[Shorewall-users] identd on "clients"

Tom Eastep teastep at shorewall.net
Tue Feb 22 08:03:10 PST 2005


Larry Lobster wrote:
> Hi,
> 
> I use shorewall on my router (internal ip: 192.168.1.4). The router is used
> as a gateway for my lan.
> If I try to access an IRC server from any "client" (for exaples 192.168.1.1)
> I get the message "no identd". I tried the following in my shorewall rules
> config (etc/shorewall/rules), but i doesn't work:
> 
> ACCEPT          net             loc             tcp     113
> 
> Does anyone have any idea?
> 

For identd to work with NAT:

a) Enable identd from the net to the firewall:

	ACCEPT	net	fw	tcp	113

b) Enable identd from the firewall to the local network:

	ACCEPT	fw	loc	tcp	113

c) On the firewall, you need to run an identd that will proxy AUTH
requests, based on the contents of the connection tracking table (I
assume that there are Netfilter-based daemons of this type -- I used to
run one under ipchains).

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key


More information about the Shorewall-users mailing list