Is the plugin format/installation documented anywhere? I'd be more than
happy to create a plugin, but I tried searching the mailing list archive and
couldn't come up with anything documenting the actual use/development of
plugins.
Regards,
Gary T. Giesen
-----Original Message-----
From: Quark AV - Hilton Travis [mailto:Hilton at QuarkAV dot com]
Sent: May 31, 2004 8:03 PM
To: m0n0wall dash dev at lists dot m0n0 dot ch
Subject: RE: [m0n0wall-dev] Oidentd on m0n0wall
Hi Gary,
> -----Original Message-----
> From: Gary T. Giesen [mailto:mailing dash list at rogers dot com]
> Sent: Thursday, 27 May 2004 01:25
> To: m0n0wall dash dev at lists dot m0n0 dot ch
> Subject: [m0n0wall-dev] Oidentd on m0n0wall
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I know this idea probably won't be well-liked, but I'll run it past
> you guys anyways. I have managed to get oidentd running on m0n0wall,
> along with a nice configuration page in the services section of the
> webGUI.
Well, I for one don't think that ident needs to be in the default m0n0wall
image, but if you wish to build this as a module/plugin, then feel free to
do it that way.
> I'm sure you'll say that m0n0wall is a firewall only, but the
> firewall/nat box is the only place you can set up transparent
> proxying; otherwise you'd have for forward port 113 to another
> machine, and setup oidentd with a up a bunch of fake mappings that
> could change. Also, that only gives you one possible ident per
> machine, as far as Im aware. Having oidentd on m0n0wall would allow
> you to provide authentic ident responses from client machines, and it
> would be pretty much maintenance free when adding new clients on the
> network, as opposed to doing it on another machine. So I'd ask that
> you consider it. Not to mention the work has already been done for
> you.
Across a controlled network, such as a LAN, ident can be seen to have some
sense. Across the Internet, there's no real use/purpose for ident at all as
it can be easily spoofed, faked, or treated with an ident client like
oidentd - resulting in a fake ident response being sent. Running oidentd on
your m0n0wall effectively provides a faked response to the other end - the
machine that is responding to the ident probe is *generally* not the same
machine that is actually connecting to the remote machine - and yes, I know
the firewall makes the final part of the connection, but the protected
machine initiates this connection.
>
> Regards,
>
> Gary T. Giesen
>
>
> PS. For anyone interested in testing/using this in the meantime,
> contact me and I'll be happy to send you the required modified files
> - - it's been setup against the official 1.0 release.
Again, there's a plugin interface for this sort of thing. I suggest you use
that, as an ident client does not belong in the standard m0n0wall build.
--
Regards,
Hilton Travis Phone: +61-(0)7-3343-3889
Manager, Mobile: +61 (0)419 792 394
Quark IT http://www.QuarkIT.com.au/
Quark AudioVisual http://www.QuarkAV.net/
(Brisbane, Australia)
Network Administration, SmoothWall Firewalls, NOD32 AntiVirus Non Linear
Video Editing Solutions & Digital Audio Workstations Conference and Seminar
AudioVisual Production and Recording
War doesn't determine who is right. War determines who is left.
---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
__________ NOD32 1.778 (20040601) Information __________
This message was checked by NOD32 antivirus system.
http://www.nod32.com | 