From owner-freebsd-questions Fri Oct 20 15:42:11 2000 Delivered-To: freebsd-questions@freebsd.org Received: from static.unixfreak.org (static.unixfreak.org [63.198.170.139]) by hub.freebsd.org (Postfix) with ESMTP id 9FD0D37B479 for ; Fri, 20 Oct 2000 15:42:07 -0700 (PDT) Received: by static.unixfreak.org (Postfix, from userid 1000) id C53961F28; Fri, 20 Oct 2000 15:15:37 -0700 (PDT) Subject: Re: IRC/oidentd problem In-Reply-To: "from doomstar@doomstar.com at Oct 20, 2000 10:47:56 am" To: doomstar@doomstar.com Date: Fri, 20 Oct 2000 15:15:37 -0700 (PDT) Cc: questions@freebsd.org From: Dima Dorfman Reply-To: dima@unixfreak.org X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <20001020221537.C53961F28@static.unixfreak.org> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Hi, Please wrap your lines at ~72 characters. > I have a FreeBSD4.1 box set up as a firewall/natd/dhcpd box. I > have a windows box behind this firewall. I can get online and use > the internet from the windows box but I cannot connect to IRC > servers. They all say I'm not authorized. I installed the oidentd > package and thought I set it up according to the man page, restarted > inetd with kill -HUP [pid] but its still not working. I even created Correct. I don't know anything about oidentd, but unless it has provisions to do this exact thing for you, it won't work. Basically, identd works by taking a local and remote port as input, and giving back the name of the user to which the process which is talking on those ports belongs to. Since your IRC client is running on a host behind NAT, no process--and hence, no user--is associated with the ports. This causes identd to return NO-USER, and the IRC servers to complain. The real solution would probably be to somehow identify ident requests which are for other hosts, and have nat forward those requests approriatly. Until somebody implements that, there is a workaround. Some time ago, when I had the same problem, I wrote a patch for pidentd to, instead of replying with a NO-USER, reply with a default user name. Here's a comment from my web site: This patch adds a feature to pidentd-2.8.5 which sends back a default username if one was not found for that particular query. I'm pretty sure this breaks the RFC (I never bothered to read it), but I can't see any real harm. I wrote this when I wanted computers behind a network address translation gateway to have a valid ident response (mainly to be able to get onto EFnet). If you're okay with this solution (don't mind the possible RFC breakage and don't mind that one username will be returned for any host behind NAT) you're welcome to try it out. You can get the patch at: 'http://users.unixfreak.org/~dima/files/pidentd-2.8.5+defuser.diff'. Another solution would be not to use IRC servers which require ident to be running. This is probably preferred, but is not always possible. Hope this helps -- Dima Dorfman Finger dima@unixfreak.org for my public PGP key. You have the right to remain silent. Anything you say can and will be misquoted, then used against you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message