transparent ident conntracking?
Thu, 6 Dec 2001 12:11:03 -0500
> -----Original Message-----
> From: firstname.lastname@example.org
> [mailto:email@example.com]On Behalf Of Mario 'BitKoenig'
> Sent: Thursday, December 06, 2001 11:58 AM
> To: Tom Marshall
> Cc: firstname.lastname@example.org
> Subject: Re: transparent ident conntracking?
> On Wed, Dec 05, 2001 at 10:18:08PM -0800, Tom Marshall wrote:
> > There is an ident daemon named pimpd which provides this functionality.
> > http://cats.meow.at/~peter/pimpd.html
> > On Thu, Dec 06, 2001 at 03:24:36AM +0100, Mario 'BitKoenig' Holbe wrote:
> > > is there any solution/anything planned for transparently forwarding
> > > ident/auth (RFC 1413, RFC 931) requests through NAT?
> You didn't understand my intention.
> pimpd - like oidentd, like midentd like a bunch of others does
> the following:
> It runs on the masquerading hosts, accepts connections there,
> looks if requests are for masqueraded connections and forwards
> the request then NON-transparently to the client host via using
> some proprietary protocol.
> This means, you have to use the same identd on the masquerading
> machine and on the client machines, because else they don't
> understand each other.
I know that oidentd and midentd run transparently and pass the ident request
to the NATd machine. It will query the ident server there (any ident) and
pass it back to the original request.
> But if I want to run pidentd on the client machines for example,
> then I have no chance to do this, because it doesn't know anything
> about non-transparently forwarding.
Your identd on the client needs to know nothing about forwarding or anything
else, it is simply replying to the request.
> *axiom* welcher sensorische input bewirkte die output-aktion,
> den irc-chatter mit dem nick "dus" des irc-servers
> mittels eines kills zu verweisen?