Quick (probably an RTFM) quesiton on IP Masq. and ICQ.

[Derek Martin]

On Wed, 15 Dec 1999, Brian J. Conway wrote:

> right, bleh), I got everything masquerading, and ICQ was working after
> loading only the compiled modules from the kernel.  Needless to say, I
> was suprised and relieved to not have to go searching for seperate
> packages.  I dunno if my experience was unique, but just wanted to throw
> out my $0.02. 

Sure, but did you try having someone send files to you through ICQ?  Most
features do work, but that and a few other, lesser used features don't
work very well, because they try to connect directly to your client.  
They end up trying to connect to a port on the firewall (since as far as
the ICQ server and their client is concerned, that's where your client
is), and since there wasn't an initial connection from inside, there's no
masquerade.

Strangely though, I have been able to receive files on a few rare
occasions, but I don't really have any explanation as to why.  Another
thing is, if I recall correctly, ICQ uses random UDP ports, so you have to
leave all the UDP ports open.  I don't run any services on my firewall on
user UDP ports, so in theory this should be fairly secure, but it still
makes me nervous.

-- 
Derek D. Martin
Senior UNIX Systems/Network Administrator
Arris Interactive
derek.martin at ne.arris-i.com

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).