From owner-freebsd-questions@FreeBSD.ORG Fri Feb 10 22:04:25 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 192A016A4D7 for ; Fri, 10 Feb 2006 22:04:25 +0000 (GMT) (envelope-from wojtek@tensor.3miasto.net) Received: from chylonia.3miasto.net (chylonia.3miasto.net [213.192.74.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4663A43D48 for ; Fri, 10 Feb 2006 22:04:23 +0000 (GMT) (envelope-from wojtek@tensor.3miasto.net) Received: from chylonia.3miasto.net (localhost [127.0.0.1]) by chylonia.3miasto.net (8.13.4/8.13.4) with ESMTP id k1AM4Hfm037537; Fri, 10 Feb 2006 23:04:17 +0100 (CET) (envelope-from wojtek@tensor.3miasto.net) Received: from localhost (wojtek@localhost) by chylonia.3miasto.net (8.13.4/8.13.4/Submit) with ESMTP id k1AM4HmG037534; Fri, 10 Feb 2006 23:04:17 +0100 (CET) (envelope-from wojtek@tensor.3miasto.net) X-Authentication-Warning: chylonia.3miasto.net: wojtek owned process doing -bs Date: Fri, 10 Feb 2006 23:04:17 +0100 (CET) From: Wojciech Puchar X-X-Sender: wojtek@chylonia.3miasto.net To: Chuck Swiger In-Reply-To: <43ECB0DD.1010202@mac.com> Message-ID: <20060210230213.L37334@chylonia.3miasto.net> References: <20060210114512.A25713@chylonia.3miasto.net> <43ECB0DD.1010202@mac.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-questions@freebsd.org Subject: Re: natd & auth requests X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Feb 2006 22:04:25 -0000 >> handled by natd? like answering last byte of source IP number or DNS >> reverse name or maybe from table like oidentd? > > If you're using 1-to-1 NAT forwarding, run identd or the inetd-based version on > the internal hosts you're forwarding to. If you're using NAT to only forward > individual ports to specific machines, or are using NAT for outbound connection > sharing only, well, you can only forward ident requests to a single machine; I > don't know of a better solution. > > Interesting problem... > i use to forward about 200 machines through one IP (+ipfw2 to manage bandwidth). all works fine except no authentication of user is possible. for NetBSD i wrote a simple program (identd replacement) that parsed ipnat -l output and made and answer. but under FreeBSD there is no thing similar to /sbin/ipnat -l with natd. or maybe is? something that will output natd map table.