dcc send problem with nat

[r3pek]

I have nat sucefully configured and working working with everything but on thing. The computers that are behing my gw can't dcc send 'cause when the over person accepts the dcc it shows an error that he can't connect o <ip>:<port> (using irssi) the <ip> is correct, is my public ip, but the <port> isn't open in my gateway.
here's my nat configuration:

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

what is the problem?

[Lozzer]

This is basically a limitation of NAT.
The dcc.send is point to point (it doesn't use an intermediate server). If someone initiates a dcc.send to you, they are attempting to connect directly to your machine. However NAT can only translate for outgoing connections, not incoming.
There are a couple of things you may be able to do:
1. you can use dcc.send -g so you initiate the connect, and the remote user can use your TCP connection to do the transfer (problem if they are on a NAT too!)
2. You can set allocate a range of ports for you dcc users, and set set up port forwarding on your NAT gateway for each one. They can then advertise their port. The remote user will have to use -p to initiate the connection.

[neenee]

hm.. i use nat and have the 4990-4994 range
mapped to this machine through my router and
have set those ports + my external ip in irssi.

works fine.

no one has to pass anything when sending to
me.. so i was wondering what the -p is?

[Lozzer]

I was under the impression that thhe original poster wanted to support multiple machine behind the NAT box. In which case they would eitther need some clever proxy software, or to alllocate ports for each machine and forward them separately. -p (for dcc.send) just says which port to use. I'm not familiar with irssi.

[neenee]

ok.