Provided by: reaim_0.8-4_i386 bug


       reaim - Compact transparent proxy server


       reaim [-h|--help]


       ReAIM  is a compact transparent proxy designed to be run on or behind a
       Linux IPTables based  firewall.  When  run  behind  a  simple  address-
       translating  firewall,  the  current AIM client software does not allow
       direct-connections  between  users  to  work.  AIM   requires   direct-
       connections for file and image transfers.

       This  proxy  is designed to transparently intercept AIM client messages
       and pass them through a configurable filter/rewrite chain. This  allows
       selective  modification  of  the  source  address  provided  in direct-
       connection setup packets, and so remote users can be told  to  use  the
       global  internet routable address, rather than the actual IP address of
       the client on the local network.

       The current version supports AIM messaging, file sharing and  MSN  file


       See reaim --help


   Basic Requirements
       The  proxy  is  designed to transparently proxy and massage AIM and MSN
       messages. To  do  this,  -and  still  be  able  to  know  the  original
       destination-,  I  use  a Linux 2.4.x kernel on the firewall, built with

       Linux 2.4.x with ipchains -does not work-, as the original  destination
       is not available. Rumour has it that Linux 2.2.x with ipchains provides
       a mechanism to retrieve the original destination, but I haven’t checked
       into this yet.

       I  have  put  together a basic script to setup firewalling, with a fair
       amount of hand-holding checks along the way. It’s available in CVS, and
       will be included in the fifth release.

   Local LAN (eth1) Interface
       The  proxy  expects to receive redirected AIM and MSN messages on ports
       5190 and 1863 respectively.

        iptables -t nat -A PREROUTING -i eth0 -p tcp \
                --dport 5190 -j REDIRECT --to-ports 5190
        iptables -t nat -A PREROUTING -i eth0 -p tcp \
                --dport 1863 -j REDIRECT --to-ports 1863

       If you have the firewall port restricted, you also need  to  allow  the
       redirected connections to be received.

        iptables -A INPUT -i eth0 -p tcp --dport 5190 -j ACCEPT
        iptables -A INPUT -i eth0 -p tcp --dport 1863 -j ACCEPT

   External Network (ppp0) Interface
       The  proxy  will  massage  the redirected AIM and MSN messages, and AIM
       Share, so that direct connections appear to be  from  the  external  IP
       address,  ports  4443,  1864  and  5566 respectively. Note that the AIM
       ports can be changed in the client, and if  so,  this  proxy  will  not
       currently work.  Note also that in versions 0.6 and later, a port range
       40000-40099 should be  open,  as  this  range  is  used  for  some  AIM

       So,  the  very  basic setup, in addition to your current ruleset, is to
       permit connections to these ports.

        iptables -A INPUT -i ppp0 -p tcp --dport 4443 -j ACCEPT
        iptables -A INPUT -i ppp0 -p tcp --dport 5566 -j ACCEPT
        iptables -A INPUT -i ppp0 -p tcp --dport 1864 -j ACCEPT
        iptables -A INPUT -i ppp0 -p tcp --dport 40000:40099 -j ACCEPT


       1. Start up with ’reaim -d’ and check for obvious error messages.
       2. Check that there are no  [FATAL]  lines  showing  listenning  socket
       errors.  This shows that reaim is listenning for connections.
       3.  Connect  to  AIM  from a machine inside your lan.  This should have
       [CONN_BH] and [CONN_NB] lines creating  and  establishing  connections.
       This shows your firewall is redirecting correctly.
       4.  If  reaim  takes  100%  cpu  during  step  3, it is likely you have
       redirected   reaim   back   to   itself.    Check   you   can   ’telnet 5190’ from the firewall without reaim running.
       5.  With  reaim  running,  try  a direct connect to a friend who is not
       behind a firewall.  If this fails, check the  incoming  firewall  rules
       are allowing connections as shown above.
       6. Try a file transfer, instead of a direct connect.
       7. Report a possible bug.




       This   manual   page   was   converted   from   Mark  P.  Cooke  <mark->’s html file, for the Debian  GNU/Linux  system
       (but may be used by others).