Date: Tue, 29 Jun 1999 10:48:25 +0300 From: Ruslan Ermilov <ru@ucb.crimea.ua> To: John Prince <johnp@knight-trosoft.com> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: ICQ help Message-ID: <19990629104825.B76311@relay.ucb.crimea.ua> In-Reply-To: <199906272205.RAA09143@mail.knight-trosoft.com>; from John Prince on Sun, Jun 27, 1999 at 05:05:29PM -0500 References: <199906272205.RAA09143@mail.knight-trosoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--LZvS9be/3tNcYl/X Content-Type: text/plain; charset=us-ascii On Sun, Jun 27, 1999 at 05:05:29PM -0500, John Prince wrote: > Hello.. > I was curious, does anyone have any suggestions, in making ICQ work > with Nat? I just switched my customers, and have received a few > complaints. AIM seems to work. > Any help is appreciated. > Thanks, > --john > I run ICQ under NAT. Following is my configuration. You'll need to assign a particular port range (minimum 12) for each ICQ client. Cheers, -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --LZvS9be/3tNcYl/X Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="natd.conf" # # Network Address Translation Daemon # # $Id: natd.conf,v 1.14 1999/01/25 14:03:56 ru Exp $ # # Logging to /var/log/alias.log log no # Incoming connections. deny_incoming no # Use sockets to avoid port clashes. use_sockets yes # Avoid port changes if possible. same_ports yes # Verbose mode. Enables dumping of packets and disables forking to background. verbose no # Divert port. Can be a name in /etc/services or numeric value. port 6668 # Interface name or address being aliased. Either one, not both is required. alias_address x.y.z.5 # Alias unregistered addresses or all addresses. unregistered_only yes # ICQ Redirections redirect_port tcp 192.168.1.13:10000-10011 10000-10011 redirect_port tcp 192.168.1.22:10100-10111 10100-10111 redirect_port tcp 192.168.4.34:10200-10211 10200-10211 [...] redirect_port tcp 192.168.1.23:11100-11111 11100-11111 --LZvS9be/3tNcYl/X Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="rc.firewall" [...] IPFW=/sbin/ipfw # IP firewall controlling utility SYSCTL=/usr/sbin/sysctl # Get or set kernel state program IP_SPACE=x.y.z.0/28 # IP space INTRANET=192.168.0.0/16 # Intranet ALIAS_IP=x.y.z.5 # Alias IP ALIAS_FOR="1.12 1.13 1.14 1.16 1.22 1.23 1.24 1.29 4.34 4.35 4.36 3.14" # Change default port range ${SYSCTL} -w net.inet.ip.portrange.first=49152 ${SYSCTL} -w net.inet.ip.portrange.last=65535 # Flush ${IPFW} -f flush # Loopback connectivity ${IPFW} add allow ip from any to any via lo0 ${IPFW} add deny ip from any to 127.0.0.0/8 # IP aliasing for i in ${ALIAS_FOR}; do # Skip aliasing if the destination is local ${IPFW} add allow ip from 192.168.$i to ${INTRANET} ${IPFW} add allow ip from 192.168.$i to ${IP_SPACE} # Do aliasing ${IPFW} add divert 6668 udp from 192.168.$i to any 4000 ${IPFW} add reject tcp from 192.168.$i to any 3128,8080 ${IPFW} add divert 6668 tcp from 192.168.$i to any 1024-,119 ${IPFW} add divert 6668 udp from 192.168.$i to any 1024- done # Try to de-alias ${IPFW} add divert 6668 ip from any to ${ALIAS_IP} # Ignore failed ICQ server responses ${IPFW} add deny udp from any 4000 to ${ALIAS_IP} # Deny & log everything that isn't de-aliased ${IPFW} add deny log ip from any to ${ALIAS_IP} # Allow TCP through if setup succeeded ${IPFW} add allow tcp from any to any established [...] --LZvS9be/3tNcYl/X-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990629104825.B76311>