OK, let's try clarifying some things here...
> > I run an IRC server (IRCd) on the same box that does the packet filtering
> > (netfilter/iptables). I connect to that box with one of my other local
> > machines and I am unable to send/receive DCC stuff. I think it's because
> > the local box sees our local IP addresses (192.168.1.0/24) so it can't
> > forward the packets appropriately (or maybe because the local addresses
> > can't resolve via DNS). Is ther any way I can fix this, other than using an
> > actual proxy?
>
> First, the usual things. You need to have the irc modules loaded in order to
> send DCC. Type 'lsmod' and look for ip_nat_irc and ip_conntrack_irc. I they
> aren't there you need to load them with modprobe. Also, if you aren't
+++
OK, all the modules that I need are already loaded. DCC works on ANY OTHER
IRC server except the one on my local LAN box.
> connecting to your server on port 6667, make sure you use the ports= line
+++
As far as I'm aware and have been told, these modules do NOT allow port=
parameters. Even if they do, I am already using port 6667 to connect.
> when you load the modules. Make sure you are allowing tcp connections to
> unpriviledged ports through the FORWARD chain.
+++
Well, I have nothing in my FORWARD chain, but it's policy is set to ACCEPT.
Also, if DCC works on all other IRC servers, then having ports blocked
should not be the problem.
>
> The setup you described should work, but you can try connecting to you server
> on the external IP instead of the LAN IP. Either way, you should be able to
> receive DCC without the netfilter modules loaded at all, so
+++
I have been connecting to my IRC server on it's external IP. In fact, it won't
allow me to connect to IRC on it's internal IP. Yet it still sees my
IP as 192.168.1.177 .
>
> rmmod ip_nat_irc ip_conntrack_irc
>
> and see if someone outside you site can DCC something to you. If you
> can't receive DCC now, something else is wrong. Can you use passive FTP?
++
No, no one can DCC to me with the modules loaded or unloaded.
Yes, I can passive FTP just fine.
>
> If this works, reload the modules and try again, you should still be able to
> receive DCC. Now try sending something with DCC. If you can't there is
> probably something in your ruleset that is blocking DCC.
+++
For testing purposes my ruleset is wide open. Secondly, (I say again) I am
able to DCC on any other IRC server that sees my address as the remote address
of my gateway/routing (iptables) computer. The IRC server is running on the
same computer that is doing the routing (iptables).
>
> -Bob
Here's a crude diagram of my setup for anyone who needs a visual of what
I'm talking about.
(* The Internet *) <---> [ gateway/router (iptables) *** IRCd *** ]
<---> [ Workstation #2 ]
External IP: 12.207.4.70 :: Internal IP: 192.168.1.1
IP: 192.168.177
((Port 6667))
((Making IRC Connection))
^
V
|
|
|
|
---------------------------------------------------------
Workstation #2 IRC connection log:
[10:41:50] --> MyNick ([EMAIL PROTECTED]) has joined #Channel
If this text diagram isn't enough, I'll be willing to make a graphical one
as long as someone will try to help me.
-------------------------end spam-----------------------------
Thanks for your suggestions,
GRE
