Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 08 Dec 2000 22:49:46 -0700
From:      Wes Peters <wes@softweyr.com>
To:        Matthew Emmerton <matt@gsicomp.on.ca>
Cc:        Mike Nowlin <mike@argos.org>, freebsd-net@FreeBSD.ORG
Subject:   Re: NAT & IRC
Message-ID:  <3A31C7FA.79B0E7E5@softweyr.com>
References:  <Pine.LNX.4.21.0012070322030.21819-100000@jason.argos.org> <000f01c06055$ca376ad0$1200a8c0@gsicomp.on.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
Matthew Emmerton wrote:
> 
> > I'm running a lot of DHCP clients (issued 10.0.0.0/8 addrs) through a FBSD
> > NATD proxy.  It's a pretty basic NAT setup - no keepalives, etc.  (That
> > might(?) be the answer to my problem?)
> >
> > Earlier today, I set up x-chat on one of the clients.  It was able to
> > connect to irc.openprojects.net without any problems, but when I tried to
> > connect to irc.freebsd.org, the server responded with something like
> > "Sorry, you must be running ident to connect.."  Understanding the
> > reasoning for this, what's the solution?
> 
> IRC networks use ident to better track abusers of the IRC network.
> 
> What you need to do is run the ident service on any machine that is going to
> be running IRC, and add the appropriate firewall rules to allow ident
> packets to/from that host.  One point - on a NAT network, I believe it's
> only possible for one "inside" client to be running ident, as the port must
> be forwarded explicitly.  If you want to enable ident for the entire
> network, you could run it on the firewall machine, but that may open up
> certain security holes.

Fools trust ident.

Use an identd that refuses to disclose information about your systems by
returning a random ident string.  If you use a NAT router, run it on the
router.  If not, configure your router to redirect all ident requests to
one machine that has such an ident server running.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A31C7FA.79B0E7E5>