From owner-freebsd-net Thu Dec 7 5:54:49 2000 From owner-freebsd-net@FreeBSD.ORG Thu Dec 7 05:54:48 2000 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from xena.gsicomp.on.ca (cr677933-a.ktchnr1.on.wave.home.com [24.43.230.149]) by hub.freebsd.org (Postfix) with ESMTP id 84E1737B400 for ; Thu, 7 Dec 2000 05:54:47 -0800 (PST) Received: from hermes (hermes.gsicomp.on.ca [192.168.0.18]) by xena.gsicomp.on.ca (8.9.3/8.9.3) with SMTP id IAA64739; Thu, 7 Dec 2000 08:54:36 -0500 (EST) (envelope-from matt@gsicomp.on.ca) Message-ID: <000f01c06055$ca376ad0$1200a8c0@gsicomp.on.ca> From: "Matthew Emmerton" To: "Mike Nowlin" , References: Subject: Re: NAT & IRC Date: Thu, 7 Dec 2000 08:58:25 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I'm running a lot of DHCP clients (issued 10.0.0.0/8 addrs) through a FBSD > NATD proxy. It's a pretty basic NAT setup - no keepalives, etc. (That > might(?) be the answer to my problem?) > > Earlier today, I set up x-chat on one of the clients. It was able to > connect to irc.openprojects.net without any problems, but when I tried to > connect to irc.freebsd.org, the server responded with something like > "Sorry, you must be running ident to connect.." Understanding the > reasoning for this, what's the solution? IRC networks use ident to better track abusers of the IRC network. What you need to do is run the ident service on any machine that is going to be running IRC, and add the appropriate firewall rules to allow ident packets to/from that host. One point - on a NAT network, I believe it's only possible for one "inside" client to be running ident, as the port must be forwarded explicitly. If you want to enable ident for the entire network, you could run it on the firewall machine, but that may open up certain security holes. -- Matthew Emmerton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message