ICQ module if you don't need file-transfer and chat
features. It's easy to set up, on 2.2 kernels.
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Good judgment comes from experience.
sometimes known as David DeSimone || Experience comes from bad judgment."
http://www.dallas.net/~fox/ || -- Life Lessons
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES
UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
