The OpenNET Project / Index page

[ новости/++ | форум | wiki | теги ]

ICQ за FW (icq firewall)


<< Предыдущая ИНДЕКС Поиск в статьях src Установить закладку Перейти на закладку Следующая >>
Ключевые слова: icq, firewall,  (найти похожие документы)
_ RU.CISCO (2:5077/15.22) ___________________________________________ RU.CISCO _ From : Konstantin Yarchuk 2:5020/400 21 Apr 99 09:49:36 Subj : ICQ за FW ________________________________________________________________________________ From: Konstantin Yarchuk <kyar@it.ru> Привет! > А как спрятать ICQ за firewall не используя proxy? И может ли это > дело работать через NAT? Вот FAQ по этому поводу для Firewall-1 (www.phoneboy.com/fw1) Allowing ICQ through the firewall Q: How do I allow ICQ through my firewall? A: ICQ is a program written by Mirabilis, Ltd., and is becoming quite popular. Unfortunately, unless you are using a SOCKS5 proxy server, ICQ is not terribly firewall friendly. You will need to make changes on both the client side and the firewall side. On the firewall, you will need to create two new services: ICQ-UDP (UDP port 4000) ICQ-TCP (Other, see below) Create a service of type other called ICQ-TCP. In the match field, put: tcp, th_dport >= a, th_dport <= b Where a and b are the endpoints for the range of ports you wish to allow. ICQ requires at least 3 TCP ports in a row be opened and recommends 12. On the ICQ client, you will need to specify: 1.Using a non-SOCKS firewall 2.Connections time out after 30 seconds (if you use HIDE address translation) 3.Using UDP port 4000 4.Using TCP ports a through b, as specified above The rulebase will look like the following for either no address translation or static address translation (ICQServers is a group that contains network objects for all known ICQ Servers): Source Destination Service Action InternalNets ICQServers ICQ-UDP Accept Any Any ICQ-TCP Accept If you are using hide translation for your internal users, your rules will look like: Source Destination Service Action InternalNets ICQServers ICQ-UDP Accept InternalNets Any ICQ-TCP Accept Limitations of HIDE mode translation and ICQ: Other users behind a firewall will not be directly accessable. They will only be accessable through the ICQ server. Users may have to initially send messages to you via the ICQ servers (e.g. not directly). Note: The above assumes you have "Accept UDP Replies" checked in Policy->Properties. If this is not true in your case, you can either: Check "Accept UDP Replies" in Policy->Properties Create a service called ICQ-UDP-Reply with port >1023, source port 4000-4000 and add to your rulebase. Kostya. --- ifmail v.2.14dev3 * Origin: Information Technologies Co. (2:5020/400)

<< Предыдущая ИНДЕКС Поиск в статьях src Установить закладку Перейти на закладку Следующая >>

Обсуждение [ RSS ]
 
  • 1, OneROFL, 14:33, 10/09/2009 [ответить] [смотреть все]
  • +/
    Ага UDP:4000....ну ну
     

    Ваш комментарий
    Имя:         
    E-Mail:      
    Заголовок:
    Текст:





      Закладки на сайте
      Проследить за страницей
    Created 1996-2017 by Maxim Chirkov  
    ДобавитьРекламаВебмастеруГИД  
    Hosting by Ihor