Date: Tue, 12 Jan 1999 17:42:42 +0100 (MET) From: Marcin Cieslak <saper@system.pl> To: freebsd-hackers@FreeBSD.ORG Subject: Re: libalias and ident Message-ID: <Pine.GSO.4.02.9901121734040.23770-100000@tricord.system.pl> In-Reply-To: <199901120035.AAA60265@keep.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 12 Jan 1999, Brian Somers wrote: > Having said all that, I think it's still worth investing the time in > getting this working (time I haven't got at the moment I'm afraid). > It should be made run-time configurable (PacketAliasSetMode()) and > should default to disabled. I believe that a lot of the people that > use libalias are people with a small number of internal machines and > a small number of people using them. The ident module should get a > good hit rate. I would also be happy to see another kind of ident -> not just proxying ident to the machines behind the NAT, but reporting some string identifying the host being masqueraded. If an ident query comes for port SPORT, aliasing code looks up port SPORT and translates them onto the pair (DPORT, DHOST) where DHOST is the internal host name. Some users would like to see that ident daemon should query DHOST on the ident port and return it to the original sender. However, I would like also to see another way of handling ident queries (I guess it's much easier to implement) returning the predefined string (for example hostname but not neccesary) uniquely identifying the host behind NAT. This may be not what the security guys want, but this would be a handy way of identifying machine for LARTing purposes for example :) We can go further and report something like "user+host" in the ident response: giving "host" identifying the hidden machine and "user" resulting from the ident query on that machine. I think that all those modes should be configurable, at least at the compile time. -- << Marcin Cieslak // saper@system.pl >> ----------------------------------------------------------------- SYSTEM Internet Provider http://www.system.pl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.02.9901121734040.23770-100000>