Date: Mon, 22 Oct 2001 19:37:10 +0200 From: Andreas Ntaflos <ntaflos.andreas@gmx.net> To: Allen Landsidel <all@biosys.net> Cc: freebsd-stable@freebsd.org Subject: Re: ICQ with NAT problems Message-ID: <20011022193710.A1442@Deadcell.ANT> In-Reply-To: <5.1.0.14.0.20011021012339.00b2b3a8@rfnj.org>; from all@biosys.net on Sun, Oct 21, 2001 at 01:32:13AM -0400 References: <3BD21435.4060605@quake.com.au> <3BD2538D.80604@quake.com.au> <5.1.0.14.0.20011021012339.00b2b3a8@rfnj.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 21, 2001 at 01:32:13AM -0400, Allen Landsidel wrote:
> #2 Configure ICQ to use a certain range of listening TCP ports. Use a
> different port range on each machine that will be running ICQ, and
> configure NAT to forward connections to these ports appropriately.
Forwarding a different range of ports doesnt seem to work without
problems either... When I use LICQ on the gateway/nat machine
and forward for example ports 30000 - 30009 to the internal inter-
face/ip-address of the gatewy/nat machine, file transfers seem to
work.
But forwarding for example the port range of 30011 - 30019 to
an internal machine behind the gateway/nat machine, file transfers
wont work correctly (ICQ with win2k)... The request comes in
("Incoming file transfer") but then it just says "listening" and the
sender gets the error message "can't establish direct connection".
Why would this be?
Example with ipf/ipnat:
This is taken from my ipnat.rules file:
rdr xl0 x.x.x.x/32 port 30000-30009 -> 192.168.0.1 port 30000 tcp/udp
rdr xl0 x.x.x.x/32 port 30011-30019 -> 192.168.0.2 port 30011 tcp/udp
where x.x.x.x is the external if-addr and 192.168.0.1 the internal address
of the nat machine. 192.168.0.2 is the first box on the internal network.
The filter rules allow in tcp/udp connections on ports 30000 - 30019:
pass in log first quick on xl0 proto tcp from any to any port 29999 >< 30020 flags S keep state keep
frags
pass in log first quick on xl0 proto udp from any to any port 29999 >< 30020 keep state
Any comments?
--
Andreas "ant" Ntaflos
ntaflos.andreas@gmx.net
Vienna, AUSTRIA
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011022193710.A1442>