Date: Sat, 3 Nov 2001 00:02:21 +0100 From: Andreas Ntaflos <ntaflos.andreas@gmx.net> To: freebsd-stable@freebsd.org Cc: freebsd-questions@freebsd.org Subject: ICQ and NAT again.. :( Message-ID: <20011103000221.A1274@Deadcell.ANT>
next in thread | raw e-mail | index | archive | help
I apologize to start that crap again, I begin to really hate this topic. topic. A few weeks ago, there was a thread concerning this, it was pri- marily about ICQ disconnecting regularily. See "ICQ and NAT problems" in the archives. Quite a few people have mentioned they have a working setup for ICQ clients behind a NAT machine (file transfers working, etc). Despite the great amount of input from that thread, I was unable to solve that problems for me. Call me a prick. I am posting this hoping that someone with a working setup could help me. And this topic to serve as a reference for others. As for my setup: To have ICQ work well behind a firewall, you need to redirect a range of ports to the machine you have the ICQ client running. AFAIK, you need a different range of ports for each machine behind the NAT box. To do so, you go to ICQ's preferences tab, Connections, User. Click 'Not using proxy' and 'Use the following TCP listen port'. There you specify the port range you've set up on the firewall machine. I have ipf and ipnat running. This is the line in ipnat.conf: -------- rdr xl0 x.x.x.x/32 port 30200-30299 -> 192.168.0.10 port 30200 tcp/udp -------- These are the lines in ipf.conf to let the redirected ports in: -------- pass in log first quick on xl0 proto tcp from any to any port 30199 >< 30300 flags S keep state keep frags pass in log first quick on xl0 proto udp from any to any port 30199 >< 30300 keep state -------- As you can see, 192.168.0.10 is a machine on the internal network, and nothing special. Running icq2001b. Whatever. It is configured to have the portrange of 30200 to 30299 listen for incoming events. Now when I ask someone to send me a file for testing (file transfer is what I primarily want), and he is NOT behind any firewall, I recieve the 'Incoming File transfer'-request, and click 'Accept'. Then, there is nothing. It just keeps saying 'Listening' and on the other side, the error message 'can't establish direct connection'. The following is the output of ipmon, just after I click 'Accept' to start the transfer (with y.y.y.y being the address of the sender and, which may be important, x.x.x.x being the external address of the NAT box): NAT-BOX# ipmon | grep y.y.y.y 02/11/2001 23:17:57.174217 xl0 @0:28 b y.y.y.y,2692 -> x.x.x.x,12386 PR tcp len 20 48 - S IN 02/11/2001 23:17:58.187486 xl0 @0:28 b y.y.y.y,2692 -> x.x.x.x,12386 PR tcp len 20 48 - S IN As you can see, it does not use ports 30200-30299 for the transfer. I do get the request for the transfer. After that, it blocks on the outside, it doesn't seem to forward anything else anymore concerning the file transfer. So it seems that the specified port range is used just for that request-event, but not for the actual file transfer. Right? This really gives me headaches. This has been an uber-long post, and I hope the formatting is ok. The topic is quite ridiculous, but I am sure, at present and in the future, this is, and will be, a concern to many people. I hope I've made myself clear somehow and appreciate any help. Thanks and regards -- Andreas "ant" Ntaflos ntaflos.andreas@gmx.net Vienna, AUSTRIA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011103000221.A1274>