From: "Bob" <BHockney@ix.netcom.com>
To: Jihoon Chung <difro@sexycoder.com>, netfilter@lists.netfilter.org
Subject: Re: IRC DCC between 2 clients on the same net.
Date: Fri, 22 Nov 2002 16:15:32 -0800 [thread overview]
Message-ID: <3DDE5824.22076.E31BED@localhost> (raw)
In-Reply-To: <20021122041146.GA19927@sexycoder.com>
Jihoon wrote:
> > the FORWARD chain of the gateway box allow connections to the external ip from
> > you LAN.
>
> Why FORWARD? Shouldn't it be the INPUT chain?
I meant INPUT. My bad.
> > DCC is a passive protocol so sending a file means an inbound tcp connection, why
> > you need the irc modules in the first place. What is happening is that
> > ip_nat_irc has little choice but to substitute the external ip of your gateway
> > for your LAN ip in the DCC SEND request, thus making the other client think it
> > should connect to your gateway instead of the LAN address of the client machine
> > to get the file -- what you want if the other client is outside your firewall.
> > ip_nat_irc then intercepts this and forwards the connection to the LAN ip making
> > to DCC SEND request.
After attempting this, the problem is that the client receiving the file
attempts a connection to the external ip, which is intercepted by ip_nat_irc
and forwarded to the other client on the LAN, but with a source ip of client
initiating the tcp connection, which is correct (it would be the ip of the a
remote host if outside the firewall). The second client then responds, but
since it is responding to an ip on its own subnet, the reply doesn't go
through the gateway. The first client is expecting a reply from the external
ip (since it sent the SYN there), but gets a reply from another ip and rejects
it. The second client immediately closes the DCC connection, while the first
continues to wait for a reply until it times out.
This behavior is normal, by design in ip_nat_irc, and difficult to fix. One
workaround, which does work, is modify the routing table of both clients to
send all LAN traffic through the gateway. A kludge at best.
-Bob
next prev parent reply other threads:[~2002-11-23 0:15 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-11-18 3:55 IRC DCC between 2 clients on the same net Jihoon Chung
2002-11-22 3:52 ` Bob Hockney
2002-11-22 4:11 ` Jihoon Chung
2002-11-23 0:15 ` Bob [this message]
2002-11-23 12:33 ` Jihoon Chung
-- strict thread matches above, loose matches on Subject: below --
2002-11-15 8:37 Jihoon Chung
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3DDE5824.22076.E31BED@localhost \
--to=bhockney@ix.netcom.com \
--cc=difro@sexycoder.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.