Linux-Noob Forums
IRC and my firewall/router - Printable Version

+- Linux-Noob Forums (https://www.linux-noob.com/forums)
+-- Forum: Linux Server Administration (https://www.linux-noob.com/forums/forum-8.html)
+--- Forum: Security and Firewalls (https://www.linux-noob.com/forums/forum-87.html)
+--- Thread: IRC and my firewall/router (/thread-2298.html)



IRC and my firewall/router - dspln - 2005-12-07


I've got iptables (with just about all the options) built into the kernel.

I clear the firewall:

iptables -F

iptables -t nat -F

iptables -P INPUT ACCEPT

iptables -P OUTPUT ACCEPT

iptables -P FORWARD ACCEPT

 

(On the firewall/router) I start iptraf, then start irssi, /connect dalnet, all that happens in iptraf is:

┌{eth1ip}:60267 = 3 180 S--- eth1

└{dalnet}:6667 = 0 0 ---- eth1

 

eth1 is the internet connected nic.

midentd is listening on 113

 

I've tried using a client on my home network, but it doesn't make it through the router either.

 

In an iptables config file here I noticed:



Code:
IRCPORTS="6665,6666,6667,6668,6669,7000" #IRC Ports
...
/sbin/modprobe ip_conntrack_irc ports=$IRCPORTS
/sbin/modprobe ip_nat_irc ports=$IRCPORTS




But I have those modules built into the kernel - do they need those parameters, and how do I pass them if I don't have the modules? Or do these not work if built into the kernel?

 

Gentoo 2005.1 i386

Otherwise, firewall/router seems to work fine - I can access http on on the router, and http/ssh/ftp/counter-strike all get thru the router just fine.




IRC and my firewall/router - znx - 2005-12-08


Quote:I've got iptables (with just about all the options) built into the kernel.I clear the firewall:

iptables -F

iptables -t nat -F

iptables -P INPUT ACCEPT

iptables -P OUTPUT ACCEPT

iptables -P FORWARD ACCEPT
 

Yup empty :)Might want to look into a "iptables -X" (clears our any extra personal rules)

 



Code:
IRCPORTS="6665,6666,6667,6668,6669,7000" #IRC Ports
...
/sbin/modprobe ip_conntrack_irc ports=$IRCPORTS
/sbin/modprobe ip_nat_irc ports=$IRCPORTS




 

OK, the ip_conntrack_irc is used for tracking irc traffic. the ip_nat_irc is used to handle nat'in dcc connects, neither of these have anything to do with you connecting outwardly to irc.

 

Quote:But I have those modules built into the kernel - do they need those parameters, and how do I pass them if I don't have the modules? Or do these not work if built into the kernel?
 

yes those parameters are correct for the modules (they aren't needed but make it more secure).

 

i cannot see why your router would do anything to your irc connection, try removing the two modules and see if it works, its possible that they are handling nat before your router's nat... just a guess.