Hello!

This is how my network looks like:

ADSL-modem (Telia 8/0.8 ) > m0n0wall (http://m0n0.ch/wall/)-computer > switch > all computers

m0n0wall is the gateway which does firewalling/NAT etc etc, it's IP is 192.168.1.100.
The server with psybnc, eggdrops and oidentd has the IP 192.168.1.1 and we can call it amiga.

Port 113 (UDP/TCP) is forwarded to 192.168.1.1.

I've been googling and reading manuals for five (5) hours now and still not got it to work. The problem is that amiga can't seem to send an IDENT response to the IRC-servers, this results in that the clients on the IRC-server gets a tilde in front of the host, for example ~blabla@h28n1fls304o838.telia.com . If I check the syslog this is what happening:


Feb 17 04:03:29 amiga oidentd[17450]: Connection from irc.du.se (130.243.52.250):39717
Feb 17 04:03:29 amiga oidentd[17450]: [irc.du.se] 1613 , 6667 : ERROR : NO-USER

oidentd is run by nobody:nogroup, and I've even chmod 777 all .oidentd.conf files in all HOME-directories. Here's /etc/default/oidentd:


# options to use when starting oidentd as daemon:
# -m lookup masquaraded connections in /etc/oidentd_masq.users
# -f forward requests for masquaraded connections to real host
# -q don't log connections to oidentd
# see oidentd(8) for detailed list
OIDENT_OPTIONS=""

# user / group
OIDENT_USER=nobody
OIDENT_GROUP=nogroup

# Allow the default router to act as an oidentd proxy? (yes/no)
# this is needed behind a masquarading router that runs oidentd -f
# if your identd proxy is not the default router, you have to
# manually specify it via -P
OIDENT_BEHIND_PROXY=no

Then there's /etc/oidentd.conf:


# Configuration for oidentd
# see oidentd.conf(5)
#
default {
default {
allow spoof
allow spoof_all
allow spoof_privport
allow random
allow random_numeric
allow numeric
allow hide
# global { reply "amiga"}
}
}


Last but not least /etc/oidentd_masq.conf:


# oident masquarded connections configuration

# use this file if your host is masquarading connections for several
# hosts and you want to return a reply based on the hostname of
# the originating machine
# by default, such requests are forwarded to the real host.
# you can disable forwarding by removing "-f" from OIDENT_OPTIONS
# in /etc/default/oidentd

# add hosts in the following format, see oidentd_masq.conf(5) for details:
# <ip or host>[/mask] <username> <os>
# <Host>[/<Mask>] <Ident Response> <System Type>


(empty)

... and when you look at the traffic:


/home/fackamato/ tcpdump -i eth1 |grep auth
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
16:15:53.785656 IP wineasy2.se.quakenet.org.57754 > amiga.auth: S 1770643523:1770643523(0) win 65535 <mss 1460,nop,nop,sackOK,nop,wscale 1,nop,nop,timestamp 3595468305 0>
16:15:53.785723 IP amiga.auth > wineasy2.se.quakenet.org.57754: S 933157883:933157883(0) ack 1770643524 win 5792 <mss 1460,sackOK,timestamp 133733695 3595468305,nop,wscale 2>
16:15:53.807484 IP wineasy2.se.quakenet.org.57754 > amiga.auth: . ack 1 win 33304 <nop,nop,timestamp 3595468328 133733695>
16:15:53.833925 IP wineasy2.se.quakenet.org.57754 > amiga.auth: P 1:14(13) ack 1 win 33304 <nop,nop,timestamp 3595468353 133733695>
16:15:53.834031 IP amiga.auth > wineasy2.se.quakenet.org.57754: . ack 14 win 1448 <nop,nop,timestamp 133733743 3595468353>
16:15:53.842394 IP amiga.auth > wineasy2.se.quakenet.org.57754: P 1:32(31) ack 14 win 1448 <nop,nop,timestamp 133733751 3595468353>
16:15:53.843065 IP amiga.auth > wineasy2.se.quakenet.org.57754: F 32:32(0) ack 14 win 1448 <nop,nop,timestamp 133733752 3595468353>
16:15:53.864689 IP wineasy2.se.quakenet.org.57754 > amiga.auth: . ack 33 win 33288 <nop,nop,timestamp 3595468385 133733751>
16:15:53.866378 IP wineasy2.se.quakenet.org.57754 > amiga.auth: F 14:14(0) ack 33 win 33304 <nop,nop,timestamp 3595468386 133733751>
16:15:53.866414 IP amiga.auth > wineasy2.se.quakenet.org.57754: . ack 15 win 1448 <nop,nop,timestamp 133733775 3595468386>

/var/log/syslog

Feb 17 16:15:53 amiga oidentd[31046]: Connection from wineasy2.se.quakenet.org (213.131.131.156):57754
Feb 17 16:15:53 amiga oidentd[31046]: [wineasy2.se.quakenet.org] 1430 , 6667 : ERROR : NO-USER


Anyone got any idea?

I dont know what all that stuff means,
but to mask your ip in irc use /mode $me +x

Hope that helps ;P

I dont know what all that stuff means,
but to mask your ip in irc use /mode $me +x

Hope that helps ;P

Haha. Thanks anyway.

:D

A couple of things, any of which may/may not help. /disclaimer

Remove the #global... line from your /etc/oidentd.conf. That belongs in a ~/oidentd.conf file, even if it is commented out.

Only allow spoof_privport from 127.0.0.1.

Also, remove 'allow random', leave 'allow random_numeric', having both is just silly. :P

As you know, a tilde (~) before your UN indicates a failed IDENT transaction. However, have you checked for the necessary ~/.fakeid or ~/.ispoof (not sure about oidentd, but identd wants ~/.fakeid and psyBNC wants ~/.ispoof, symlink them together)? This will allow IDENT spoofing. You also should seriously consider running this thing in a chroot jail.

Also, thank you for the intelligent post, we need more people that are as 'nitty-gritty' about our systems (not just the hardware) around here.

Also, thank you for the intelligent post, we need more people that are as 'nitty-gritty' about our systems (not just the hardware) around here.


Hehe, no problem, I know what you mean. :)

And I fixed it! It works like a charm now. :D

Glad to hear it! :banana: