old-www/HOWTO/IP-Masquerade-HOWTO/icq.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML
><HEAD
><TITLE
>Mirabilis ICQ </TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Linux IP Masquerade HOWTO"
HREF="index.html"><LINK
REL="UP"
TITLE="Other IP Masquerade Issues and Software Support "
HREF="ipmasq-support-portfw-and-stronger-rulesets.html"><LINK
REL="PREVIOUS"
TITLE="CU-SeeMe and Linux IP-Masquerade"
HREF="cuseeme.html"><LINK
REL="NEXT"
TITLE="Gamers:  The LooseUDP patch"
HREF="looseudp.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Linux IP Masquerade HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="cuseeme.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 6. Other IP Masquerade Issues and Software Support</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="looseudp.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="ICQ"
></A
>6.9. Mirabilis ICQ</H1
><P
>ICQ, the instant messaging client now owned by AOL, has changed over the
years.  All modern ICQ clients are NAT friendly and thus DON'T require
any special NAT modules, PORTFW tricks, etc.</P
><P
>IF, for some reason, you want to run an OLD ICQ client, you can read this
section.  If not, just IGNORE all this info.   I am leaving this in the
HOWTO demonstrate large a LARGE PORTFW example.</P
><P
>There are three methods of getting ICQ to work behind a Linux MASQ server.  
These solutions include the use the ICQ Masq module (for 2.2.x and 2.0.x 
kernels), using IPPORTFW for basic ICQ functionality, or setting up a SOCKS 
proxy server.  </P
><P
>MODULE:  The ICQ module was written for the older generation of ICQ clients
for both the 2.2.x and 2.0.x kernels.  This module allows for the simple 
setup of multiple ICQ users behind a MASQ server.  It also doesn't require any 
special changes to the ICQ client(s).  Recently, AOL changed the protocol and
ports used for ICQ.  Because of this, many users might find that the
ip_masq_icq module will no longer help them.  For users of the older ICQ 
clients, the 2.2.x version of the module supports file transfer and 
read-time chat.  The 2.0.x kernel module doesn't support file transfers 
and there is no module available for the 2.4.x kernels.</P
><P
>PORTFW: Your next option is to use port forwarding.  With port forwarding, 
basic ICQ chat will work but file transfers might not be very reliable.  Please 
see below for an example of how to configure ICQ PORTFW.</P
><P
>SOCKS:  Finally, your last and possibly best option is to setup a SOCKS proxy 
server on your Linux machine.  This service can happily co-exist with the MASQ 
service and ICQ should be fully functional regardless of what Linux kernel 
version you are running.  The use of a SOCKS server will require ALL ICQ
clients to be reconfigured to use it and the installation and configuration
of a SOCKS server has nothing to do with IP Masquerade.  Because of this,
SOCKS is not covered in this HOWTO.</P
><P
>If you are interested in Andrew Deryabin's <A
HREF="mailto:djsf@usa.net"
TARGET="_top"
>djsf@usa.net</A
> ICQ IP Masq module for the 2.2.x and 2.0.x kernels,  
please see <A
HREF="kernel-2.2.x-requirements.html"
>Section 2.7</A
> for details.</P
><P
>To use port forwarding (PORFW)for ICQ,  you will have to make some changes on 
both Linux and ICQ clients but all ICQ messaging, URLs, chat, and some file 
transfers should work.</P
><P
></P
><UL
><LI
><P
>     First, you need to be running a Linux kernel with IPPPORTFW enabled.  
     Please see <A
HREF="forwarders.html"
>Section 6.7</A
>for more details.
   </P
></LI
><LI
><P
>     Next, you need to add the following lines to your /etc/rc.d/rc.firewall-* 
     file.  This example assumes that 10.1.2.3 is your external Internet IP 
     address and your internal MASQed ICQ machine is 192.168.0.10:
   </P
></LI
><LI
><P
>     The following example is for a 2.2.x kernel with IPCHAINS:
    </P
><P
>     I have included two examples here for the user:  Either one would work
     fine:
    </P
><P
>     Example #1
     <TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2000 -R 192.168.0.10 2000
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2001 -R 192.168.0.10 2001
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2002 -R 192.168.0.10 2002
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2003 -R 192.168.0.10 2003
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2004 -R 192.168.0.10 2004
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2005 -R 192.168.0.10 2005
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2006 -R 192.168.0.10 2006
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2007 -R 192.168.0.10 2007
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2008 -R 192.168.0.10 2008
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2009 -R 192.168.0.10 2009
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2010 -R 192.168.0.10 2010
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2011 -R 192.168.0.10 2011
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2012 -R 192.168.0.10 2012
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2013 -R 192.168.0.10 2013
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2014 -R 192.168.0.10 2014
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2015 -R 192.168.0.10 2015
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2016 -R 192.168.0.10 2016
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2017 -R 192.168.0.10 2017
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2018 -R 192.168.0.10 2018
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2019 -R 192.168.0.10 2019
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2020 -R 192.168.0.10 2020
     </PRE
></FONT
></TD
></TR
></TABLE
>
     Example #2
     <TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>port=2000
while [ $port -le 2020 ]
  do
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 $port -R 192.168.0.10 $port
    port=$((port+1))
done
     </PRE
></FONT
></TD
></TR
></TABLE
>
    </P
></LI
><LI
><P
>     The following example is for a 2.0.x kernel with IPFWADM:
    </P
><P
>     I have included two examples here for the user:  Either one would work
     fine:
    </P
><P
>     Example #1
     <TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>/usr/local/sbin/ipportfw -A -t10.1.2.3/2000 -R 192.168.0.10/2000
/usr/local/sbin/ipportfw -A -t10.1.2.3/2001 -R 192.168.0.10/2001
/usr/local/sbin/ipportfw -A -t10.1.2.3/2002 -R 192.168.0.10/2002
/usr/local/sbin/ipportfw -A -t10.1.2.3/2003 -R 192.168.0.10/2003
/usr/local/sbin/ipportfw -A -t10.1.2.3/2004 -R 192.168.0.10/2004
/usr/local/sbin/ipportfw -A -t10.1.2.3/2005 -R 192.168.0.10/2005
/usr/local/sbin/ipportfw -A -t10.1.2.3/2006 -R 192.168.0.10/2006
/usr/local/sbin/ipportfw -A -t10.1.2.3/2007 -R 192.168.0.10/2007
/usr/local/sbin/ipportfw -A -t10.1.2.3/2008 -R 192.168.0.10/2008
/usr/local/sbin/ipportfw -A -t10.1.2.3/2009 -R 192.168.0.10/2009
/usr/local/sbin/ipportfw -A -t10.1.2.3/2010 -R 192.168.0.10/2010
/usr/local/sbin/ipportfw -A -t10.1.2.3/2011 -R 192.168.0.10/2011
/usr/local/sbin/ipportfw -A -t10.1.2.3/2012 -R 192.168.0.10/2012
/usr/local/sbin/ipportfw -A -t10.1.2.3/2013 -R 192.168.0.10/2013
/usr/local/sbin/ipportfw -A -t10.1.2.3/2014 -R 192.168.0.10/2014
/usr/local/sbin/ipportfw -A -t10.1.2.3/2015 -R 192.168.0.10/2015
/usr/local/sbin/ipportfw -A -t10.1.2.3/2016 -R 192.168.0.10/2016
/usr/local/sbin/ipportfw -A -t10.1.2.3/2017 -R 192.168.0.10/2017
/usr/local/sbin/ipportfw -A -t10.1.2.3/2018 -R 192.168.0.10/2018
/usr/local/sbin/ipportfw -A -t10.1.2.3/2019 -R 192.168.0.10/2019
/usr/local/sbin/ipportfw -A -t10.1.2.3/2020 -R 192.168.0.10/2020
     </PRE
></FONT
></TD
></TR
></TABLE
>
    </P
><P
>     Example #2
     <TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>port=2000
while [ $port -le 2020 ]
  do
    /usr/local/sbin/ipportfw -A t10.1.2.3/$port -R 192.168.0.10/$port
    port=$((port+1))
done
     </PRE
></FONT
></TD
></TR
></TABLE
>
    </P
></LI
><LI
><P
>    Once your new rc.firewall-* is ready, reload the ruleset to make sure things 
    are OK by simply typing in "/etc/rc.d/rc.firewall-*".  If you get any errors, 
    you either don't have IPPORTFW support in the kernel or you made a typo in 
    the rc.firewall file.
   </P
></LI
><LI
><P
>    Now, in ICQ's Preferences--&#62;Connection, configure it to be "Behind a 
    LAN" and "Behind a firewall or Proxy".  Now, click on "Firewall Settings" 
    and configure it to be "I don't use a SOCK5 proxy".  Also note that it was 
    previously recommended to change ICQ's "Firewall session timeouts" to "30" 
    seconds BUT many users have found that ICQ becomes unreliable.  It has been 
    found that ICQ is more reliable with its stock timeout setting (don't 
    enable that ICQ option) and simply change MASQ's timeout to 160 seconds.  
    You can see how to change this timeout in <A
HREF="firewall-examples.html#RC.FIREWALL-IPFWADM"
>Section 3.4.3</A
> 
    and <A
HREF="firewall-examples.html#RC.FIREWALL-IPCHAINS"
>Section 3.4.2</A
> rulesets.  Finally, click on Next 
    and configure ICQ to "Use the following TCP listen ports.." from "2000" to 
    "2020".  Now click done.
   </P
><P
>    Now ICQ will tell you that you will have to restart ICQ for the changes to 
    take effect.  To be honest, I had to REBOOT the Windows9x machine in order 
    for things to work right but some users might say otherwise.  So.. try it 
    both ways.
   </P
></LI
><LI
><P
>    A user once told me that by simply portforwarding port 4000 to his ICQ 
    machine, it worked perfectly. He reported that EVERYTHING worked fine (even 
    chat, file transfers, etc) WITHOUT re-configuring ICQ from its default 
    settings.  Your mileage might vary on this topic but I thought you might 
    like to hear about this alternative configuration.
   </P
></LI
></UL
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="cuseeme.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="looseudp.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>CU-SeeMe and Linux IP-Masquerade</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="ipmasq-support-portfw-and-stronger-rulesets.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Gamers:  The LooseUDP patch</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>