ICQ after firewall (IPFW) (FreeBSD as a gateway to the internet)

ICQ after firewall (IPFW) (FreeBSD as a gateway to the internet)

Post by Willem » Mon, 29 Jan 2001 10:01:40



Hello Everybody,

I guess this must have been asked too many times already, however i could
not find the information suitable for me. Therefore the question again:

I made a FreeBSD 4.1 box, which is my gateway to the cable modem internet at
my house. Everything is working great except two things that won't work.
Napster and ICQ do not work anymore. I do not receive any files etc... from
ICQ, and Napster does not work at all anymore.

Could anybody help me and explain me which are the IPFW rules that I could
insert to enable this traffic. (Or could anybody give me the rules for just
forwarding all the packets, since I do not really need a "secure" setting)

Thanks in advance,

Pascal Willemssen

 
 
 

ICQ after firewall (IPFW) (FreeBSD as a gateway to the internet)

Post by Joe Use » Mon, 29 Jan 2001 14:05:05


I have a similar setup.  However, I don't use ipfw so you may not be able to
use my advice.  I just run natd on my firewall, and have it forward the
ports I need to my main machine.

Here's an excerpt from my /etc/rc.conf:

gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="ep0"
natd_flags="-redirect_port tcp 10.0.0.10:6699 6699 \
        -redirect_port tcp 10.0.0.10:113 113"

The interesting entry is the last one.  The firewall forwards incoming
connections on ports 6699 and 113 to my main box, which is 10.0.0.10 on my
internal network.  Napster defaults to use port 6699, but you can tell it to
use a different one if you'd rather.  At least the official windows client..
if you're using another client, I'm not sure what your options are.  The
windows napster client _will_ run behind a firewall, just set the port to 0
in the sharing preferences.  (In that case, though, you won't be able to get
files from anyone else who is also behind a firewall.)  113 is for identd,
which I chose to run on my machine rather than the firewall.

I don't know offhand what ports ICQ uses, but you can forward as many ports
as you want in the manner outlined above (assuming you're using natd...)

HTH

John Nielsen


Quote:> Hello Everybody,

> I guess this must have been asked too many times already, however i could
> not find the information suitable for me. Therefore the question again:

> I made a FreeBSD 4.1 box, which is my gateway to the cable modem internet
at
> my house. Everything is working great except two things that won't work.
> Napster and ICQ do not work anymore. I do not receive any files etc...
from
> ICQ, and Napster does not work at all anymore.

> Could anybody help me and explain me which are the IPFW rules that I could
> insert to enable this traffic. (Or could anybody give me the rules for
just
> forwarding all the packets, since I do not really need a "secure" setting)

> Thanks in advance,

> Pascal Willemssen


 
 
 

ICQ after firewall (IPFW) (FreeBSD as a gateway to the internet)

Post by Volker Sto » Mon, 29 Jan 2001 20:05:49



Quote:

>I made a FreeBSD 4.1 box, which is my gateway to the cable modem internet at
>my house. Everything is working great except two things that won't work.
>Napster and ICQ do not work anymore. I do not receive any files etc... from
>ICQ, and Napster does not work at all anymore.

If you have more than one machine behind the gateway, you might want to
consider installing /usr/ports/net/socks5/.
--
\usepackage[latin1]{inputenc}!

 
 
 

ICQ after firewall (IPFW) (FreeBSD as a gateway to the internet)

Post by Aaron Wallac » Tue, 30 Jan 2001 06:33:57


I have my setup the same.  Here's my rules for ICQ:

add pass udp from ${icq}:255.255.0.0 4000 to any
add pass tcp from any to any 4000

where ${icq} is 205.188.0.0

for napster:
add pass tcp from any to any 6699 setup

of course this leaves your ports 4000 and 6699 wide open...  make sure napster
is configured to use port 6699 (some are 6688).

Also, on napster.. since my IP behind the firewall is masquaraded, I think this
causes a problem for people trying to get songs from me on napster.  It will say
my computer is not configured properly.  I don't know if the firewall / aliasing
is the problem or not, but I can at least download songs.

--
Aaron.


> Hello Everybody,

> I guess this must have been asked too many times already, however i could
> not find the information suitable for me. Therefore the question again:

> I made a FreeBSD 4.1 box, which is my gateway to the cable modem internet at
> my house. Everything is working great except two things that won't work.
> Napster and ICQ do not work anymore. I do not receive any files etc... from
> ICQ, and Napster does not work at all anymore.

> Could anybody help me and explain me which are the IPFW rules that I could
> insert to enable this traffic. (Or could anybody give me the rules for just
> forwarding all the packets, since I do not really need a "secure" setting)

> Thanks in advance,

> Pascal Willemssen

 
 
 

1. ipfw/natd settings for home network connected to cable internet via FreeBSD gateway?

(please correct me if I'm wrong)

natd should take care of this.  What natd does is remap port numbers, so
it is impossible for an outside machine to access your internal network
(this breaks some things, i.e., RTSP Quicktime Streaming, active mode
FTP, some SNMP).  Take this diagram.

internal port out 80 in 1000  <----> natd port out 80 in 1024 <---> www
server port out 1024 in 80

  When your internal opens a TCP connection to the www server, it flows
over the natd box.  natd then transparently remashes the connection to
come from another port on its self, but remembers that when packets flow
in this port, they should be regurgitated on the internal network on the
port your machine is using.  It will not open connections the other way
around since it has no way of knowing where to put the packets (packet
forwarders??).

But its a good idea to secure the natd machine, if someone breaks into
that, then they get on the internal network.

Yann

--

--------------------------------------------------------------------

Atrus Trivalie Productions      www.redshift.com/~yramin
Monterey High IT                www.montereyhigh.com
ICQ                             46805627
AIM                             oddatrus
Marina, CA

IRM Developer                   Network Toaster Developer
SNTS Developer                  * Developer

"All cats die.  Socrates is dead.  Therefore Socrates is a cat."
        - The Logician
--------------------------------------------------------------------

2. AIX Installation problems for newbie

3. ipfw firewall script for ADSL gateway

4. Red Hat 5.1 CD v. download

5. Why ICQ can connected to Internet even behind a firewall?

6. Java!

7. FreeBSD ipfw/natd firewall & IRIX problems

8. Sendmail to become a commercial product

9. Looking for a firewall/ipfw tutorial for freebsd

10. Internet Gateway/Firewall Question

11. ICQ SKIN, ICQ FRIENDS, ICQ FUN.....

12. firewall/internet gateway

13. Using Linux or OS/2 as Internet Gateway/Firewall