This error is caused when the connection inside the firewall is using its outside IP address, which is NOT what irc-conntract/irc-nat expects to see. This error is more commonly seen when a client inside a firewall is attempting to DCC connect to a client outside the firewall, and the client is using the IP address of the outside of the firewall ... how this can be cured in a *server* I'm not sure, not running any of the servers, but with the MIRC client you tell the client to "Use Local IP" rather than "Use IP from Server" (Its been a while...) given that this is a server inside your firewall --- I'd suspect that similar rules for NATting and DENATting the connection exist and you need to tell the server to use its local IP rather than the internet IP address on the outside of the firewall.... Alistair On December 27, 2002 11:55 am, Justin Hammond wrote: > Hi all > > We have a problem on one of our servers. Its running: > > Linux 2.4.17 on a Sparc Box with IPtables 1.2.4 > > The Kernel support for IPtables was compiled into the kernel, not as > loadable modules, and now we have some problems. > > We recently setup a IRC server for a customer, and they came back and > told us that DCC sending was not working for any client connected to > this IRC server. A quick check of the logs revealed: > > Forged DCC command from 218.103.157.103: 1.154.254.169:0 > Forged DCC command from 218.103.157.103: 1.154.254.169:0 > Forged DCC command from 218.103.157.103: 1.154.254.169:0 > Forged DCC command from 218.103.157.103: 1.154.254.169:0 > > > Throughout the entire kernel log. > > (I believe the problem has been fixed in later releases of iptables, so > I'm not after a fix) > > Now here is my problem. The Server is in Sydney, Australia, and I'm in > Singapore, around 8000Miles away, so doing a remote kernel compile and > reboot to remove the contrack_irc module is not something that I fancy. > > I'm wondering if there is a Rule or way that I can disable the contrack > module from operating? > > Thanks :) > > Justin