[Firehol-support] Need help setting up a service definition for znc

Simon Szustkowski mail at simonszu.de
Tue Jan 27 14:46:42 GMT 2015

Hi Costa,

thank you very much for your help. 

I have checked the log file, but it seems that the only packets which
are blocked are some ICMP packets. 
So i investigated further, and made the following discoveries:

Since the znc acts as a server on port 31337 and as a client on the
"real" IRC ports, the error has to be on the client side. So i enabled
"client all accept" in the interface definition, and
"client_znc_ports="any"" in the service definition (just for testing).
After executing 'firehol start', znc was able to connect to the IRC
But the funny thing is: After a restart of znc it wasn't able to
connect anymore. I needed to alter the client port definition in the
service definition again, this time to "default" and execute 'firehol
start' again, while znc was running, to get a new connection to the IRC
I reproduced it, and it was every time the same. znc wasn't able to
connect to the IRC networks directly after start, but only after
applying firehol while znc was already running. 
I don't know, but shouldn't every client running on the firewalled
machine be able to connect to the internet, since i allowed every
client connection in firehol? In this case, znc acts as a normal IRC
client, connecting to the networks. 

Of course, i loaded both modules with proper port definitions. 

...hmm. I have tested IRC client connections from the firewalled
machine with the help of irssi. Works like a charm. So i don't really
know why my current firewall configuration works for znc acting as a
server, but not as a client, but for irssi as a client, and why znc
needs the workaround of firing 'firehol start' before it can work as a

So i'm stuck as before. Sorry.

Yours, Simon

More information about the Firehol-support mailing list