reaim(8)

NAME

reaim - Compact transparent proxy server

SYNOPSIS

reaim [-h|--help]

DESCRIPTION

ReAIM is a compact transparent proxy designed to be run on

or behind a Linux IPTables based firewall. When run behind a sim

ple address-translating firewall, the current AIM client software

does not allow direct-connections between users to work. AIM re

quires direct-connections for file and image transfers.

This proxy is designed to transparently intercept AIM

client messages and pass them through a configurable fil

ter/rewrite chain. This allows selective modification of the

source address provided in direct-connection setup packets, and

so remote users can be told to use the global internet routable

address, rather than the actual IP address of the client on the

local network.

The current version supports AIM messaging, file sharing

and MSN file transfer.

OPTIONS

See reaim --help

SETTING UP THE PROXY

Basic Requirements

The proxy is designed to transparently proxy and massage

AIM and MSN messages. To do this, -and still be able to know the

original destination-, I use a Linux 2.4.x kernel on the fire

wall, built with iptables.

Linux 2.4.x with ipchains -does not work-, as the original

destination is not available. Rumour has it that Linux 2.2.x with

ipchains provides a mechanism to retrieve the original destina

tion, but I haven't checked into this yet.

I have put together a basic script to setup firewalling,

with a fair amount of hand-holding checks along the way. It's

available in CVS, and will be included in the fifth release.

Local LAN (eth1) Interface

The proxy expects to receive redirected AIM and MSN mes

sages on ports 5190 and 1863 respectively.

iptables -t nat -A PREROUTING -i eth0 -p tcp

--dport 5190 -j REDIRECT --to-ports 5190
iptables -t nat -A PREROUTING -i eth0 -p tcp

--dport 1863 -j REDIRECT --to-ports 1863

If you have the firewall port restricted, you also need to

allow the redirected connections to be received.

iptables -A INPUT -i eth0 -p tcp --dport 5190 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 1863 -j ACCEPT

External Network (ppp0) Interface

The proxy will massage the redirected AIM and MSN mes

sages, and AIM Share, so that direct connections appear to be

from the external IP address, ports 4443, 1864 and 5566 respec

tively. Note that the AIM ports can be changed in the client, and

if so, this proxy will not currently work. Note also that in

versions 0.6 and later, a port range 40000-40099 should be open,

as this range is used for some AIM transfers.

So, the very basic setup, in addition to your current

ruleset, is to permit connections to these ports.

iptables -A INPUT -i ppp0 -p tcp --dport 4443 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --dport 5566 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --dport 1864 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --dport 40000:40099 -j

ACCEPT

TROUBLESHOOTING

1. Start up with 'reaim -d' and check for obvious error

messages.
2. Check that there are no [FATAL] lines showing listen

ning socket errors. This shows that reaim is listenning for con

nections.
3. Connect to AIM from a machine inside your lan. This

should have [CONN_BH] and [CONN_NB] lines creating and establish

ing connections. This shows your firewall is redirecting cor

rectly.
4. If reaim takes 100% cpu during step 3, it is likely you

have redirected reaim back to itself. Check you can 'telnet lo

gin.oscar.aol.com 5190' from the firewall without reaim running.
5. With reaim running, try a direct connect to a friend

who is not behind a firewall. If this fails, check the incoming

firewall rules are allowing connections as shown above.
6. Try a file transfer, instead of a direct connect.
7. Report a possible bug.

SEE ALSO

iptables(8)

AUTHOR

This manual page was converted from Mark P. Cooke <mark

c@users.sourceforge.net>'s html file, for the Debian GNU/Linux

system (but may be used by others).

REAIM(8)