From owner-freebsd-questions Thu Oct 21 0:19: 9 1999 Delivered-To: freebsd-questions@freebsd.org Received: from toy.chip-web.com (adsl-63-195-43-50.dsl.snfc21.pacbell.net [63.195.43.50]) by hub.freebsd.org (Postfix) with SMTP id 5DC5714C02 for ; Thu, 21 Oct 1999 00:19:06 -0700 (PDT) (envelope-from ludwigp@bigfoot.com) Received: (qmail 48198 invoked from network); 21 Oct 1999 07:19:06 -0000 Received: from toy.chip-web.com (HELO bigfoot.com) (@172.16.1.30) by toy.chip-web.com with SMTP; 21 Oct 1999 07:19:06 -0000 Message-ID: <380EBE69.B82E96A9@bigfoot.com> Date: Thu, 21 Oct 1999 00:19:05 -0700 From: Ludwig Pummer X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: michaels@inet.no Cc: freebsd-questions@freebsd.org Subject: Re: Problems with ICQ via NAT References: <19991017103504.19549.qmail@bastesen.inet.no> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG michaels@inet.no wrote: > > > Your redirect_port solution doesn't work if you're trying to communicate > > with someone else behind a firewall. I've tried. ICQ seems to refuse to > > even try. So I installed a SOCK5 Proxy. I had great success with Dante > > v1.1.0-pre2 (http://www.inet.no/dante). Unfortunately, the 1.1.0 final > > release version is worse with ICQ than NEC's socks5 proxy was. If anyone > > wants 1.1.0-pre2, I can stick it on an FTP server. > > That's strange. Are you sure you did not just forget to change > your rulefile (sockd.conf) when going to 1.1? The announcement for > 1.1 included this: > *** Incompatible changes compared to the previous release: > - The addition of the "udpreply" command means you have to > modify your existing server configfile to allow udppackets > "back in" if you are allowing udppackets. > > It was also mentioned in the NEWS file, but unfortunately not > emphasized at all there: > o new command for socks-rules added: "udpreply". This is analogous to > the "bindreply" command and replaces the old way of saying what > addresses udppacket "replies" shall be allowed from. > > If something else is the problem, we'll try to fix it if someone > lets us know. > > (I don't read this list so cc is in order for any reply.) Sorry I've been slow to reply. I didn't update my configuration file, but that's because I didn't do any kind of command limit, for example, the block and pass sections of my config file: ----- client pass { from: 172.16.0.0/16 to: 0.0.0.0/0 log: connect error } client block { from: 0.0.0.0/0 to: 0.0.0.0/0 log: connect error } block { from: 0.0.0.0/0 to: 127.0.0.1/8 log: connect error } pass { from: 0.0.0.0/0 to: 0.0.0.0/0 log: connect error } ----- No one on the inside network knows how to do anything evil with SOCKS5, so I didn't limit which SOCKS5 commands are allowed. The log file didn't look any different between 1.1.0 and 1.1.0-pre2, but I suppose I could increase the log: statements to aid with debugging or change whatever in my config file you suggest. We should probably take this off the mailing list until a resolution is reached. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message