From owner-freebsd-net Thu Oct 19 2:12:11 2000 Delivered-To: freebsd-net@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 4745D37B4D7 for ; Thu, 19 Oct 2000 02:11:40 -0700 (PDT) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.0/8.11.0) id e9J95BV05285; Thu, 19 Oct 2000 12:05:11 +0300 (EEST) (envelope-from ru) Date: Thu, 19 Oct 2000 12:05:11 +0300 From: Ruslan Ermilov To: Bjarni Runar Einarsson , freebsd-net@FreeBSD.ORG Subject: Re: natd & identd cooperation? Message-ID: <20001019120511.A4555@sunbay.com> Mail-Followup-To: Bjarni Runar Einarsson , freebsd-net@FreeBSD.ORG References: <20001018184017.A1218@klaki.net> <20001019110110.C98924@sunbay.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001019110110.C98924@sunbay.com>; from ru@FreeBSD.ORG on Thu, Oct 19, 2000 at 11:01:10AM +0300 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Oct 19, 2000 at 11:01:10AM +0300, Ruslan Ermilov wrote: > On Wed, Oct 18, 2000 at 06:40:17PM +0000, Bjarni Runar Einarsson wrote: > > Hi all, > > > > I'm a relatively new FreeBSD user, lured from the world of Linux by > > the FreeBSD jails... so far so good. > > > > I'm currently playing with a 4.1.1 box which gives jailed users > > access to the 'net via natd. For those users interested in using > > IRC, the lack of an identd which will correctly either reply on a > > jail-by-jail basis or relay the ident requests back to a jailed > > identd is a bit of a problem. > > > > No, I'm not interested in randomizing the ident replies. :-) > > > > So, my question is, am I overlooking something, or is my only > > option to go ahead and hack up some identd and natd so they will > > communicate with each other? > > > > My current strategy is to use shared-memory tables to get oidentd > > and natd to talk to each other, allowing me to set up both static > > ip<->username mappings and dynamic connection<->user mappings. I > > have a ready-to-use library (UDB) designed for just this sort of > > thing, so this shouldn't take too much effort. > > > > Am I reinventing the wheel here, or is this a worthwhile project? > > Please stop me if someone has already solved this problem! > > > > Please CC: any replies directly to me, since I am not at the moment > > subscribed to this mailing list. > > > I am working on implementing IDENT support for libalias(3) and (as a > consequence) for natd(8). Meanwhile, you can do it with inetd(8) as > follows: > > In /etc/inetd.conf, specify the following string for internal ``auth'': > auth stream tcp nowait root internal auth -d foo > > Then redirect the TCP port 113 to this machine's inetd like this: > natd -redirect_port tcp NAT:auth auth > > If you like, I will let you know when my IDENT patch will be ready. > Following up to myself: the IDENT support for NAT is impossible (or, at least, would be very hard to implement), because IDENT uses TCP as its transport, and we don't know in advance where we should redirect the first (incoming) SYN packet, because ports information is missing from it. Though this is still seems to be possible with T/TCP. -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message