Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 20 Oct 2000 14:03:47 +0000
From:      Bjarni Runar Einarsson <bre@netverjar.is>
To:        freebsd-net@FreeBSD.ORG
Subject:   Re: natd & identd cooperation?  (and identd + jails)
Message-ID:  <20001020140347.A25546@klaki.net>
In-Reply-To: <20001019120511.A4555@sunbay.com>; from Ruslan Ermilov on Thu, Oct 19, 2000 at 12:05:11PM %2B0300
References:  <20001018184017.A1218@klaki.net> <20001019110110.C98924@sunbay.com> <20001019120511.A4555@sunbay.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 2000-10-19, 12:05:11 (+0300) Ruslan Ermilov wrote:
> > I am working on implementing IDENT support for libalias(3) and (as a
> > consequence) for natd(8).  Meanwhile, you can do it with inetd(8) as
> > follows:

I took a stab at the problem, and have implemented primitive support
within libalias for cooperation with oidentd.  

The implementation uses my UDB library
(http://bre.klaki.net/programs/udb/), which allows the libalias app.
and the ident server to share a table of ip<->user and
connection<->user or connection<->connection mappings. The ident
protocol doesn't by default allow user-land forwarding of connections
(machine A can't request info about connections between B and C), but
adding support for forwarded requests to an ident daemon is
relatively easy.

All in all, it works reasonably well - should I clean it up and share?

While hacking I found out that all this effort was not quite
necessary for a jailed environment like mine - an unmodified oidentd
appears to ident connections correctly already, as long as natd is
instructed to use the same ports.  Using my libalias/UDB/oidentd hack
is only useful because it adds the option of assigning a single user
name to a whole jail.

-- 
Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
 bre@netverjar.is              -><-             http://bre.klaki.net/

Netverjar gegn ruslpósti: http://www.netverjar.is/baratta/ruslpostur/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001020140347.A25546>