IRC iptables

IRC iptables

[GBV]

Hello there,

I have an IRC server, a windows 2000 server box in my internal network, ip
192.168.0.69

I want to publish this IRCd via internet and intranet.( this IRCd uses port
7000 and 6669)

my firewall internal ip 192.168.0.1 and external 200.168.22.138

i´d like to all requests to the respective IRCd ports to my firewall,
external and internal interfaces (eth1,eth0) go to 192.168..0.69, where the
ircd is hosted...

any solutions?

]
thks

irc+iptables

[it clown]

Hi All,

i am having some trouble in getting irc working through
iptables and squid.When i put a forwarder in my iptables
rule i can connect to irc but when i want to go through the
proxy i have no luck.I have loaded the ip_nat_irc and
tried:

-t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT
--to-ports 3128.

I have made the changes in squid to allown port 6667.
Port 6667 is allowed OUT.

Regards
_____________________________________________________________________
For super low premiums ,click here http://www.dialdirect.co.za/quote

Re: irc+iptables

[Jason Opperisano]

On Sat, 2004-10-02 at 05:03, it clown wrote:
> Hi All,
> 
> i am having some trouble in getting irc working through
> iptables and squid.When i put a forwarder in my iptables
> rule i can connect to irc but when i want to go through the
> proxy i have no luck.I have loaded the ip_nat_irc and
> tried:
> 
> -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT
> --to-ports 3128.

which is a nat rule redirecting tcp port 80 traffic to your squid cache
running on tcp port 3128.

> I have made the changes in squid to allown port 6667.
> Port 6667 is allowed OUT.

what has has led you to believe that squid can proxy IRC traffic?  i may
be out of the loop, but AFAIK, squid supports proxying for:  HTTP,
HTTPS, FTP, Gopher, and WAIS.

even if it did support proxying for IRC, you're only redirecting port
80.

for IRC, you'll need to use a forward rule along the lines of:

  iptables -A FORWARD -i $INSIDE_IF -p tcp --syn --dport 6667 -j ACCEPT

HTH...

-j

disclaimer:  the rules contained in this message are meant to illustrate
the requested functionality only, and not intended as a recommendation
of best practices.  never execute any commands without fully
understanding the implications.

-- 
Jason Opperisano <opie@817west.com>

Re: irc+iptables

[Alistair Tonner]

On October 2, 2004 05:03 am, it clown wrote:
> Hi All,
>
> i am having some trouble in getting irc working through
> iptables and squid.When i put a forwarder in my iptables
> rule i can connect to irc but when i want to go through the
> proxy i have no luck.I have loaded the ip_nat_irc and
> tried:
>
> -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT
> --to-ports 3128.
>
> I have made the changes in squid to allown port 6667.
> Port 6667 is allowed OUT.

	Squid itself will not proxy IRC that I'm aware of.  When you say 
	'Forwarder' -- I take it you allow the connection out directly to the 
	IRC server with a rule in the FORWARD chain.  
	
	What (client) are you using to connect to IRC through the proxy?
	And --- for what it's worth why do you believe that Squid will 
	proxy the IRC connection?

	There are web based clients that can run through proxies, 
	however they are completely java based, and the connection
	is from the webserver end to the IRC server.  There is a java 
	applet that someone cooked up that has the initial connection
	from the webserver, but requires that the client can see the 
	internet without filtering as subsequent traffic is from the client 
	to the IRC server, across not well known ports, and this also 	
	has some other issues that make it unwise to use.
	
	Alistair Tonner
	RSO Technical Services, 
	HPUX Support

Re: irc+iptables

[it clown]

Sorry i ment port 6667 and not port 80 in the nat. I just
throught that because in isa server you can connect to irc
through it you could do the same with squid.

On Sat, 02 Oct 2004 07:51:25 -0400
 Jason Opperisano <opie@817west.com> wrote:
> On Sat, 2004-10-02 at 05:03, it clown wrote:
> > Hi All,
> > 
> > i am having some trouble in getting irc working through
> > iptables and squid.When i put a forwarder in my
> iptables
> > rule i can connect to irc but when i want to go through
> the
> > proxy i have no luck.I have loaded the ip_nat_irc and
> > tried:
> > 
> > -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT
> > --to-ports 3128.
> 
> which is a nat rule redirecting tcp port 80 traffic to
> your squid cache
> running on tcp port 3128.
> 
> > I have made the changes in squid to allown port 6667.
> > Port 6667 is allowed OUT.
> 
> what has has led you to believe that squid can proxy IRC
> traffic?  i may
> be out of the loop, but AFAIK, squid supports proxying
> for:  HTTP,
> HTTPS, FTP, Gopher, and WAIS.
> 
> even if it did support proxying for IRC, you're only
> redirecting port
> 80.
> 
> for IRC, you'll need to use a forward rule along the
> lines of:
> 
>   iptables -A FORWARD -i $INSIDE_IF -p tcp --syn --dport
> 6667 -j ACCEPT
> 
> HTH...
> 
> -j
> 
> disclaimer:  the rules contained in this message are
> meant to illustrate
> the requested functionality only, and not intended as a
> recommendation
> of best practices.  never execute any commands without
> fully
> understanding the implications.
> 
> -- 
> Jason Opperisano <opie@817west.com>
> 
> 

_____________________________________________________________________
For super low premiums ,click here http://www.dialdirect.co.za/quote