403 lines
11 KiB
HTML
403 lines
11 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Mirabilis ICQ </TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="Linux IP Masquerade HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Other IP Masquerade Issues and Software Support "
|
|
HREF="ipmasq-support-portfw-and-stronger-rulesets.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="CU-SeeMe and Linux IP-Masquerade"
|
|
HREF="cuseeme.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Gamers: The LooseUDP patch"
|
|
HREF="looseudp.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Linux IP Masquerade HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="cuseeme.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 6. Other IP Masquerade Issues and Software Support</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="looseudp.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="ICQ"
|
|
></A
|
|
>6.9. Mirabilis ICQ</H1
|
|
><P
|
|
>ICQ, the instant messaging client now owned by AOL, has changed over the
|
|
years. All modern ICQ clients are NAT friendly and thus DON'T require
|
|
any special NAT modules, PORTFW tricks, etc.</P
|
|
><P
|
|
>IF, for some reason, you want to run an OLD ICQ client, you can read this
|
|
section. If not, just IGNORE all this info. I am leaving this in the
|
|
HOWTO demonstrate large a LARGE PORTFW example.</P
|
|
><P
|
|
>There are three methods of getting ICQ to work behind a Linux MASQ server.
|
|
These solutions include the use the ICQ Masq module (for 2.2.x and 2.0.x
|
|
kernels), using IPPORTFW for basic ICQ functionality, or setting up a SOCKS
|
|
proxy server. </P
|
|
><P
|
|
>MODULE: The ICQ module was written for the older generation of ICQ clients
|
|
for both the 2.2.x and 2.0.x kernels. This module allows for the simple
|
|
setup of multiple ICQ users behind a MASQ server. It also doesn't require any
|
|
special changes to the ICQ client(s). Recently, AOL changed the protocol and
|
|
ports used for ICQ. Because of this, many users might find that the
|
|
ip_masq_icq module will no longer help them. For users of the older ICQ
|
|
clients, the 2.2.x version of the module supports file transfer and
|
|
read-time chat. The 2.0.x kernel module doesn't support file transfers
|
|
and there is no module available for the 2.4.x kernels.</P
|
|
><P
|
|
>PORTFW: Your next option is to use port forwarding. With port forwarding,
|
|
basic ICQ chat will work but file transfers might not be very reliable. Please
|
|
see below for an example of how to configure ICQ PORTFW.</P
|
|
><P
|
|
>SOCKS: Finally, your last and possibly best option is to setup a SOCKS proxy
|
|
server on your Linux machine. This service can happily co-exist with the MASQ
|
|
service and ICQ should be fully functional regardless of what Linux kernel
|
|
version you are running. The use of a SOCKS server will require ALL ICQ
|
|
clients to be reconfigured to use it and the installation and configuration
|
|
of a SOCKS server has nothing to do with IP Masquerade. Because of this,
|
|
SOCKS is not covered in this HOWTO.</P
|
|
><P
|
|
>If you are interested in Andrew Deryabin's <A
|
|
HREF="mailto:djsf@usa.net"
|
|
TARGET="_top"
|
|
>djsf@usa.net</A
|
|
> ICQ IP Masq module for the 2.2.x and 2.0.x kernels,
|
|
please see <A
|
|
HREF="kernel-2.2.x-requirements.html"
|
|
>Section 2.7</A
|
|
> for details.</P
|
|
><P
|
|
>To use port forwarding (PORFW)for ICQ, you will have to make some changes on
|
|
both Linux and ICQ clients but all ICQ messaging, URLs, chat, and some file
|
|
transfers should work.</P
|
|
><P
|
|
></P
|
|
><UL
|
|
><LI
|
|
><P
|
|
> First, you need to be running a Linux kernel with IPPPORTFW enabled.
|
|
Please see <A
|
|
HREF="forwarders.html"
|
|
>Section 6.7</A
|
|
>for more details.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Next, you need to add the following lines to your /etc/rc.d/rc.firewall-*
|
|
file. This example assumes that 10.1.2.3 is your external Internet IP
|
|
address and your internal MASQed ICQ machine is 192.168.0.10:
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> The following example is for a 2.2.x kernel with IPCHAINS:
|
|
</P
|
|
><P
|
|
> I have included two examples here for the user: Either one would work
|
|
fine:
|
|
</P
|
|
><P
|
|
> Example #1
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2000 -R 192.168.0.10 2000
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2001 -R 192.168.0.10 2001
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2002 -R 192.168.0.10 2002
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2003 -R 192.168.0.10 2003
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2004 -R 192.168.0.10 2004
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2005 -R 192.168.0.10 2005
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2006 -R 192.168.0.10 2006
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2007 -R 192.168.0.10 2007
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2008 -R 192.168.0.10 2008
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2009 -R 192.168.0.10 2009
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2010 -R 192.168.0.10 2010
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2011 -R 192.168.0.10 2011
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2012 -R 192.168.0.10 2012
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2013 -R 192.168.0.10 2013
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2014 -R 192.168.0.10 2014
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2015 -R 192.168.0.10 2015
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2016 -R 192.168.0.10 2016
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2017 -R 192.168.0.10 2017
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2018 -R 192.168.0.10 2018
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2019 -R 192.168.0.10 2019
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2020 -R 192.168.0.10 2020
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
Example #2
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>port=2000
|
|
while [ $port -le 2020 ]
|
|
do
|
|
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 $port -R 192.168.0.10 $port
|
|
port=$((port+1))
|
|
done
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> The following example is for a 2.0.x kernel with IPFWADM:
|
|
</P
|
|
><P
|
|
> I have included two examples here for the user: Either one would work
|
|
fine:
|
|
</P
|
|
><P
|
|
> Example #1
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>/usr/local/sbin/ipportfw -A -t10.1.2.3/2000 -R 192.168.0.10/2000
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2001 -R 192.168.0.10/2001
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2002 -R 192.168.0.10/2002
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2003 -R 192.168.0.10/2003
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2004 -R 192.168.0.10/2004
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2005 -R 192.168.0.10/2005
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2006 -R 192.168.0.10/2006
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2007 -R 192.168.0.10/2007
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2008 -R 192.168.0.10/2008
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2009 -R 192.168.0.10/2009
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2010 -R 192.168.0.10/2010
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2011 -R 192.168.0.10/2011
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2012 -R 192.168.0.10/2012
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2013 -R 192.168.0.10/2013
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2014 -R 192.168.0.10/2014
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2015 -R 192.168.0.10/2015
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2016 -R 192.168.0.10/2016
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2017 -R 192.168.0.10/2017
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2018 -R 192.168.0.10/2018
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2019 -R 192.168.0.10/2019
|
|
/usr/local/sbin/ipportfw -A -t10.1.2.3/2020 -R 192.168.0.10/2020
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
</P
|
|
><P
|
|
> Example #2
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="90%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>port=2000
|
|
while [ $port -le 2020 ]
|
|
do
|
|
/usr/local/sbin/ipportfw -A t10.1.2.3/$port -R 192.168.0.10/$port
|
|
port=$((port+1))
|
|
done
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Once your new rc.firewall-* is ready, reload the ruleset to make sure things
|
|
are OK by simply typing in "/etc/rc.d/rc.firewall-*". If you get any errors,
|
|
you either don't have IPPORTFW support in the kernel or you made a typo in
|
|
the rc.firewall file.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Now, in ICQ's Preferences-->Connection, configure it to be "Behind a
|
|
LAN" and "Behind a firewall or Proxy". Now, click on "Firewall Settings"
|
|
and configure it to be "I don't use a SOCK5 proxy". Also note that it was
|
|
previously recommended to change ICQ's "Firewall session timeouts" to "30"
|
|
seconds BUT many users have found that ICQ becomes unreliable. It has been
|
|
found that ICQ is more reliable with its stock timeout setting (don't
|
|
enable that ICQ option) and simply change MASQ's timeout to 160 seconds.
|
|
You can see how to change this timeout in <A
|
|
HREF="firewall-examples.html#RC.FIREWALL-IPFWADM"
|
|
>Section 3.4.3</A
|
|
>
|
|
and <A
|
|
HREF="firewall-examples.html#RC.FIREWALL-IPCHAINS"
|
|
>Section 3.4.2</A
|
|
> rulesets. Finally, click on Next
|
|
and configure ICQ to "Use the following TCP listen ports.." from "2000" to
|
|
"2020". Now click done.
|
|
</P
|
|
><P
|
|
> Now ICQ will tell you that you will have to restart ICQ for the changes to
|
|
take effect. To be honest, I had to REBOOT the Windows9x machine in order
|
|
for things to work right but some users might say otherwise. So.. try it
|
|
both ways.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> A user once told me that by simply portforwarding port 4000 to his ICQ
|
|
machine, it worked perfectly. He reported that EVERYTHING worked fine (even
|
|
chat, file transfers, etc) WITHOUT re-configuring ICQ from its default
|
|
settings. Your mileage might vary on this topic but I thought you might
|
|
like to hear about this alternative configuration.
|
|
</P
|
|
></LI
|
|
></UL
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="cuseeme.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="looseudp.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>CU-SeeMe and Linux IP-Masquerade</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="ipmasq-support-portfw-and-stronger-rulesets.html"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Gamers: The LooseUDP patch</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |