Re: How to disable ip_contrack_irc when its compiled into the kernel?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



	This error is caused when the connection inside the firewall is using 
	its outside IP address, which is NOT what irc-conntract/irc-nat 
	expects to see.  

	This error is more commonly seen when a client inside a firewall is 
attempting to DCC connect to a client outside the firewall, and the client
	is using the IP address of the outside of the firewall  ... how this 
	can be cured in a *server* I'm not sure, not running any of the servers,
	but with the MIRC client you tell the client to "Use Local IP" rather than
	"Use IP from Server" (Its been a while...) given that this is a server 
	inside your firewall --- I'd suspect that similar rules for NATting and
	DENATting the connection exist and you need to tell the server to use
	its local IP rather than the internet IP address on the outside of the
	firewall....

	Alistair


On December 27, 2002 11:55 am, Justin Hammond wrote:
> Hi all
>
> We have a problem on one of our servers. Its running:
>
> Linux 2.4.17 on a Sparc Box with IPtables 1.2.4
>
> The Kernel support for IPtables was compiled into the kernel, not as
> loadable modules, and now we have some problems.
>
> We recently setup a IRC server for a customer, and they came back and
> told us that DCC sending was not working for any client connected to
> this IRC server. A quick check of the logs revealed:
>
> Forged DCC command from 218.103.157.103: 1.154.254.169:0
> Forged DCC command from 218.103.157.103: 1.154.254.169:0
> Forged DCC command from 218.103.157.103: 1.154.254.169:0
> Forged DCC command from 218.103.157.103: 1.154.254.169:0
>
>
> Throughout the entire kernel log.
>
> (I believe the problem has been fixed in later releases of iptables, so
> I'm not after a fix)
>
> Now here is my problem. The Server is in Sydney, Australia, and I'm in
> Singapore, around 8000Miles away, so doing a remote kernel compile and
> reboot to remove the contrack_irc module is not something that I fancy.
>
> I'm wondering if there is a Rule or way that I can disable the contrack
> module from operating?
>
> Thanks :)
>
> Justin



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux