Get oidentd working on your local network

You have troubles getting oidentd working on your local network ?
You have that ~ on your ident when connecting from behind your gateway ?
Here is a solution...

Introduction

First let me explain how my local network is built. I have a Linux server (Azure) connected to the internet. It is acting as router and firewall and it share the connection with two XP computers (Cloud & Storm) using a Linksys switch. On the Linux server are running some eggdrops and bncs for myself and friends.

The story

Oidentd was working very well for the process running on Azure (on ipv4 and ipv6). I noticed that when i'm connecting from Storm or Cloud to IRC, oidentd doesnt answer to the irc server request and then no ident was found. Logs were reporting an error:

Aug 11 14:34:30 azure oidentd[26118]: [ircnet.club-internet.fr] 33809 , 6667 :ERROR : NO-USER

I read in the oidentd's manual (rtfm is always good :p) that there is a forwarding option.
My goal was to add this option to my ident server.

Adding forwarding option

We suppose that you have oidentd working on your server. Here is a sample of my /etc/oidentd.conf


default {

        default {

allow spoof

			allow spoof_all

			allow spoof_privport

			allow random_numeric

			allow numeric

			allow hide

			}

	}

user thyrex {

		default {

			allow spoof

			allow spoof_all

			}

			## ipv6.thyrex.biz ##

			from 2a01:b0:10ee:1::1:2 {

			force reply "thyrex"

			}

			## atari.tripax.org ##

			from 2a01:b0:10ee:1::2:3 {

			force reply "cyclone"

                  }

	}

The "user thyrex" part is used to spoof ident of the psybnc users (one bnc for all users). User thyrex is using 2a01:b0:10ee:1::1:2 as vhost and to any ident request for this ip, oidentd answer "thyrex". Same for user Cyclone who use 2a01:b0:10ee:1::2:3 , to all ident request for this ip oidentd answer "cyclone" (of course we answer anything else). Back to our forwarding option. To have it working, we have to create a new file called /etc/oidentd_masq.conf.
This file looks like this:


192.168.0.250 thyrex WINDOWS

192.168.0.249 celine WINDOWS

192.168.0.* is the ip on the local network, thyrex and celine are the ident answer for both computer. WINDOWS is what system is running on this computer (can be UNIX). When you are done with this file you can restart your oidentd server. You have to start it with 2 option: -f for forwarding -m for masquerading :

oidentd -fm -u nobody -g nobody

Testing

Connecting to any irc server is now reporting a new message:

Aug 13 19:15:18 azure oidentd[30522]: [192.168.0.250] Successful lookup (by forward): 4543 (4543) , 7000 :thyrex

The end

On my server i had a little problem. Oidentd was running with "oidentd -fm -u nobody -g nobody" forcing user and group to "nobody" ident request wasnt forwarded.
When running with just user forced, work perfect !

For any question/feedback #aeshells at irc.freenode.net

thyrex