# oidentd in jail environment.



## folivora (Oct 19, 2010)

Hi.

I am trying to get oidentd to work inside the jail. I have confirmed that oidentd is running on jail (nmap).

I have configured global force ident reply to oidentd.conf


```
default {
       default {
       force reply "51"
       }
}
```

Until now i I can't get ident responses to work.

I have NAT on host system (I am using PF), so I have done portforwarding to pf.conf.


```
nat on $int_if from $oidentd to any -> ($ext_if)
```


```
rdr pass on $ext_if proto tcp from any to $ext_if port 113 -> $oidentd port 113
```

Do I need to fix NAT for $oidentd to get packets to get forwarded correctly? 

- Folivora


----------



## DutchDaemon (Oct 19, 2010)

Try nat on $ext_if.


----------



## folivora (Oct 19, 2010)

Hi,

I changed


```
nat on $int_if from $oidentd to any -> ($ext_if)
```

to 


```
nat on $ext_if from $oidentd to any -> ($ext_if)
```

I am still having the same problem. I also added following line to allow port 113.


```
pass in quick on $ext_if inet proto tcp from any to $oidentd port 113 keep state
```

What I understand of PF, these rules should be enough. Please correct me if I am wrong.

-Folivora


----------



## SirDice (Oct 19, 2010)

Make sure oidentd is bound to the jail's IP address and not on all (*) addresses.


----------



## folivora (Oct 19, 2010)

Hi,

Could you tell me how I can make shure that oidentd is bound to jail's ip-address. 
I looked oidentd.conf and it seems that there is no option to change that ? 

Folivora


----------



## folivora (Oct 19, 2010)

Hi.

-a <address|hostname> seems to do the trick.

So i tried:


```
8246  0.0  0.0  5828  1348  ??  IsJ   5:35PM   0:00.00 /usr/local/sbin/oidentd -a 10.10.10.3 -C /usr/local/etc/oidentd.conf
```

With above PF-rules, ident still not working.

If I telnet my external ip-address to port 113, it answers, so rdr for port 113 is working. Could it be NAT which is causing this problem ? 

Any other ideas ? 

- Folivora


----------



## folivora (Oct 20, 2010)

Some more...

It seems that queries are now going to oidentd-daemon: 

When I debug it. I see following lines.


```
Starting oidentd.
Connection from 192.98.101.228:52766
[192.98.101.228] 56493 , 6667 : ERROR : NO-USER
```

I've read man-page, there is info that I should use -m / --masquare option. When I add -m option to rc.conf's oidentd_flags-options, oidentd fails to start up.

Any ideas.

- Folivora


----------

