LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-20-2003, 01:51 PM   #1
aladdin
LQ Newbie
 
Registered: Oct 2003
Posts: 6

Rep: Reputation: 0
Question msn messaging over iptables nat


Hi, I'm trying to get msn instant messaging to work on my home lan, with no success. The setup is:

Gateway pc: dual-boot mandrake9.1/win2k with 2 nics, one connected to the internet with a static ip, the other connected to my own router. There are a number of other pcs connected to the router, sharing the gateway's internet connection. The gateway provides dhcp/nat from either mandrake or windows.

The problem is that msn instant messaging only works using the microsoft client on the gateway pc. It does not work using any linux client on the gateway pc or from any client (windows or linux) on an internal pc.

One major problem is that I can't access the usual msn messaging port (1863?), however the microsoft client seems to get around this, by doing everything over http.

Does anyone know how I can configure some linux client (preferably gaim) to access msn messaging only using http?? Or does anyone know how I can configure nat on the gateway pc, to allow windows clients on internal pcs to access msn?

Any help would be greatly appreciated, this is getting very frustrating.

Thanks in advance.
 
Old 11-20-2003, 02:38 PM   #2
JordanH
Member
 
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360

Rep: Reputation: 30
I'm a little confused... is this how your system is setup

[Internet] --- [Linux/Windows gateway/router] --- [ hardware router ] --- [Clients]

Is your hardware router a hub or a router?
How is your network configured? (In the above diagram, which interfaces have what IPs?)

To answer your question directly, aMSN says it will work via HTTP.
To answer your question indirectly, lets take a look at your network setup and have it run from there. You should be able to run MSN from any client internally.

Regards,
J.
 
Old 11-20-2003, 03:01 PM   #3
fearofcarpet
Member
 
Registered: Nov 2003
Location: Los Angeles
Distribution: Gentoo, FC4, FreeBSD
Posts: 34

Rep: Reputation: 15
You should read up on tunnels. I live behind many firewalls and have managed to tunnel just about every program through every kind of connection. SSH is the best in my opinion, but requires you to have SSH access to off-site boxes.

I'm confused about your setup too... Just a suggestion, with very little effort you can run your firewall, nat, gateway, DHCP, WINS, DNS, ntp etc. off of on tiny linux box (I use a PIII 850 w/128 MB RAM and that is overkill). If you have an old box sitting around (486 will work) you can throw smoothwall on it, or a minimal Debian install (damnsmall linux is an easy one to install) and run all those services with ease. I think this would solve a lot of your problems. With a couple of simple shell scripts you can switch your connections/ports/forwards, whatever all over the place on-the-fly.
 
Old 11-20-2003, 04:57 PM   #4
aladdin
LQ Newbie
 
Registered: Oct 2003
Posts: 6

Original Poster
Rep: Reputation: 0
Thanks for the replies,

To clarify my setup:

[internet]------[isp firewall]------[eth0<my.static.ip.addr> (win/linux 755MHz pIII) eth1<192.168.1.1>]------[hardware router<192.168.1.2>]------[clients 192.168.1.x]

Basically just like you said JordanH (I'm not sure if I've made it any clearer). The hardware router is a linksys WRT55AG wireless access point/router. Also, the static ip address is fixed to my eth0 MAC address so I can't easily reconfigure things.

I'll try amsn and hopefully will be able to get messaging going on the gateway in linux (then I can remove windows completely ). It would be great if I could also get it working on the internal machines though.

I'm thinking the problem is the iptables setup on the gateway, but even with all of the filter chains set to ACCEPT it still doesn't work. Should I be doing something special to the nat table? Or might there be some sort of firewall on the router?? I'll try testing it without the router and just a single client.

Thanks for the advice fearofcarpet, I use ssh tunnelling (with pppd and slirp) to access irc, but I don't have an account anywhere with access to the msn port. If you could suggest somewhere that I could get a reliable shell account I'd really appreciate it.

Al.
 
Old 11-20-2003, 07:27 PM   #5
JordanH
Member
 
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360

Rep: Reputation: 30
Well, your linksys should be working just like a switch since it's not really routing anywhere (all your machines are on the 192.168.1.0/24 network)... so you could be right that there is something with your firewall setup. (BTW, it'll be less confusing for us if you call it a hub/switch instead of a router...)

Try this script. It opens EVERYTHING so it's no firewall, but it might be helpful in tracking the problem or at least eliminating Linux from the equation. (I hope I didn't miss anything)

#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
ext=eth0
# Set policies
$ipt -P INPUT ACCEPT
$ipt -P FORWARD ACCEPT
$ipt -P OUTPUT ACCEPT

# Delete table rules, chains and counters
for table in filter nat mangle
do
$ipt -t $table -F # flush
$ipt -t $table -X # delete
$ipt -t $table -Z # zero
done
$ipt -t nat -A POSTROUTING -o $ext -j MASQUERADE
 
Old 11-20-2003, 07:34 PM   #6
fearofcarpet
Member
 
Registered: Nov 2003
Location: Los Angeles
Distribution: Gentoo, FC4, FreeBSD
Posts: 34

Rep: Reputation: 15
I actually use Anonymizer's services to tunnel the Windows MSN client (and aMSN) through HTTP. Trillian will (theoretically) use HTTP proxies (and it works well with Wine), but I have yet to see that work correctly...

I'm curious, when you say you can't access the usual MSN ports, do you mean your ISP is blocking them? The latest MSN messenger dynamically assigns ports over a huge range and the trick to getting it to work is using --dnat 192.168.1.xxx to get those ports over to the internal machine.
 
Old 11-20-2003, 07:58 PM   #7
JordanH
Member
 
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360

Rep: Reputation: 30
something that we may have not considered... what linux MSN client are you using? If it is aMSN, you need v0_83 or it won't work no matter WHAT your setup.
 
Old 11-21-2003, 09:17 AM   #8
aladdin
LQ Newbie
 
Registered: Oct 2003
Posts: 6

Original Poster
Rep: Reputation: 0
Hi,

I got the latest version of amsn (0.83) and it's working pretty well for internal machines as well as the gateway. I still can't get the microsoft client to work on internal machines but that doesn't bother me too much.

As regards the blocked ports, I'm behind a fairly restrictive firewall so I can't use many ports apart from 'standard ones' ( 21, 22, 23, 80........). I can't even access socks proxies, so really the only option is http tunnelling for alot of apps. I'll soon be getting a better isp (hopefully)

Thanks for all your help guys, I'm sure I'll be back with more questions...

Al.
 
Old 11-21-2003, 10:09 AM   #9
JordanH
Member
 
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360

Rep: Reputation: 30
If it's your firewall, we can help you build a secure firewall that WILL let you safely do stuff like MSN.
 
Old 11-24-2003, 07:01 AM   #10
aladdin
LQ Newbie
 
Registered: Oct 2003
Posts: 6

Original Poster
Rep: Reputation: 0
Thanks for the offer, I don't think it is the firewall because amsn works, it's only the windows client that won't work. At least it's a good reason to get everyone here to start using linux

Al.
 
Old 11-24-2003, 11:32 PM   #11
JordanH
Member
 
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360

Rep: Reputation: 30
No problem...

I hate to admit it but I'm on my Windows MSN client at the moment. they Really do work from behind closed doors - or walls as the case may be.

Good luck with the conversion!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Messaging (for MSN) with sound and webcam video harry_fine Linux - Software 8 09-03-2004 10:31 PM
DCC and MSN File transfer with Firewall NAT WORST Linux - Software 0 03-29-2004 04:11 PM
Using GAIM to access MSN messaging... pdmackenzie Linux - Software 12 03-15-2004 08:02 PM
MSN 6 audio NAT problem pr0fess0r Linux - Networking 1 01-26-2004 03:20 AM
MSN Messenger and iptables NAT exalik Linux - Networking 3 10-06-2003 07:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:07 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration