From owner-freebsd-questions Mon Oct 23 0:27:19 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 520D737B479 for ; Mon, 23 Oct 2000 00:27:16 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Mon, 23 Oct 2000 00:25:23 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e9N7Qd404936; Mon, 23 Oct 2000 00:26:39 -0700 (PDT) (envelope-from cjc) Date: Mon, 23 Oct 2000 00:26:39 -0700 From: "Crist J . Clark" To: "gummibear@nettaxi.com" Cc: questions@FreeBSD.ORG Subject: Re: IPFW/NATD: Client problems with Identd for IRC, also Napster Message-ID: <20001023002639.H75251@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <200010230541.WAA02148@mail20.bigmailbox.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200010230541.WAA02148@mail20.bigmailbox.com>; from gummibear@nettaxi.com on Sun, Oct 22, 2000 at 10:41:28PM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [Each of your paragraphs is on a single line. Could you please end your lines at about 72 columns or so. Thanks.] On Sun, Oct 22, 2000 at 10:41:28PM -0700, gummibear@nettaxi.com wrote: > Hello all! > > I just set up a IPFW/NATD box for my internal network (of one windows machine) which is connected to the internet via Mediaone cable service. I've set it up to be an "OPEN" firewall (refer to rc.firewall) for now untill I learn to write my own rule sets. > > To keep it short. It works. I can surf the web and check email, but irc and napster seem to have problems. When connecting to IRC servers using mirc on the Windows machine, I get identd errors which make things very difficult to access efnet, undernet, or dalnet servers. Sure I can use the FreeBSD box to access IRC, but my wife prefers the windows machine. Sounds like ident failures. > My guess is that it's natd or the firewall that is doing something to muck things up with ident. Is there a way around this? How can I fix it so she (my wife) can access IRC via popular Windows IRC clients. I tried doing some web searches to see if others have run across this problem, but didn't find anything that would solve the problem. Surprised you did not find anything. The problem is that the IRC servers are trying to connect to the client machine to do a ident lookup, but they see the firewall as the client. See the inetd(8) manpage to see how to run its builtin ident server. I think a line like, auth stream tcp nowait root internal auth -g -o UNKNOWN -d natter Would do it. > Also, it seems as though she had some troubles with napster. She was able to connect to their servers, but wasn't able to browse the shares of other napster users. Again, I didn't find anything that would help me solve the problem. This may be a similar problem. If anyone tries to connect back to your machine it will fail since they will try to connect to the NAT machine. I don't know if that would break ability to browse other people's stuff or not. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message