oidentd_masq.conf(5) File Formats Manual oidentd_masq.conf(5)NAME
oidentd_masq.conf - oidentd IP masquerading/NAT configuration file.
DESCRIPTION
If you are using IP masquerading or NAT, oidentd can optionally return a username for connections from other machines. Support for this is
specified by calling oidentd with the -m (or --masq) flag and by creating an /etc/oidentd_masq.conf file.
oidentd can also forward requests for an IP masqueraded connection to the machine from which connection originates by way of the -f option.
This will only work if the host to which the connection is forwarded is running oidentd with the -P (proxy) flag, or if the host's ident
daemon will return a valid reply regardless of the input supplied by and the address of the host requesting the info (some ident daemons
for windows do this, maybe others).
FORMAT
<IP Address|Hostname>[/<Mask>] <Ident Response> <System Type>
The first field contains the IP address or the hostname of a machine that IP masquerades through the machine on which oidentd runs. The
mask parameter can be either a network mask or a mask in CIDR notation. A mask of 24 is equivalent to 255.255.255.0, a mask of 16 is
equivalent to 255.255.0.0, etc.
The second field specifies the reply that oidentd will return for lookups to the host matching the IP address specified in the first param-
eter.
The third field specifies the operating system the machine matching the first parameter is running.
EXAMPLES
<Host>[/<Mask>] <Ident Response> <System Type>
192.168.1.1 someone UNIX
192.168.1.2 noone WINDOWS
192.168.1.1/32 user1 UNIX
192.168.1.0/24 user3 UNIX
192.168.0.0/16 user4 UNIX
somehost user5 UNIX
192.168.1.0/255.255.255.0 user6 UNIX
AUTHOR
Ryan McCabe <ryan@numb.org>
http://dev.ojnk.net
SEE ALSO oidentd(8)oidentd.conf(5)version 2.0.8 13 Jul 2003 oidentd_masq.conf(5)
Check Out this Related Man Page
oidentd(8) System Manager's Manual oidentd(8)NAME
oidentd - TCP/IP IDENT protocol server
SYNOPSIS
oidentd [options]
[ -dehiImoqSv ]
[ -a <host> ]
[ -c <charset> ]
[ -C <config file> ]
[ -f <port> ]
[ -p <port> ]
[ -P <host> ]
[ -o or --other=[<OS string>] ]
[ -t or --timeout=<seconds> ]
[ -g or --group=<group|GID> ]
[ -l or --limit=<number>]
[ -r or --reply=<string> ]
[ -u or --user=<username|UID> ]
DESCRIPTION
oidentd is a server that implements the TCP/IP standard IDENT user identification protocol as specified in the RFC 1413 document.
oidentd operates by looking up specific TCP connections and returning the user name of the process owning the connection.
OPTIONS -a or --address=<address|hostname>
Listen for connections on the specified address. The default is to listen for connections on all configured IP addresses.
-c or --charset=<charset>
Use the specified alternate charset.
-C or --config=<config file>
Use the specified file as the configuration file. The default location of the configuration file is /etc/oidentd.conf.
-d or --debug
Enable debugging. This causes debugging messages to be printed via syslog. This option can be useful when trying to track down the
cause of failed lookups.
-e or --error
Return "UNKNOWN-ERROR" for all errors, so as not to divulge any unnecessary information to remote clients.
-f or --forward=[<port>]
When IP masquerading support is enabled, forward requests for machines that masquerade through us to those machines on the specified
port. If a port is not given, oidentd will use the default port for the ident service ("auth" or port 113). If the forwarded request
fails, oidentd will fall back to reading the /etc/oidentd_masq.conf file. In order for forwarding to work, the machine to which the
connection is forwarded must also be running oidentd, and oidentd must be run with the -P switch specifying the host that is for-
warding the connections. If the ident daemon on the host to which the connection is forwarded is capable of returning a fixed string
for any lookup (for example, the ident server built in to the mIRC windows IRC client), it is not necessary to run oidentd on that
host.
-g or --group=<group|GID>
Run with specified GID or group.
-i or --foreground
Run interactively, not as a daemon. This is useful when debugging, or when running from a service manager such as daemontools.
-I or --stdio
Service only a single client request then exit. The client is expected to be already connected via stdin and stdout. This mode is
useful when running from listener utilities such as inetd(8), xinetd(8) or tcpserver(8). This option implies -i (run in foreground)
also.
-l or --limit=<number>
Allow, at most, the specified number of open connections at once.
-m or --masq
Enable support for ident queries for masqueraded/NAT connections. See oidentd_masq.conf(5) for details on configuring support for
masqueraded/NAT connections.
-o or --other=[<string>]
The string specified will be returned as the OS string by default for all successful ident lookups. If no argument is given, "OTHER"
will be returned instead of the name of the operating system. Some requests may be interpreted as having failed by the client side
(with ident in general, not just with oidentd), when some other string is returned instead of the actual name of the operating sys-
tem.
-p or --port=<port>
Listen on the specified port.
-P or --proxy=<host>
The specified host acts as a proxy, forwarding connections to us. This option must be enabled when connections on the machine on
which oidentd is running are masqueraded through another host and the host through which the connections are masqueraded forwards
requests to us.
-q or --quiet
Quiet mode; do not log any status messages to syslog.
-S or --nosyslog
Log any status messages to stderr, not syslog. This is useful for debugging or integration with external loggers such as multi-
log(8).
-t or --timeout=<seconds>
Sets the number of seconds to wait for input from a client before closing the connection.
-u or --user=<user|UID>
Run with specified username or UID.
-U or --udb
Perform lookups in the UDB shared memory tables, both for connections originating on the local host and for masqueraded connections.
When a match is found, it will be used instead of the values supplied by the operating system, for either masqueraded entries (with
the -m flag) or normal TCP connections. Entries in the table which don't match any local user will be returned verbatim. This allows
oidentd to cooperate with other programs (e.g. RADIUS servers or proxies) to give valid replies for dynamic connections.
-r or --reply=<string>
Upon a failed lookup, the specified string will be returned to the client as if the lookup had succeeded.
-v or --version
Display version information and exit.
-h or --help
Display options and exit.
FILES
/etc/oidentd.conf
The system-wide configuration file.
/etc/oidentd_masq.conf
The NAT/IP masquerading mappings.
$HOME/.oidentd.conf
Per-user configuration file.
AUTHOR
Ryan McCabe <ryan@numb.org>
http://dev.ojnk.net
BUGS
Solaris lacks IPv6 support and NAT support.
SEE ALSO oidentd.conf(5)oidentd_masq.conf(5)version 2.0.8 13 Jul 2003 oidentd(8)