PDA

Bekijk de volledige versie : Ident deamon on the wl500g



MiRaCL
30-03-2005, 02:00
Hello

Is it possible to run a ident deamon on the wl500g?

miracl

tomilius
30-03-2005, 03:34
Hmm... don't see why it wouldn't be possible... What a neat idea--but not really. Security risk. I think it's possible already with ipkg, maybe.

Most people just use port triggering though.
Trigger Ports 6667:6677?
A guide said to use 6660:7000 but if you use torrents perhaps you see the risk
Incoming 113
TCP

You may need to expand that port range

Oleg
30-03-2005, 07:33
Hello

Is it possible to run a ident deamon on the wl500g?

miracl
Why do you need this?

MiRaCL
31-03-2005, 02:48
Why i need this?

Well,not the ident is limited to one pc via the 113 port.

I use irc,and with ident i can have more connections to the same irc server + other people here can use ident in irc.

Oleg
31-03-2005, 07:12
It seems to me, that you need to run ident on your PC then and forward ports to it, as running it at the wl500g does not make any sense, except then you run irc client on the wl500g itself.

Mr.EoniX
06-05-2005, 07:24
I would like to open up this thread again - and push this a little further to actually make an identd available in the unslung packages.

The reason why I think there is still an importense, is because im running a working proxy on my WL500G Deluxe - and since im not positioned at the same computer all the time (school, work, traveling) - I am not able to ident all of the time from all of theese location when im connecting via the proxy.

But if the WL500G Deluxe had a way to ident all ident requests for me when it gets an ident request - this would solve all of my irc, companytransfer and securityproblems.

I was searching around for a little simple ident deamon, and I found slidentd -

http://www.uncarved.com/slidentd/

will it be posible to port this, and to make it available as an unslung package ?

I hope this will inspire some bright heads at this forum to try and get a working identd for WL500G Deluxe.

EoniX

phedny
06-05-2005, 08:19
It seems to me, that you need to run ident on your PC then and forward ports to it, as running it at the wl500g does not make any sense, except then you run irc client on the wl500g itself.

If you're using a good identd on your PC, this shouldn't work :)
Short introduction to the ident protocol:

The protocol allows remote systems to request what user is controlling a certain TCP-connection. Since TCP-connections are identified by (local-ip, remote-ip, local-port, remote-port), this is the information a systems sends when requesting ident.

Now, NAT is the problem. For example, an IRC server might request ident for a connection from itself to external IP x.x.x.x, while the identd on your PC recognizes the connection on internal IP 192.168.x.x, so it won't respond on the request!

As for delays introduced when connecting to IRC or FTP servers (or possible also other servers), that check ident before fully accepting the connection, it is enough to add a firewall rule to REJECT any connection to TCP port 113. This way, instead of silently ignoring the packets and the remote end waiting for a timeout, the router replies with a message saying the port is closed, so the remote end knows there is no identd on our system.

If however, you really want ident on your router, there are two possibilities. Either find a program that always replies the same username (as identd's in certain IRC clients does) or use oidentd, which can forward and translate ident requests on a NAT router.

See http://freshmeat.net/projects/oidentd/ for details.