On Sun, 12 Dec 1999, Pekka Savola wrote:
> I encountered the similar problem myself - and asked around for solutions.
> I have come to the conclusion that there are _no_ identd implementations
> for FreeBSD that would support NAT/Masq'ed connections. There are plenty
> of them for Linux, but they seem to use proc filesystem and are of no use..
> Pidentd doesn't support masqed connections. There is patch for it to do
> that, but it is Linux only
> Midentd and Oidentd support masqed connections in Linux, but not in *BSD.
> There are more like these, just check e.g. freshmeat.
> Ident2 doesn't seem to do masqed connections at all
> Cidentd doesn't seem to have been updated since 1996, and there is a nasty
> buffer overflow in it.
> Pekka Savola firstname.lastname@example.org
Hello, my setup is as follows: FreeBSD server running IPFIlter/IPNat on DSL
for my Win98SE workstation. Now, I've modified ident2 server (very very slight,
one line only) to answer for all ident requests, including nat'd connections.
If I irc from FreeBSD, ident2 would give the irc server whatever ident I
choose (.ident file in my home dir) or my real user name, as it should be
doing. But if I irc from the Win98 machine ident2 would give a random ident
reply. That was the best I could do right now, as I still don't know (YET) how
to get ident2 to query IPNat for the current mappings (ipnat -l shows all
current table mappings, and I can theoretically parse through that list to
match the port numbers sent by the irc server), and then turn around and
have ident2 query the mIRC or Xircon client for ident requests to send back to
the irc server. Hopefully someone with more knowledge of IPNat or ipfw
programming could give some pointers. Theoretically the events that happen
1. Irc server sends request (of form 6666, 5125) to FreeBSD ident2
2. ident2 checks user and sees that no one is irc'ing from the FreeBSD box.
3. ident2 then checks IPNat's table mappings to match any current ports
requested by the irc server (don't know how safe this step is...)
4. If it finds the port ident2 would send out a request of it's own to 113 ip
of the mapped ports and query for an ident response.
5. mIRC or whatever irc client is running on the Windows box would reply to the
6. ident2 would take that reply and bounce it to the irc server on the outside.
Hopefully this is understandable. Right now I can get the mapping
(system("ipnat -l")) and parse it (if I run ident2 as root user and keep it from
dropping to a lesser id), but it's all very insecure. And I'm hoping a better
way of interfacing with IPNat, and might work something out when I have more
time on my hands.
This is all preliminary and I don't even know if this would work or not, just
thought I'd toss in my 2 cents and get feedback/help. Please, if this is just a
lame brained idea that you know for certain won't work, don't hesitate to let
me know. d:) Otherwise I would be wasting mine and everyone else's time.
P.S. Oh, and let me know if anyone wants the modified ident2, I have it shar'd
as a port, with the added patch. And yes, one of these days I will remember to
contact the author to let him know how I've mangled his program...
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message