[plug] ICQ and a Linux gateway
Leon Brooks
leonb at bounce.networx.net.au
Sun Oct 24 01:39:14 WST 1999
> Paul Wilson wrote:
> Bearing in mind the obvious need for ipchains to keep both the server
> and the internal network secure, how do I handle ICQ? What ports does
> it use? Can the Linux server be made transparent to ICQ (i.e. in this
> context, will the other 4 Win-9x PCs on the network all be able to ICQ
> to each other (I know, I know, crazy !!) and to the world outside?).
In my experience, ICQ through an ICQ server works fine with
masquerading, but may require a kernel recompile depending upon your
distribution. Direct ICQ user-to-user *within* the masq'ed area also
works fine, as long as (and often despite lack of this) you are explicit
about the masquerading command: "-j MASQ -s MASQ_NET -d ! MASQ_NET".
However, you will have problems with direct connects beteen machines
inside the masq and outside (the ICQ equivalent of IRC's DCC command,
which also has problems and for the same reason). This can be worked
around with port forwarding but it is messy and requires client config
changes.
Note that Microsoft's NAT usually stuffs up IRC, ICQ and RealAudio/Video
badly, and isn't too keen on FTP either. You can cure some FTP woes
(which will arise with picky servers, most notably some NT sites,
usually those with Resume capability switched off, usual symptom is "bad
port" messages) by operating the FTP clients inside the masq in Passive
(PASV) mode.
More information about the plug
mailing list