From owner-freebsd-stable  Sun Dec 12  9: 6:13 1999
Delivered-To: freebsd-stable@freebsd.org
Received: from netcore.fi (netcore.fi [193.94.160.1])
	by hub.freebsd.org (Postfix) with ESMTP id D445A14EAC
	for <freebsd-stable@FreeBSD.ORG>; Sun, 12 Dec 1999 09:06:09 -0800 (PST)
	(envelope-from Pekka.Savola@netcore.fi)
Received: from unf (netcore.fi [193.94.160.1])
	by netcore.fi (8.9.3/8.9.3) with SMTP id TAA17553;
	Sun, 12 Dec 1999 19:04:54 +0200
Message-Id: <3.0.6.32.19991212190534.007ec9b0@netcore.home>
X-Sender: pekkas@netcore.home
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32)
Date: Sun, 12 Dec 1999 19:05:34 +0200
To: John <papalia@UDel.Edu>
From: Pekka Savola <Pekka.Savola@netcore.fi>
Subject: Re: pidentd
Cc: williamsl@home.com, Sheepman <sheepman@mindcrash.com>,
	freebsd-stable@FreeBSD.ORG
In-Reply-To: <4.1.19991212114203.00959100@mail.udel.edu>
References: <3.0.6.32.19991212184024.0097fa70@netcore.home>
 <4.1.19991212111055.009552e0@mail.udel.edu>
 <3.0.6.32.19991212141700.007e2ac0@netcore.home>
 <Pine.BSF.4.10.9912111021230.22332-100000@hemorrhage.mindcr ash.com>
 <7101.991211@Home.Com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>If you're running windows boxen behind your FreeBSD server, then (at least
>I think) the EASIEST way to solve your problem is to run IRC clients on
>yoru windows boxen which contain identd servers to themselves.  This

This is correct, but doesn't help the actual problem because internal boxes
never get those ident requests.

The scenario here is that upon connecting to an irc server, the server asks
from your BSD server's identd who the heck that user is.  FreeBSD's identd
server has no way of knowing that this request should be forwarded to a
NAT'ed windows box X.  So, there will never be an identd request from irc
server to MIRC to respond to.  The working behaviour could probably be
achieves so that the identd server on FreeBSD examined NAT state data and
forwarded requests appropriately (if the server was configured to forward
them - this could be security risk too).

You could, of course, redirect all identd requests coming on your FreeBSD
box to the internal windows box, but this would break the BSD box pretty
badly. (e.g. login timeouts when using FTP) - and there could be only one
computer in your private LAN that'd use ident.

One solution might be to use an appropriate proxy/bouncer in the FreeBSD
box and connect to it using IRC clients, but I wouldn't want to do that.


Pekka Savola			pekkas@netcore.fi
---
Across the nations the stories spread like spiderweb laid upon spiderweb, 
and men and women planned the future, believing they knew truth. They 
planned, and the Pattern absorbed their plans, weaving toward the future
foretold.		-- Robert Jordan: The Path of Daggers


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message