| View previous topic :: View next topic |
| Author |
Message |
zie
Tux's lil' helper
Joined: 26 Sep 2003
Posts: 126
|
 Posted: Mon Mar 22, 2004 5:34 pm Post subject: MSN and NAT |
 |
|
What's the trick to get file transfer to work in MSN messenger behind a NAT server?? I opened port 6891-6900.. but it doesn't help. 
_________________
/etc/init.d/alsasound start
* ALSA driver is already running.
/etc/init.d/alsasound stop
* ERROR: "alsasound" has not yet been started. |
|
| Back to top |
|
 |
Peracles
Tux's lil' helper
Joined: 13 Nov 2003
Posts: 143
Location: Dallas, Texas
|
| Posted: Mon Mar 22, 2004 6:28 pm Post subject: Re: MSN and NAT |
|
|
| zie wrote: | | What's the trick to get file transfer to work in MSN messenger behind a NAT server?? I opened port 6891-6900.. but it doesn't help. |
If u are using iptables, you will need to load the following 2 modules (I load both) or have them compiled into kernel.
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
You need to add the following lines to allow traffic on these ports to your firewall script (iptables based).
# MSN Instant Messenger FTP Ports
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 6891 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 6892 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 6893 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 6894 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 6895 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 6896 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 6897 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 6898 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 6899 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 6900 -j allowed |
|
| Back to top |
|
|
zie
Tux's lil' helper
Joined: 26 Sep 2003
Posts: 126
|
| Posted: Tue Mar 23, 2004 1:46 am Post subject: |
|
|
OK.. this is a newbie question.. but plz don't kill me... how do you check iptables log??
_________________
/etc/init.d/alsasound start
* ALSA driver is already running.
/etc/init.d/alsasound stop
* ERROR: "alsasound" has not yet been started. |
|
| Back to top |
|
|
Peracles
Tux's lil' helper
Joined: 13 Nov 2003
Posts: 143
Location: Dallas, Texas
|
| Posted: Tue Mar 23, 2004 3:13 am Post subject: |
|
|
| zie wrote: | | OK.. this is a newbie question.. but plz don't kill me... how do you check iptables log?? |
"iptables -L -n" will show the rules that are currently being used. The -n option shows IP addresses instead of DNS entries.
Are u using some firewall software (shorewall, firestarter, etc) or did u roll your own iptables script? |
|
| Back to top |
|
|
zie
Tux's lil' helper
Joined: 26 Sep 2003
Posts: 126
|
| Posted: Wed Mar 24, 2004 2:45 am Post subject: |
|
|
Actually I'm using the firewall in my router, and I cannot get file transfer to work in any IM protocol. I just want to know wether it is blocked by my router or my computer firewall. Where can I find the log of packets blocked by iptables?
_________________
/etc/init.d/alsasound start
* ALSA driver is already running.
/etc/init.d/alsasound stop
* ERROR: "alsasound" has not yet been started. |
|
| Back to top |
|
|
Peracles
Tux's lil' helper
Joined: 13 Nov 2003
Posts: 143
Location: Dallas, Texas
|
| Posted: Wed Mar 24, 2004 3:32 am Post subject: |
|
|
| zie wrote: | | Actually I'm using the firewall in my router, and I cannot get file transfer to work in any IM protocol. I just want to know wether it is blocked by my router or my computer firewall. Where can I find the log of packets blocked by iptables? |
You would have to add rules to log the packets being dropped. You basically precede your drop rules with a LOG entry. The following is an example.
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG \
--log-prefix "New not syn:"
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
This will log to your console. You can add filters to your logger to move them off into another file.
EDIT:
Why are you running a firewall on your local machine when there is already a firewall on your router? |
|
| Back to top |
|
|
zie
Tux's lil' helper
Joined: 26 Sep 2003
Posts: 126
|
| Posted: Sat Mar 27, 2004 4:55 am Post subject: |
|
|
Thanks.. I haven't mess with it again.
I'm running firewall on my computer, because... uhm... it is on by default 
_________________
/etc/init.d/alsasound start
* ALSA driver is already running.
/etc/init.d/alsasound stop
* ERROR: "alsasound" has not yet been started. |
|
| Back to top |
|
|
dma
Guru
Joined: 31 Jan 2003
Posts: 437
Location: Charlotte, NC, USA
|
| Posted: Sat Mar 27, 2004 8:10 pm Post subject: |
|
|
Maybe adding UPnP support would make it behave:
linux-igd
(aka net-misc/linux-igd).
| The linux-igd website wrote: | | This project is a deamon that emulates Microsoft's Internet Connection Service (ICS). It implements the UPnP Internet Gateway Device specification (IGD) and allows UPnP aware clients, such as MSN Messenger to work properly from behind a NAT firewall. |
|
|
| Back to top |
|
|
mlsfit138
Guru
Joined: 20 Sep 2003
Posts: 406
Location: Washington
|
| Posted: Sat Mar 27, 2004 11:13 pm Post subject: |
|
|
| zie wrote: | Thanks.. I haven't mess with it again.
I'm running firewall on my computer, because... uhm... it is on by default |
On by default? I guess that this isn't a gentoo install. Gentoo won't install a firewall by default. It doesn't make sense to have 2 firewalls.
Did you forward the ports on both the router and the local firewall? Is your router a hardware router, or another computer? A lot of hardware routers allow you to access their interface via a web browser. Mine is 192.168.1.1.
_________________
"Everytime you justify
another good in you dies"
-Converge, The Saddest Day, Petitioning the Empty Sky |
|
| Back to top |
|
|
Crimson Rider
Guru
Joined: 23 Jun 2003
Posts: 462
Location: Delft, the Netherlands
|
| Posted: Tue May 25, 2004 12:34 pm Post subject: |
|
|
Want to know something funny ?
It suddenly worked just out of the box for me, I am using Jay's IP Tables and a 2.6 kernel, file transfers work perfectly, gonna try the webcam thing later on.
_________________
Code, justify, code - Pitr Dubovich |
|
| Back to top |
|
|
castrik
n00b
Joined: 16 Apr 2004
Posts: 31
|
| Posted: Tue Jun 29, 2004 9:56 am Post subject: |
|
|
| Crimson Rider wrote: | Want to know something funny ?
It suddenly worked just out of the box for me, I am using Jay's IP Tables and a 2.6 kernel, file transfers work perfectly, gonna try the webcam thing later on. |
Any feedback on how the webcam went? |
|
| Back to top |
|
|
Crimson Rider
Guru
Joined: 23 Jun 2003
Posts: 462
Location: Delft, the Netherlands
|
| Posted: Tue Jun 29, 2004 10:07 am Post subject: |
|
|
Worked perfectly as well.
_________________
Code, justify, code - Pitr Dubovich |
|
| Back to top |
|
|
Lacrymology
n00b
Joined: 04 Nov 2004
Posts: 13
Location: Tokyo
|
| Posted: Tue Dec 14, 2004 7:53 am Post subject: |
|
|
what are you using to use the webcam? or did I get it all wrong and you're using your gentoo box as a router and the webcam worked from a windows client?
_________________
Tomas
Far away |
|
| Back to top |
|
|
|
Networking & Security
