[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    RE: hate to post this..ICQ and IPF, need a bit of input..
From:       "Ignacio Cristerna" <ignacioc () webhostix ! com>
Date:       2001-09-28 19:14:19
[Download RAW message or body]

what about a socks proxy running on the NAT machine?

-----Original Message-----
From: owner-ipfilter@coombs.anu.edu.au
[mailto:owner-ipfilter@coombs.anu.edu.au]On Behalf Of Mike Batchelor
Sent: Friday, September 28, 2001 11:42
To: Phil Dibowitz; ipfilter@coombs.anu.edu.au
Subject: RE: hate to post this..ICQ and IPF, need a bit of input..


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Mike Batchelor wrote:
> > ipnat.conf:
> > bimap xl0 ext.if.addr/32 -> int.if.addr/32
> >
> > ipf.conf:
> > pass in on xl0 proto tcp from any to int.if.addr/32 port 2000-2020 keep
> > state
> > block in on xl0 from any to int.if.addr/32
> >
> 
> You mean that in order to use ICQ EACH host has to have a 
> publicly routable
> IP??? It can't be NAT'd? I haven't used ICQ in a long while, and 
> was thinking
> about firing it up again... and this caught my attention...

If you want to accept incoming file transfers, and ipfilter is your
firewall/NAT, then yes, one IP addr for each ICQ client is required.  If
there was a ICQ proxy module for ipfilter, that would solve the problem
without the extra addresses.  You could also use some other userland ICQ
proxy alongside ipfilter, but I don't know of any. I imagine they are out
there, though.

If you just want to chat, or send out files, then normal MAP rules will
handle that.

> 
> Phil
> --
> Insanity Palace of Metallica
> http://www.ipom.com
> webmaster@ipom.com
> --
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBO7S2eUksS4VV8BvHEQL3ugCgnMXiv5KNm58r+QpRNcIhtQ3SRekAnRfp
aXcda9m7R4vfIIflRItnHMNj
=6wOa
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]