transparent ident conntracking?
Mario 'BitKoenig' Holbe
Mario.Holbe@RZ.TU-Ilmenau.DE
Thu, 6 Dec 2001 03:24:36 +0100
Hoi,
is there any solution/anything planned for transparently forwarding
ident/auth (RFC 1413, RFC 931) requests through NAT?
It shouldn't be that big problem to write a conntrack_auth,
which looks through actual NATed connections for a valid
port combination and forwards the packets to the correct host
or drops them to the local host, or am I wrong?
Well - the connection establishment had to be faked to get
the port combination of course, that could be a problem.
It would be something like a CISCO tcp interceptor.
Would such things be possible or impossible by netfilter design?
regards,
Mario
PS: Please CC: me in replies, because I'm not on this list.
--
*axiom* welcher sensorische input bewirkte die output-aktion,
den irc-chatter mit dem nick "dus" des irc-servers
mittels eines kills zu verweisen?