iptables with irc and auth

iptables with irc and auth

[squid]

Hello,

I am trying to configure iptables so that when I connect to IRC on port
6667 it will allow the auth connection back on 113 from that IP address.

I have both inbound and outbound rules on the system. When I try any of
the state information it wont work. Im guessing thats because the iptables
config cant see that its a related connection. Is there any way that I can
setup iptables so that it will allow AUTH only if im connected on port
6667 to that same IP?

thanks

Jimmy.

Re: iptables with irc and auth

[Sven Schuster]

[-- Attachment #1: Type: text/plain, Size: 856 bytes --]


Hi,

On Mon, Jan 10, 2005 at 10:59:49AM -0000, squid@oranged.to told us:
> Hello,
> 
> I am trying to configure iptables so that when I connect to IRC on port
> 6667 it will allow the auth connection back on 113 from that IP address.
> 
> I have both inbound and outbound rules on the system. When I try any of
> the state information it wont work. Im guessing thats because the iptables
> config cant see that its a related connection. Is there any way that I can
> setup iptables so that it will allow AUTH only if im connected on port
> 6667 to that same IP?

use ipt_recent, see

http://snowman.net/projects/ipt_recent/


HTH

Sven

> 
> thanks
> 
> Jimmy.
> 
> 

-- 
Linux zion 2.6.10-bk7 #0 Fri Jan 7 19:08:39 CET 2005 i686 athlon i386 GNU/Linux
 12:30:23 up 2 days, 17:07,  1 user,  load average: 0.07, 0.06, 0.05

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: iptables with irc and auth

[Marc Haber]

On Mon, Jan 10, 2005 at 10:59:49AM -0000, squid@oranged.to wrote:
> I am trying to configure iptables so that when I connect to IRC on port
> 6667 it will allow the auth connection back on 113 from that IP address.

Do you really have an identd running on that port? If so, why don't
you open the port generally? If you don't have identd running, a
--jump REJECT will do just fine.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

Re: iptables with irc and auth

[Lopsch]

[-- Attachment #1: Type: text/plain, Size: 658 bytes --]

squid@oranged.to schrieb:
> Hello,
>
> I am trying to configure iptables so that when I connect to IRC on port
> 6667 it will allow the auth connection back on 113 from that IP address.
>
> I have both inbound and outbound rules on the system. When I try any of
> the state information it wont work. Im guessing thats because the iptables
> config cant see that its a related connection. Is there any way that I can
> setup iptables so that it will allow AUTH only if im connected on port
> 6667 to that same IP?
>
> thanks
>
> Jimmy.
>

Perhaps the conntrack and helper module for IRC will help you,
ip_conntrack_irc and ip_nat_irc.


--

PGP-ID 0xF8EAF138

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 832 bytes --]