[PLUG] icq / firewalls / socks

Darxus on Wed, 12 Apr 2000 03:13:40 -0400 (EDT)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] icq / firewalls / socks

From: Darxus <darxus@op.net>

To: plug@lists.nothinbut.net

Subject: [PLUG] icq / firewalls / socks

Date: Tue, 11 Apr 2000 17:10:28 -0400 (EDT)

Reply-to: plug@lists.nothinbut.net

Sender: plug-admin@lists.nothinbut.net

Have any of you dealt with running ICQ through a firewall ? I've recently resurected our firewall, and one of the results was one of our users can nolonger use ICQ. Apparently in an old incarnation of the access list, incoming port 4000 udp (ICQ) connections were specifically allowed to this particular user's workstation's IP. I consider this bad and unaceptable. But this user happens to be a friend of mine, and I'd like to help her out. There is a web page dedicated to dealing with firewalls & ICQ: http://www.icq.com/firewall/ They have directions for the following situations: I have no firewall. (You don't need any specific configuration). I have no Socks Proxy server I have no Socks Proxy server but I have a range of listening ports I can use I have a Socks4 compatible Firewall I have a Socks5 compatible Firewall "I have no Socks Proxy server" (http://www.icq.com/firewall/nosocks.html) would seem to be the solution. It says during this configuration that "...incoming ports are needed only for communication with other users that are behind a firewall." So that would seem to be further evidence that it should work. But she still was unable to connect. So the other potentially acceptable option is a proxy. I've got several Linux boxes around here, so this is quite doable. But I'm not particularly familiar with any security concerns that might come with proxys (other than allowing access to everyone). It sounds like this somehow allows incoming connections. But I would guess that it would only allow it from incoming connections that the ICQ client had arranged, otherwise how would the incoming connection be made ? Do I want to allow ICQ via proxy ? __________________________________________________________________ PGP fingerprint = 03 5B 9B A0 16 33 91 2F A5 77 BC EE 43 71 98 D4 darxus@op.net / http://www.op.net/~darxus There is no fine line between genius and insanity. ______________________________________________________________________ Philadelphia Linux Users Group - http://plug.nothinbut.net Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce General Discussion - http://lists.nothinbut.net/mail/listinfo/plug

Prev by Date: RE: [PLUG] rh firewall

Next by Date: [PLUG] Ethernet

Previous by thread: Re: [PLUG] rh firewall

Next by thread: [PLUG] Ethernet

Index(es):

Date

Thread