Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 12 Jan 1999 17:42:42 +0100 (MET)
From:      Marcin Cieslak <saper@system.pl>
To:        freebsd-hackers@FreeBSD.ORG
Subject:   Re: libalias and ident 
Message-ID:  <Pine.GSO.4.02.9901121734040.23770-100000@tricord.system.pl>
In-Reply-To: <199901120035.AAA60265@keep.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 12 Jan 1999, Brian Somers wrote:

> Having said all that, I think it's still worth investing the time in 
> getting this working (time I haven't got at the moment I'm afraid).  
> It should be made run-time configurable (PacketAliasSetMode()) and 
> should default to disabled.  I believe that a lot of the people that 
> use libalias are people with a small number of internal machines and 
> a small number of people using them.  The ident module should get a 
> good hit rate.

I would also be happy to see another kind of ident ->
not just proxying ident to the machines behind the NAT, but
reporting some string identifying the host being masqueraded.

If an ident query comes for port SPORT, aliasing
code looks up port SPORT and translates them onto the pair
(DPORT, DHOST) where DHOST is the internal host name.

Some users would like to see that ident daemon should
query DHOST on the ident port and return it to the original
sender.

However, I would like also to see another way of handling
ident queries (I guess it's much easier to implement)
returning the predefined string (for example hostname but
not neccesary) uniquely identifying the host behind NAT.
This may be not what the security guys want, but this
would be a handy way of identifying machine for LARTing
purposes for example :)   

We can go further and report something like "user+host"
in the ident response: giving "host" identifying the hidden
machine and "user" resulting from the ident query on that
machine.

I think that all those modes should be configurable, at
least at the compile time.

-- 
                 << Marcin Cieslak // saper@system.pl >>

-----------------------------------------------------------------
SYSTEM Internet Provider                     http://www.system.pl




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.02.9901121734040.23770-100000>