[ previous ] [ next ] [ threads ]
 
 From:  "Gary T. Giesen" <mailing dash list at rogers dot com>
 To:  <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] Oidentd on m0n0wall
 Date:  Wed, 2 Jun 2004 11:42:53 -0400
Is the plugin format/installation documented anywhere? I'd be more than
happy to create a plugin, but I tried searching the mailing list archive and
couldn't come up with anything documenting the actual use/development of
plugins.

Regards,

Gary T. Giesen

-----Original Message-----
From: Quark AV - Hilton Travis [mailto:Hilton at QuarkAV dot com] 
Sent: May 31, 2004 8:03 PM
To: m0n0wall dash dev at lists dot m0n0 dot ch
Subject: RE: [m0n0wall-dev] Oidentd on m0n0wall

Hi Gary,

> -----Original Message-----
> From: Gary T. Giesen [mailto:mailing dash list at rogers dot com]
> Sent: Thursday, 27 May 2004 01:25
> To: m0n0wall dash dev at lists dot m0n0 dot ch
> Subject: [m0n0wall-dev] Oidentd on m0n0wall
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I know this idea probably won't be well-liked, but I'll run it past 
> you guys anyways. I have managed to get oidentd running on m0n0wall, 
> along with a nice configuration page in the services section of the 
> webGUI.

Well, I for one don't think that ident needs to be in the default m0n0wall
image, but if you wish to build this as a module/plugin, then feel free to
do it that way.

> I'm sure you'll say that m0n0wall is a firewall only, but the 
> firewall/nat box is the only place you can set up transparent 
> proxying; otherwise you'd have for forward port 113 to another 
> machine, and setup oidentd with a up a bunch of fake mappings that 
> could change. Also, that only gives you one possible ident per 
> machine, as far as Im aware. Having oidentd on m0n0wall would allow 
> you to provide authentic ident responses from client machines, and it 
> would be pretty much maintenance free when adding new clients on the 
> network, as opposed to doing it on another machine. So I'd ask that 
> you consider it. Not to mention the work has already been done for 
> you.

Across a controlled network, such as a LAN, ident can be seen to have some
sense.  Across the Internet, there's no real use/purpose for ident at all as
it can be easily spoofed, faked, or treated with an ident client like
oidentd - resulting in a fake ident response being sent.  Running oidentd on
your m0n0wall effectively provides a faked response to the other end - the
machine that is responding to the ident probe is *generally* not the same
machine that is actually connecting to the remote machine - and yes, I know
the firewall makes the final part of the connection, but the protected
machine initiates this connection.

> 
> Regards,
> 
> Gary T. Giesen
> 
> 
> PS. For anyone interested in testing/using this in the meantime, 
> contact me and I'll be happy to send you the required modified files
> - - it's been setup against the official 1.0 release.

Again, there's a plugin interface for this sort of thing.  I suggest you use
that, as an ident client does not belong in the standard m0n0wall build.

--
 
Regards,
 
Hilton Travis                        Phone: +61-(0)7-3343-3889
Manager,                             Mobile: +61 (0)419 792 394
Quark IT                             http://www.QuarkIT.com.au/
Quark AudioVisual                    http://www.QuarkAV.net/
(Brisbane, Australia)
 
Network Administration, SmoothWall Firewalls, NOD32 AntiVirus Non Linear
Video Editing Solutions & Digital Audio Workstations Conference and Seminar
AudioVisual Production and Recording
 
 War doesn't determine who is right. War determines who is left.
 


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch


__________ NOD32 1.778 (20040601) Information __________

This message was checked by NOD32 antivirus system.
http://www.nod32.com