On Wed, Dec 18, 2002 at 07:35:11AM -0800, Paul Johnson wrote: > Is there a way to allow protocols that may require connections to go > back to the client like ftp, irc and icq to do so while doing IP > Masquerading? I'm open to do this with a 2.2 or 2.4 kernel, either > way works for me.
Yes, there is. iptables has modules for ftp (to support non-passive
mode) and irc (to support dcc, etc). They're called
ipt_{conntrack,nat}_{irc,ftp}, IIRC. There're no ICQ modules, because
a) stateful firewalling mostly obviates the need for this, and b) the
NetFilter folks have a policy that they won't write or support modules
for protocols that don't have at least one working Free client and
server.
-rob
msg20047/pgp00000.pgp
Description: PGP signature
