File transfer and firewall

[zero0w]

Hi,

 

I am using GAIM 0.62, I found that I can receive files on AIM but cannot send files, is there any firewall setting I need to tweak to make it working? btw, I am using shorewall.

[mtweidmann]

I spent ages playing with the setting for my firewall only to find it was the firewall in our ADSL router blocking it. Something worth checking if all else fails.

[MottS]

Background:

When you send a file, you act for a moment like a server. Exactly like if you would run an FTP server.. you would have to open port 21 so that others can connect to your server and download files.

 

So there are two steps so that you can send files with AIM

 

1) Find the port(s) on which the server is listening for connections when you send a file. I don't have AIM and never used it. Google a bit for that.. For MSN for instance, I had to open ports 6891 to 6900 to send files

 

2)Tweak the Shorewall config files to open the port(s) you just found. We have a FAQ here on this forum for that. Look here:

 

http://www.mandrakeusers.org/viewtopic.php?t=4731

 

MOttS

[Michel]

When I've time, I'll surely will search for another solution, brcause I don't wantr to set open my ports..for example, before someone can recieve a file, you have to agree with it, so you get a request ......, but I don't like to open my port, so I'll search and hopefully find a solution

[Michel]

I'm not an expert, but I have a proposal....for this problem...hopefullt soemone can evaluate any security risks, or if it would work(haven't tested it yet):

 

For others do get files from you:

 

forward connections from the net from the specific ports from msn-filtransfer (think 6891-6900) to the ports for incoming messages for msn(I think this port is known). This connection will teh only be accepted if the msn port-for messages was first opened...

 

What do you think is this right?

[Michel]

no, this doesn't work...is ofcourse lsitening on another port

[MottS]

Michel, I really don't understand why you are afraid to open 9 ports (6891 to 6900). Come on .. there is no service running there except when you actually send the file. So while you just chit-chat with someone, the ports are actually CLOSED (not FILTERED however .. this is your complain right?). This is not like if SMB is running (then listening for connections) and ports 137 to 139 are opened in the firewall. That situation is dangerous because first, the ports are opened for connection and second a service is listening on those ports waiting for connections. The MSN 'service' ONLY runs when you try to send a file. In the mean time the 'service' is stopped. So even if someone tries to hack you, he will get 'Connection CLOSED'.

 

Did you ever hear of someone being hacked on port 80 (httpd) from port 6891? If yes then my theory is just bullshit and I will look for a solution ;-)

 

Don't worry man !

 

MOttS

[Michel]

ok, your right, you convinced me, but I'll still try to search on it, when I have time....Like I said before, (although there possibly more important things....which I also try to learn about..), I like to learn about security and make a system as safe as possible....(although, liek I also said before....my system isn't secure at all:), I'm not running any servers either, so I'm not really a target:))....

 

Security Freak :D :D :D :D

[MottS]

hey, zero0w

 

I searched a bit about AIM on the net but didn't find anything other than that:

 

http://www.aol.com/aim/faq/filetransfer.html

 

However, you may be able to get around the problem by entering a certain port number in AIM's File Transfer preferences.  

 

Once you entered the port number, enter the same number in the Shorewall config file.

 

If you find something else, let us know!

 

MOttS