Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
11-20-2003, 01:51 PM
|
#1
|
LQ Newbie
Registered: Oct 2003
Posts: 6
Rep:
|
msn messaging over iptables nat
Hi, I'm trying to get msn instant messaging to work on my home lan, with no success. The setup is:
Gateway pc: dual-boot mandrake9.1/win2k with 2 nics, one connected to the internet with a static ip, the other connected to my own router. There are a number of other pcs connected to the router, sharing the gateway's internet connection. The gateway provides dhcp/nat from either mandrake or windows.
The problem is that msn instant messaging only works using the microsoft client on the gateway pc. It does not work using any linux client on the gateway pc or from any client (windows or linux) on an internal pc.
One major problem is that I can't access the usual msn messaging port (1863?), however the microsoft client seems to get around this, by doing everything over http.
Does anyone know how I can configure some linux client (preferably gaim) to access msn messaging only using http?? Or does anyone know how I can configure nat on the gateway pc, to allow windows clients on internal pcs to access msn?
Any help would be greatly appreciated, this is getting very frustrating.
Thanks in advance.
|
|
|
11-20-2003, 02:38 PM
|
#2
|
Member
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360
Rep:
|
I'm a little confused... is this how your system is setup
[Internet] --- [Linux/Windows gateway/router] --- [ hardware router ] --- [Clients]
Is your hardware router a hub or a router?
How is your network configured? (In the above diagram, which interfaces have what IPs?)
To answer your question directly, aMSN says it will work via HTTP.
To answer your question indirectly, lets take a look at your network setup and have it run from there. You should be able to run MSN from any client internally.
Regards,
J.
|
|
|
11-20-2003, 03:01 PM
|
#3
|
Member
Registered: Nov 2003
Location: Los Angeles
Distribution: Gentoo, FC4, FreeBSD
Posts: 34
Rep:
|
You should read up on tunnels. I live behind many firewalls and have managed to tunnel just about every program through every kind of connection. SSH is the best in my opinion, but requires you to have SSH access to off-site boxes.
I'm confused about your setup too... Just a suggestion, with very little effort you can run your firewall, nat, gateway, DHCP, WINS, DNS, ntp etc. off of on tiny linux box (I use a PIII 850 w/128 MB RAM and that is overkill). If you have an old box sitting around (486 will work) you can throw smoothwall on it, or a minimal Debian install (damnsmall linux is an easy one to install) and run all those services with ease. I think this would solve a lot of your problems. With a couple of simple shell scripts you can switch your connections/ports/forwards, whatever all over the place on-the-fly.
|
|
|
11-20-2003, 04:57 PM
|
#4
|
LQ Newbie
Registered: Oct 2003
Posts: 6
Original Poster
Rep:
|
Thanks for the replies,
To clarify my setup:
[internet]------[isp firewall]------[eth0<my.static.ip.addr> (win/linux 755MHz pIII) eth1<192.168.1.1>]------[hardware router<192.168.1.2>]------[clients 192.168.1.x]
Basically just like you said JordanH (I'm not sure if I've made it any clearer). The hardware router is a linksys WRT55AG wireless access point/router. Also, the static ip address is fixed to my eth0 MAC address so I can't easily reconfigure things.
I'll try amsn and hopefully will be able to get messaging going on the gateway in linux (then I can remove windows completely ). It would be great if I could also get it working on the internal machines though.
I'm thinking the problem is the iptables setup on the gateway, but even with all of the filter chains set to ACCEPT it still doesn't work. Should I be doing something special to the nat table? Or might there be some sort of firewall on the router?? I'll try testing it without the router and just a single client.
Thanks for the advice fearofcarpet, I use ssh tunnelling (with pppd and slirp) to access irc, but I don't have an account anywhere with access to the msn port. If you could suggest somewhere that I could get a reliable shell account I'd really appreciate it.
Al.
|
|
|
11-20-2003, 07:27 PM
|
#5
|
Member
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360
Rep:
|
Well, your linksys should be working just like a switch since it's not really routing anywhere (all your machines are on the 192.168.1.0/24 network)... so you could be right that there is something with your firewall setup. (BTW, it'll be less confusing for us if you call it a hub/switch instead of a router...)
Try this script. It opens EVERYTHING so it's no firewall, but it might be helpful in tracking the problem or at least eliminating Linux from the equation. (I hope I didn't miss anything)
#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
ext=eth0
# Set policies
$ipt -P INPUT ACCEPT
$ipt -P FORWARD ACCEPT
$ipt -P OUTPUT ACCEPT
# Delete table rules, chains and counters
for table in filter nat mangle
do
$ipt -t $table -F # flush
$ipt -t $table -X # delete
$ipt -t $table -Z # zero
done
$ipt -t nat -A POSTROUTING -o $ext -j MASQUERADE
|
|
|
11-20-2003, 07:34 PM
|
#6
|
Member
Registered: Nov 2003
Location: Los Angeles
Distribution: Gentoo, FC4, FreeBSD
Posts: 34
Rep:
|
I actually use Anonymizer's services to tunnel the Windows MSN client (and aMSN) through HTTP. Trillian will (theoretically) use HTTP proxies (and it works well with Wine), but I have yet to see that work correctly...
I'm curious, when you say you can't access the usual MSN ports, do you mean your ISP is blocking them? The latest MSN messenger dynamically assigns ports over a huge range and the trick to getting it to work is using --dnat 192.168.1.xxx to get those ports over to the internal machine.
|
|
|
11-20-2003, 07:58 PM
|
#7
|
Member
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360
Rep:
|
something that we may have not considered... what linux MSN client are you using? If it is aMSN, you need v0_83 or it won't work no matter WHAT your setup.
|
|
|
11-21-2003, 09:17 AM
|
#8
|
LQ Newbie
Registered: Oct 2003
Posts: 6
Original Poster
Rep:
|
Hi,
I got the latest version of amsn (0.83) and it's working pretty well for internal machines as well as the gateway. I still can't get the microsoft client to work on internal machines but that doesn't bother me too much.
As regards the blocked ports, I'm behind a fairly restrictive firewall so I can't use many ports apart from 'standard ones' ( 21, 22, 23, 80........). I can't even access socks proxies, so really the only option is http tunnelling for alot of apps. I'll soon be getting a better isp (hopefully)
Thanks for all your help guys, I'm sure I'll be back with more questions...
Al.
|
|
|
11-21-2003, 10:09 AM
|
#9
|
Member
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360
Rep:
|
If it's your firewall, we can help you build a secure firewall that WILL let you safely do stuff like MSN.
|
|
|
11-24-2003, 07:01 AM
|
#10
|
LQ Newbie
Registered: Oct 2003
Posts: 6
Original Poster
Rep:
|
Thanks for the offer, I don't think it is the firewall because amsn works, it's only the windows client that won't work. At least it's a good reason to get everyone here to start using linux
Al.
|
|
|
11-24-2003, 11:32 PM
|
#11
|
Member
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360
Rep:
|
No problem...
I hate to admit it but I'm on my Windows MSN client at the moment. they Really do work from behind closed doors - or walls as the case may be.
Good luck with the conversion!
|
|
|
All times are GMT -5. The time now is 05:07 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|