Re: Conntrack helpers for ICQ and MSN Messenger

[rruegner <robowarp@gmx.de>]

Hi,
you dont need helpers for icq it works out of the box
if you want file transfer use somethin like this
#message icq
/usr/sbin/iptables -A INPUT -p udp --dport 4000 -j ACCEPT
#this for  icq file transfer tradittional version
#first user configure icq to use ports 24500:24505 for file transfer
/usr/sbin/iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 
24500:24505 -j DNAT --to 10.10.100.50
/usr/sbin/iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 
24510:24515 -j DNAT --to 10.10.100.52

configure your icq client using ie tcp 24510:24515 for file transfer


#msn
/usr/sbin/iptables -A INPUT -p tcp --dport 1863 -j ACCEPT

http://reaim.sourceforge.net/
may help you too with msn file transfer

Regards

Giancarlo Boaron schrieb:

> Hello. 
> I have some clients in my LAN that need to access ICQ
> and MSN Messenger.
> Reading some iptables tutorials, I discovered that ICQ
> and MSN Messenger protocols are some kind of "complex
> protocols" because they send some information about
> openning new connections back inside the payload of
> the packets.
> So, iptables needs some CONNTRACK and/or NAT helpers
> to let this protocols work properly.
> I looked for it on NETFILTER home page but I didn't
> find it. So, I need some help about it!
> Where can I get an how to apply it on my iptables?
> (Do I have to use patch-o-matic?)
> Besides, I want to use the FORWARD chain instead of
> sending this protocols via SQUID or another proxy.
> 
> Some solution?
> 
> Regards
> Giancarlo
> 
> 
> 
> 	
> 	
> 		
> _______________________________________________________
> Yahoo! Messenger 6.0 - jogos, emoticons sonoros e muita diversão. Instale agora!
> http://br.download.yahoo.com/messenger/
>