From owner-freebsd-net Fri Dec 8 21:46:24 2000 From owner-freebsd-net@FreeBSD.ORG Fri Dec 8 21:46:23 2000 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id 6E2E137B400 for ; Fri, 8 Dec 2000 21:46:22 -0800 (PST) Received: from [127.0.0.1] (helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 144ctG-0000Br-00; Fri, 08 Dec 2000 22:49:46 -0700 Sender: wes@FreeBSD.ORG Message-ID: <3A31C7FA.79B0E7E5@softweyr.com> Date: Fri, 08 Dec 2000 22:49:46 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Matthew Emmerton Cc: Mike Nowlin , freebsd-net@FreeBSD.ORG Subject: Re: NAT & IRC References: <000f01c06055$ca376ad0$1200a8c0@gsicomp.on.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Matthew Emmerton wrote: > > > I'm running a lot of DHCP clients (issued 10.0.0.0/8 addrs) through a FBSD > > NATD proxy. It's a pretty basic NAT setup - no keepalives, etc. (That > > might(?) be the answer to my problem?) > > > > Earlier today, I set up x-chat on one of the clients. It was able to > > connect to irc.openprojects.net without any problems, but when I tried to > > connect to irc.freebsd.org, the server responded with something like > > "Sorry, you must be running ident to connect.." Understanding the > > reasoning for this, what's the solution? > > IRC networks use ident to better track abusers of the IRC network. > > What you need to do is run the ident service on any machine that is going to > be running IRC, and add the appropriate firewall rules to allow ident > packets to/from that host. One point - on a NAT network, I believe it's > only possible for one "inside" client to be running ident, as the port must > be forwarded explicitly. If you want to enable ident for the entire > network, you could run it on the firewall machine, but that may open up > certain security holes. Fools trust ident. Use an identd that refuses to disclose information about your systems by returning a random ident string. If you use a NAT router, run it on the router. If not, configure your router to redirect all ident requests to one machine that has such an ident server running. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message