3 reaim \- Compact transparent proxy server
9 is a compact transparent proxy designed to be run on or behind a Linux
10 IPTables based firewall. When run behind a simple address-translating
11 firewall, the current AIM client software does not allow direct-connections
12 between users to work. AIM requires direct-connections for file and image
15 This proxy is designed to transparently intercept AIM client messages and
16 pass them through a configurable filter/rewrite chain. This allows selective
17 modification of the source address provided in direct-connection setup packets,
18 and so remote users can be told to use the global internet routable address,
19 rather than the actual IP address of the client on the local network.
21 The current version supports AIM messaging, file sharing and MSN file
25 .SH SETTING UP THE PROXY
27 .SS Basic Requirements
28 The proxy is designed to transparently proxy and massage AIM and MSN
29 messages. To do this, -and still be able to know the original destination-,
30 I use a Linux 2.4.x kernel on the firewall, built with iptables.
32 Linux 2.4.x with ipchains -does not work-, as the original destination
33 is not available. Rumour has it that Linux 2.2.x with ipchains provides
34 a mechanism to retrieve the original destination, but I haven't checked
37 I have put together a basic script to setup firewalling, with a fair
38 amount of hand-holding checks along the way. It's available in CVS, and
39 will be included in the fifth release.
40 .SS Local LAN (eth1) Interface
41 The proxy expects to receive redirected AIM and MSN messages on ports 5190
42 and 1863 respectively.
44 iptables -t nat -A PREROUTING -i eth0 -p tcp \\
46 --dport 5190 -j REDIRECT --to-ports 5190
48 iptables -t nat -A PREROUTING -i eth0 -p tcp \\
50 --dport 1863 -j REDIRECT --to-ports 1863
52 If you have the firewall port restricted, you also need to allow the
53 redirected connections to be received.
55 iptables -A INPUT -i eth0 -p tcp --dport 5190 -j ACCEPT
57 iptables -A INPUT -i eth0 -p tcp --dport 1863 -j ACCEPT
58 .SS External Network (ppp0) Interface
59 The proxy will massage the redirected AIM and MSN messages, and AIM Share,
60 so that direct connections appear to be from the external IP address,
61 ports 4443, 1864 and 5566 respectively. Note that the AIM ports can be
62 changed in the client, and if so, this proxy will not currently work.
63 Note also that in versions 0.6 and later, a port range 40000-40099 should
64 be open, as this range is used for some AIM transfers.
66 So, the very basic setup, in addition to your current ruleset, is to
67 permit connections to these ports.
69 iptables -A INPUT -i ppp0 -p tcp --dport 4443 -j ACCEPT
71 iptables -A INPUT -i ppp0 -p tcp --dport 5566 -j ACCEPT
73 iptables -A INPUT -i ppp0 -p tcp --dport 1864 -j ACCEPT
75 iptables -A INPUT -i ppp0 -p tcp --dport 40000:40099 -j ACCEPT
78 1. Start up with 'reaim -d' and check for obvious error messages.
80 2. Check that there are no [FATAL] lines showing listenning socket errors. This shows that reaim is listenning for connections.
82 3. Connect to AIM from a machine inside your lan. This should have [CONN_BH] and [CONN_NB] lines creating and establishing connections. This shows your firewall is redirecting correctly.
84 4. If reaim takes 100% cpu during step 3, it is likely you have redirected reaim back to itself. Check you can 'telnet login.oscar.aol.com 5190' from the firewall without reaim running.
86 5. With reaim running, try a direct connect to a friend who is not behind a firewall. If this fails, check the incoming firewall rules are allowing connections as shown above.
88 6. Try a file transfer, instead of a direct connect.
90 7. Report a possible bug.
95 This manual page was converted from Mark P. Cooke
96 <mark-c@users.sourceforge.net>'s html file, for the Debian GNU/Linux system
97 (but may be used by others).
projects / bcm963xx.git / blob