The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 ipfw/natd and irc
Author: Simon 
Date:   23-05-00 03:07

I'm just starting learning Freebsd and I managed to install ipfw and natd and now i can connect to the internet with my win2k box throght my freebsd one, I can surf, icq, play unreal tournament etc.. However I still have a few problems with that setup.

IRC on my win2k box wont work because the irc servers try to connect to an identd server on my end, I think mirc(Windows irc clients) emulates that identd server and everything works when it is connected directly to my cable modem, however when I try it with my ferebsd box, it doesn't work, my guess is that my freebsd box cannot route that packet to my win2k box because it simply doesn't know who should receive it on my little internal network.

I read the ipfw and natd man pages and it didn't help me much, I also read the little article about inetd/irc on this website and it still didn't help me (Yeah I do feel stupid sometimes :) )

So basically I have 2 questions :
1) How can i make it so that all connect requests received from the internet (card ed0) are rerouted to my win2k box(
2) If it works like i think, how am i going to add irc support to all my boxes inside my lille network? (Can't rerout connect requests to all my boxes can i?)

Thank you


Reply To This Message
 RE: ipfw/natd and irc
Author: JTSage 
Date:   24-05-00 04:49

in this situation, you best bet would be to use an IRC proxy. there are some nice ones in the ports collection. One i foudn easy to use is ezbounce. It is in /usr/ports/irc i believe.


Reply To This Message
 RE: ipfw/natd and irc
Author: Simon 
Date:   26-05-00 04:56

I solved my problem and thought i'd share my solution here in case someone else is interested. I tried ezbounce (Thanks JTSage) but it was kind of complicated for my girlfriend to use :) .. So here's how i solved it, please correct me if you see something wrong with my setup :

Most irc servers requires a few things otherwise they kill your connection, things I've noticed so far :

1)you need an identd deamon to reply to the irc server ident request
2)your ident must not be root for security reasons
3)your telnet port must not be accessible by the irc server (Considered as a security flaw)
4)a socks server must not be accessible from the irc server for the same reasons as the telnet port

so to solve all these i did this :
1) Made inetd listen only on my local network(I wanted all my services except identd to be local anyways) by setting my inetd_flags to :
-wW -a <My local network interface ip address>

2) Install a socks5 server i got from, my inetd line for this is :
socks stream tcp nowait nobody /usr/local/bin/socks5 socks5 -i

3) Installed the port ident2 that i start with the following line in my /etc/rc file :
/usr/local/sbin/ident2 -r -d

and from the windows irc clients i set the socks5 firewall and everything works perfectly, the socks5 server might also help me set up some other weird clients in the future..


Reply To This Message
 RE: ipfw/natd and irc
Author: James Housley 
Date:   26-05-00 23:40

The "inetd" daemon on 4.0 and 3.4, IIRC, supports ident. I had problems with this for the longest time until i RTFM carefully, or the feature was added in 4.0.

auth stream tcp nowait root internal auth -d nobody -r -f -n -o other -t 30

The key is "-d nobody", or anybody. From inetd(8):

-d fallback
Instead of returning an error if getting the socket credentials
or looking up the user name fails, return a default fallback user
name to the requesting ident client. This is primarily useful
when running this service on a NAT machine.


Reply To This Message
 RE: ipfw/natd and irc
Author: shad0 
Date:   27-05-00 04:07

ok.. i keep getting this broadcast message when i have natd running

natd[435]: failed to write packet back (host is down)

but the box has a connection and the local boxes have an internet connection. i have no clue what the problem here is

Reply To This Message
 RE: ipfw/natd and irc
Author: Doron Shmaryahu 
Date:   11-06-00 14:12

Hi there,

one quick thing first the error means it cannot pass the ip packet back to the host as it cannot see it. How have you startd natd ie what flags ??

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 

 User Login
 User Name:
 Remember my login:
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum