Solved [Solved] Oidentd How to redirect to jail

[bryn1u]

Hey,

I've installed oidentd from ports. Changed oidentd.conf.sample to oidentd.conf. Port was redirected on TCP/113 input. And when I for an example use irssi (ircnet) I always connect with "~" before ident. I tried from the host and it works well. What might be wrong?
Oidentd's configuration looks like below:

root@Oksymoron:/ # cat /usr/local/etc/oidentd.conf
default {
        default {
                deny spoof
                deny spoof_all
                deny spoof_privport
                allow random_numeric
                allow numeric
                deny hide
        }
}

user root {
        default {
                force reply "UNKNOWN"
        }
}

My /etc/pf.conf:

IP_PUB="178.32.219.66"
IP_JAIL="192.168.0.1"
NET_JAIL="192.168.0.0/24"
PORT_JAIL="{80,31337,113,6667,12345}"


table <bruteforce> persist

nat on em0 from $NET_JAIL to any -> $IP_PUB
rdr on em0 proto tcp from any to $IP_PUB port $PORT_JAIL -> $IP_JAIL

block quick from <bruteforce>
block in all
block return

pass in on $ext_if proto tcp from any to $IP_JAIL port 31337 flags S/SA modulate state (max 5,    source-track rule, max-src-states 5,    max-src-nodes 5,  max-src-conn-rate  4/30, overload <bruteforce> flush global)
pass in on $ext_if proto tcp from any to $IP_JAIL port 113

[/codee]

Someone help[b]?[/b]
Th[b]anks[/b],


[code]
09:26 -!- test___ [~test@ns3306115.ip.xxx.xxx.xxx]

 

[bryn1u]

How to redirect oident 113 to jail NAT with PF?

Hey,

I've been reading threads for a very long time and what I see is that people have a huge problem with redirecting port 113 to a jail. I have the same problem. Oidentd with PF doesn't work as should. Can someone tell me how to exactly do this?

IP_PUB="178.32.219.66"
IP_JAIL="192.168.0.1"
NET_JAIL="192.168.0.0/24"
PORT_JAIL="{80,31337,113,6667,12345}"


table <bruteforce> persist

nat on em0 from $NET_JAIL to any -> $IP_PUB
rdr on em0 proto tcp from any to $IP_PUB port $PORT_JAIL -> $IP_JAIL

block quick from <bruteforce>
block in all
block return

pass in on $ext_if proto tcp from any to $IP_JAIL port 31337 
pass in on $ext_if proto tcp from any to $IP_JAIL port 113

Can someone help?

Thx, Thanks,

 

[SirDice]

Re: Oidentd How to redirect to jail

Don't post the same question multiple times please.

Threads merged.

 

[bryn1u]

incomprehensible council from mailing list. PF & Nat

I reported a problem with redirection of NAT and got advice but I don't understand what he means.

My problem:

Hey,

I have a problem, have been sitting since a few days and can't resolve the problem.

I want to redirect oidentd port 113 from jail, becuse i use to irssi and want to connect with irc servers without "~" before ident example ~ident@host .

I don't know what else can i do. Nothing helps.

My /etc/pf.conf

IP_PUB="94.23.237.216"
IP_JAIL="192.168.0.1"
NET_JAIL="192.168.0.0/24"
PORT_JAIL="{80,113}"

scrub in all

nat pass on em0 from $NET_JAIL to any -> $IP_PUB
rdr pass on em0 proto tcp from any to $IP_PUB port $PORT_JAIL -> $IP_JAIL

pass from lo0 to any
pass from lo1 to any

My /etc/jail.conf

test {
        path = /test;
        mount.devfs;
        host.hostname = test;
        ip4.addr = 192.168.0.1;
        interface = lo1;
        securelevel = 3;
        exec.start = "/bin/sh /etc/rc";
        exec.stop = "/bin/sh /etc/rc.shutdown";
}

Tried connect to ircnet but result is as below:
08:50 -!- dupa_ [~dupa@ns321124.ip-94-23-237.eu]

Has a PF bug under FreeBSD ?

This is the moment (advice from mailing list) where I don't know what to do:

insert string to pf.conf ( pass any )
install  /usr/ports/sysutils/pftop

run pftop

Thank you.

 

[bryn1u]

Ok. I was looking on almost all forums, people haven't got an answer on this solutions and know it works.

Solutions is put the "static-port" to NAT rule! Problem is because:

Your TCP connections to IRC are coming from another port than you
think, static-port fixes that.