DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 19th June 2014
bryn1u bryn1u is offline
Port Guard
 
Join Date: May 2009
Posts: 15
Thanked 0 Times in 0 Posts
Default Cannot redirect oidentd port 113 to jail

Hey everyone, i have a problem with redirection of oident port 113 to jail. I want to share irssi for users but they connect without static ident. For example "~user@host" instead "users@host". Whey try from host, works vell. Where could be problem ?

My /etc/pf.conf

Code:
IP_PUB="178.xxx.xxx.xxx"
IP_JAIL="192.168.0.1"
NET_JAIL="192.168.0.0/24"
PORT_JAIL="{80,31337,6667,113,12345}"

################ Translation 
### NAT and Redirection rules are first match ###

 nat pass on em0 from $NET_JAIL to any -> $IP_PUB
 rdr pass on em0 proto tcp from any to $IP_PUB port $PORT_JAIL -> $IP_JAIL
Thanks for all advices.
Reply With Quote
  #2   (View Single Post)  
Old 19th June 2014
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,148
Thanked 182 Times in 149 Posts
Default

I am not sure whether the following is applicable to your setup

In a thread on the official FreeBSD forums, the problem was that the connection was initiated locally and not remotely. A local test connection did not work, but doing ir remotely worked. See https://forums.freebsd.org/viewtopic.php?&t=32139

But I don't understand why you need identd to work. When I was using irssi, I used to block incoming port 113 requests and instructed pf to send a TCP reset as answer. That way the IRC server knew that identd was not enabled.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 21st June 2014
bryn1u bryn1u is offline
Port Guard
 
Join Date: May 2009
Posts: 15
Thanked 0 Times in 0 Posts
Default

hey,

I need it becouse looks better :P People can change idents and irc servers impose restrictions of limit connections if u connect with "~".
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
redirect outgoing http petter OpenBSD Security 8 25th March 2013 04:56 PM
Jail How To: sharris FreeBSD General 4 18th May 2011 02:10 AM
VNC and sound redirect DNAeon FreeBSD Ports and Packages 2 16th September 2009 07:52 PM
Redirect Internal Network to Internal Website plexter OpenBSD Security 12 12th February 2009 08:00 PM
Getting around Jail IP Adresses starbuck FreeBSD Security 8 9th August 2008 01:15 AM


All times are GMT. The time now is 06:49 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick