From owner-freebsd-net Thu Oct 19 1: 2:24 2000 Delivered-To: freebsd-net@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 18D5E37B4D7 for ; Thu, 19 Oct 2000 01:02:20 -0700 (PDT) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.0/8.11.0) id e9J81AJ01459; Thu, 19 Oct 2000 11:01:10 +0300 (EEST) (envelope-from ru) Date: Thu, 19 Oct 2000 11:01:10 +0300 From: Ruslan Ermilov To: Bjarni Runar Einarsson Cc: freebsd-net@FreeBSD.ORG Subject: Re: natd & identd cooperation? Message-ID: <20001019110110.C98924@sunbay.com> Mail-Followup-To: Bjarni Runar Einarsson , freebsd-net@FreeBSD.ORG References: <20001018184017.A1218@klaki.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001018184017.A1218@klaki.net>; from bre@netverjar.is on Wed, Oct 18, 2000 at 06:40:17PM +0000 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 18, 2000 at 06:40:17PM +0000, Bjarni Runar Einarsson wrote: > Hi all, > > I'm a relatively new FreeBSD user, lured from the world of Linux by > the FreeBSD jails... so far so good. > > I'm currently playing with a 4.1.1 box which gives jailed users > access to the 'net via natd. For those users interested in using > IRC, the lack of an identd which will correctly either reply on a > jail-by-jail basis or relay the ident requests back to a jailed > identd is a bit of a problem. > > No, I'm not interested in randomizing the ident replies. :-) > > So, my question is, am I overlooking something, or is my only > option to go ahead and hack up some identd and natd so they will > communicate with each other? > > My current strategy is to use shared-memory tables to get oidentd > and natd to talk to each other, allowing me to set up both static > ip<->username mappings and dynamic connection<->user mappings. I > have a ready-to-use library (UDB) designed for just this sort of > thing, so this shouldn't take too much effort. > > Am I reinventing the wheel here, or is this a worthwhile project? > Please stop me if someone has already solved this problem! > > Please CC: any replies directly to me, since I am not at the moment > subscribed to this mailing list. > I am working on implementing IDENT support for libalias(3) and (as a consequence) for natd(8). Meanwhile, you can do it with inetd(8) as follows: In /etc/inetd.conf, specify the following string for internal ``auth'': auth stream tcp nowait root internal auth -d foo Then redirect the TCP port 113 to this machine's inetd like this: natd -redirect_port tcp NAT:auth auth If you like, I will let you know when my IDENT patch will be ready. Hope this helps, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message