[Shorewall-users] identd on "clients"
teastep at shorewall.net
Tue Feb 22 08:03:10 PST 2005
Larry Lobster wrote:
> I use shorewall on my router (internal ip: 192.168.1.4). The router is used
> as a gateway for my lan.
> If I try to access an IRC server from any "client" (for exaples 192.168.1.1)
> I get the message "no identd". I tried the following in my shorewall rules
> config (etc/shorewall/rules), but i doesn't work:
> ACCEPT net loc tcp 113
> Does anyone have any idea?
For identd to work with NAT:
a) Enable identd from the net to the firewall:
ACCEPT net fw tcp 113
b) Enable identd from the firewall to the local network:
ACCEPT fw loc tcp 113
c) On the firewall, you need to run an identd that will proxy AUTH
requests, based on the contents of the connection tracking table (I
assume that there are Netfilter-based daemons of this type -- I used to
run one under ipchains).
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
More information about the Shorewall-users