337 lines
14 KiB
HTML
337 lines
14 KiB
HTML
<!--startcut ======================================================= -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<html>
|
|
<head>
|
|
<META NAME="generator" CONTENT="lgazmail v1.3E.w">
|
|
<TITLE>The Answer Gang 68: File Tranfers with AIM (AOL Instant Messenger)</TITLE>
|
|
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
|
|
LINK="#3366FF" VLINK="#A000A0">
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<P> <hr>
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</p>
|
|
<P> <hr> <P>
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<p align="center">
|
|
<table width="100%" border="0"><tr>
|
|
<td align="right" valign="center"
|
|
><IMG ALT="" SRC="../../gx/navbar/left.jpg"
|
|
WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="middle" border="0"
|
|
><A HREF="..//"
|
|
><IMG SRC="../../gx/navbar/toc.jpg" align="middle"
|
|
ALT="[ Table Of Contents ]" border="0"></A
|
|
><A HREF="../lg_answer68.html"
|
|
><IMG SRC="../../gx/dennis/answertoc.jpg" align="middle"
|
|
ALT="[ Answer Guy Current Index ]" border="0"></A></td>
|
|
<td align="center" valign="center"><A HREF="../lg_answer68.html#greeting"><img align="middle"
|
|
src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A>
|
|
<A HREF="bios.html">bios</A>
|
|
<A HREF="1.html">1</A>
|
|
<A HREF="2.html">2</A>
|
|
<A HREF="3.html">3</A>
|
|
<A HREF="4.html">4</A>
|
|
<A HREF="5.html">5</A>
|
|
<A HREF="6.html">6</A>
|
|
<A HREF="7.html">7</A>
|
|
<A HREF="8.html">8</A>
|
|
<A HREF="9.html">9</A>
|
|
<A HREF="10.html">10</A>
|
|
<A HREF="11.html">11</A>
|
|
<A HREF="12.html">12</A>
|
|
</td>
|
|
<td align="left" valign="center"><A HREF="../../tag/kb.html"
|
|
><IMG SRC="../../gx/dennis/answerpast.jpg" align="middle"
|
|
ALT="[ Index of Past Answers ]" border="0"></A
|
|
><IMG ALT="" SRC="../../gx/navbar/right.jpg" align="middle"
|
|
WIDTH="14" HEIGHT="45" BORDER="0"></td></tr></table>
|
|
</p>
|
|
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<center>
|
|
<H1><A NAME="answer">
|
|
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
|
|
border="0" align="middle">
|
|
<font color="#B03060">The Answer Gang</font>
|
|
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
|
|
border="0" align="middle">
|
|
</A></H1>
|
|
<BR>
|
|
<H4>By Jim Dennis, Ben Okopnik, Dan Wilder, Breen, Chris, and the Gang,
|
|
the Editors of Linux Gazette...
|
|
and You!
|
|
<br>Send questions (or interesting answers) to
|
|
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a>
|
|
</H4>
|
|
<p><em><font color="#990000">There is no guarantee that your questions
|
|
here will <b>ever</b> be answered. Readers at confidential sites
|
|
must provide permission to publish. However, you can be published
|
|
anonymously - just let us know!
|
|
</font></em></p>
|
|
</center>
|
|
|
|
<p><hr><p>
|
|
<!-- endcut ======================================================= -->
|
|
<!-- begin 8 -->
|
|
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
|
|
height="50" width="60" alt="(?) " border="0"
|
|
>File Tranfers with AIM (AOL Instant Messenger)</H3>
|
|
|
|
|
|
<p><strong>From Steve Paugh
|
|
</strong></p>
|
|
<p align="right"><strong>Answered By Jim Dennis
|
|
<br></strong></p>
|
|
<P><STRONG>
|
|
I have a working LRP (linux router project www.linuxrouter.org) box
|
|
and I would like to make file transfers with AOl Instant Messanger
|
|
possible from behind this box to the outside world for my Windows
|
|
clients. I am not sure excately how to do this
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
I've seen something like the below in a different setup that hadn't
|
|
been tested.
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
My understanding is that the 0.0.0.0/0 is for dhcp. but i am not
|
|
sure about the $AIM_HOST
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
Does anyone have any idea on a rule that would allow what I need? I
|
|
am kinda new to firewalling and would appreicate any help you can
|
|
give me.
|
|
</STRONG></P>
|
|
|
|
<pre><strong>$IPCHAINS -A input -s 0.0.0.0/0 -d $IP_EXT/32 5190 -p tcp -j ACCEPT
|
|
if [ "$AIM_HOST" != "firewall" ]; then
|
|
$IPMASQADM portfw -a -P tcp -L $IP_EXT 5190 -R $AIM_HOST 5190
|
|
fi
|
|
</strong></pre>
|
|
<P><STRONG>
|
|
Much thanks,
|
|
<br>Steve Paugh
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [JimD]
|
|
First, I know NOTHING about AIM. I figured out that it is AOL's
|
|
interactive chat system over the Internet; but I don't use it or
|
|
anything like it (though it, ICQ and so many other "instant messaging"
|
|
systems are available). I prefer e-mail and I already spend WAY too
|
|
much time interacting with people via that channel.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
The only "instant messaging" I do for now is "voice over POTS line"
|
|
(or via cell phone). I don't even know how to send SMS messages to
|
|
my phone. (It seems to be a fully WAP capable toy --- but that's another
|
|
gadget that I haven't invested the time to learn).
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
O.K. Now that I've set your expectations properly, you are getting this
|
|
response from a backwoods, curmudgeonly geezer, I'll answer your question.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
In the context of this script fragment 0.0.0.0/0 is an argument to a
|
|
command. Specifically the script is calling on some command whose
|
|
name we can't see because it is stored in a variable named IPCHAINS.
|
|
The shell (the script interpreter) "dereferences" $IPCHAINS as the
|
|
script is run. The $ is a "dereferencing operator" -- it means:
|
|
replace this variable with the variable's current value. All of the
|
|
$XXXX thingies in this fragment are shell variables.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
As you can see shell programmers usually capitalize the names of
|
|
their variables, so they standout and are easier to spot. This is
|
|
merely a convention. In this case the $IPCHAINS and $IPMASQADM
|
|
variables clearly supposed to be holding the full path to the
|
|
ipchains and ipmasqadm utilities. In some other part of this
|
|
script (not shown) or in some parent process that invoked this
|
|
script, there would be some assigment to these variables that
|
|
provided the values for a given system. This allows the programmer
|
|
to localize the system specific code to some point near the top
|
|
of the script so that they can make any necessary changes in a
|
|
single place rather than having to hunt throughout the whole script.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
As an argument to the ipchains command, the -s refers to a
|
|
purported source address <EM>pattern</EM>. In that case 0.0.0.0/0 refers to
|
|
<EM>any</EM> IP address. The -d refers to a destination address pattern,
|
|
$IP_EXT is a variable (which presumably would be set to the IP
|
|
address of our router's external interface, as the name clearly
|
|
implies). The <TT>/32</TT> indicates that this is a full 32-bit IP address,
|
|
that it is NOT a subnet designator; successively smaller values would
|
|
indicate progressively larger networks and subnets based at certain
|
|
special addresses (space doesn't permit a full descripting of subnetting
|
|
and routing; but search the LG archives for a 20 page treatise on that
|
|
topic). The 5190 is a port number; and the -p refers to the
|
|
protocol, which in this case, is TCP (as opposed to UDP, ICMP, etc).
|
|
So this ipchains rule applies to packets which purport to be from
|
|
anywhere, and are destined for TCP port 5190 on the local systems
|
|
external interface.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
The -j in ipchains is a bit confusing. In the man pages and docs
|
|
it refers to "jump" (while processing the sets of rules, if any
|
|
packet matches all of these conditions, "jump" to another set
|
|
of rules to process that set of rules). However, in this case
|
|
we aren't "jumping" to a different chain of rules; we're "just"
|
|
accepting the packet into the system. When I teach people about
|
|
the IP Chains package I teach this concept. -j either means "just"
|
|
and in "just ACCEPT, DENY, REJECT, REDIRECT, MASQ, or RETURN"
|
|
the packet <EM>or</EM> it means "jump" to a user defined (and named)
|
|
chain of rules.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
In our example the -A means to "add" a rule, and the "input"
|
|
argument is naming the chain of rules to which the rule will be
|
|
added. The input chain is one of the pre-defined sets of rules
|
|
that the Linux 2.2.x kernel always has present (if it has the
|
|
ipchains support compiled it at all).
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Oh yeah! I didn't put any of this into context yet. The
|
|
Linux kernel has optional builtin support for packet filtering
|
|
and masquerading. This has undergone numerous changes over the
|
|
years, starting with the ipfw code in 1.3.x, the ipfwadm code in
|
|
2.0.x, and through the ipchains code in 2.2.x and the new net filter
|
|
code (usingn iptables) in 2.4
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
In all of these cases the kernel has a table of rules against which
|
|
it checks every packet that it receives, and/or every one which it
|
|
attempts to send, and/or any packet it intends to forward. (I kept
|
|
saying "and/or" because the exact rules of which rules sets are
|
|
traversed differ from one major kernel release to another --- so
|
|
one packet that may have to traverse the incoming, forwarding, and
|
|
outgoing rulesets in one release and might only need to traverse <EM>one</EM>
|
|
of them in newer kernels; read the appropriate HOWTOs and look at the
|
|
ASCII art diagrams for further enlightenment on this issue if you
|
|
need it).
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
There are various commands: ipfwadm, ipchains, iptables which match
|
|
the major kernel releases and allow the administrator to insert or
|
|
add rules to these kernel tables, to delete or flush the rulesets,
|
|
to query the system and determine how many packets matched a given
|
|
rule, etc.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
It's handy to understand this bit of background. The ipchains
|
|
command here is adding a rule to the kernel's input chain.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
The next command line is a conditional; basically it's saying that
|
|
"if the AIM_HOST is not the firewall" then (it must be some other
|
|
system behind the firewall) so we should use the ipmasqadm command
|
|
to set up a port fowarding rule. We will "add" a rule for TCP
|
|
that will take any packets to our "local" port 5190 on our external
|
|
interface, and we'll forward it to port 5190 on a remote host, whose
|
|
name or address is stored in $AIM_HOST.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Personally I think this is sloppy coding. What if I wanted to
|
|
name my internal AIM_HOST "firewall?" Using a plain word like
|
|
"firewall" as a sentinel value is kind of bogus. Using localhost
|
|
(the canonical name for the local system) would be quite reasonable.
|
|
However, it's a nitpick.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
The last line is simply the Bourne shell way of marking the end of
|
|
an "if ... then ... else" block. It's the word "if" spelled backwards.
|
|
If we were looking at the more complex conditional structure called
|
|
a "case" then we'd find the end of that block by looking for the
|
|
"esac" token. Once upon a time I read about some other programming
|
|
language which was Stephen Bourne's inspiration for using this quirky
|
|
syntax. Thankfully he only did this with conditionals, and we don't
|
|
have to end our "while" loops with "elihw" and our "for" loops with
|
|
"rof" --- even better we don't have to try ending our "do" loops
|
|
with an octal dump.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
[Sorry! Inside joke there. The UNIX od command is an "octal dump"
|
|
utility, so "do" backwards would create an inconvenient token collision].
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Actually the while, until, and for loops (and the odd select prompting
|
|
construct) all use the "do" and "done" tokens to delimit them.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
So, back to your original question: It would appear that you can
|
|
get AOL Instant Messenger to work through your firewall simply by
|
|
relaying traffic for TCP port 5190 to the appropriate system. This
|
|
fragment of shell code gives a rough example of how to do that on a
|
|
Linux 2.2.x system (or later, but using the ipchains support module).
|
|
However, you'll have to fill in the variables as appropriate to your
|
|
system. You can just replace all the $VARIABLE_NAME thingies in this
|
|
example with the literal text that points to your copy of ipchains,
|
|
your copy of the ipmasqadm command, your external IP address, and
|
|
(possibly) the IP address of the internal system where you'd be running
|
|
your IM client.
|
|
</BLOCKQUOTE>
|
|
|
|
<!-- sig -->
|
|
|
|
|
|
<!-- end 8 -->
|
|
<!--startcut ======================================================= -->
|
|
<P> <hr> </p>
|
|
<!-- *** BEGIN copyright *** -->
|
|
<H5 align="center">This page edited and maintained by the Editors
|
|
of <I>Linux Gazette</I>
|
|
<a href="http://www.linuxgazette.com/copying.html"
|
|
>Copyright ©</a> 2001
|
|
<BR>Published in issue 68 of <I>Linux Gazette</I> July 2001</H5>
|
|
<H6 ALIGN="center">HTML script maintained by
|
|
<A HREF="mailto:star@starshine.org">Heather Stern</a> of
|
|
Starshine Technical Services,
|
|
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
|
|
</H6>
|
|
<!-- *** END copyright *** -->
|
|
<P> <hr>
|
|
<P> <hr>
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</p>
|
|
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<p align="center">
|
|
<table width="100%" border="0"><tr>
|
|
<td align="right" valign="center"
|
|
><IMG ALT="" SRC="../../gx/navbar/left.jpg"
|
|
WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="middle" border="0"
|
|
><A HREF="..//"
|
|
><IMG SRC="../../gx/navbar/toc.jpg" align="middle"
|
|
ALT="[ Table Of Contents ]" border="0"></A
|
|
><A HREF="../lg_answer68.html"
|
|
><IMG SRC="../../gx/dennis/answertoc.jpg" align="middle"
|
|
ALT="[ Answer Guy Current Index ]" border="0"></A></td>
|
|
<td align="center" valign="center"><A HREF="../lg_answer68.html#greeting"><img align="middle"
|
|
src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A>
|
|
<A HREF="bios.html">bios</A>
|
|
<A HREF="1.html">1</A>
|
|
<A HREF="2.html">2</A>
|
|
<A HREF="3.html">3</A>
|
|
<A HREF="4.html">4</A>
|
|
<A HREF="5.html">5</A>
|
|
<A HREF="6.html">6</A>
|
|
<A HREF="7.html">7</A>
|
|
<A HREF="8.html">8</A>
|
|
<A HREF="9.html">9</A>
|
|
<A HREF="10.html">10</A>
|
|
<A HREF="11.html">11</A>
|
|
<A HREF="12.html">12</A>
|
|
</td>
|
|
<td align="left" valign="center"><A HREF="../../tag/kb.html"
|
|
><IMG SRC="../../gx/dennis/answerpast.jpg" align="middle"
|
|
ALT="[ Index of Past Answers ]" border="0"></A
|
|
><IMG ALT="" SRC="../../gx/navbar/right.jpg" align="middle"
|
|
WIDTH="14" HEIGHT="45" BORDER="0"></td></tr></table>
|
|
</p>
|
|
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
</BODY></HTML>
|
|
<!--endcut ========================================================= -->
|