On Jun 17, Michael Meskes wrote: > Yes, I use a proxy and both proxy and www-client run on the same > machine. But it appears the ident calls came from my firewall where I > run a http-gw. > > You're absolutely right that I should get rid of that traffic. There is > no need for the firewall to ask identd on a local machine. But it should > ask identd for connections from outside. Can I configure tcpd so that it > only ask outside machines? Currently I have ALL:@@ALL in my > /etc/hosts.allow file. Would it suffice to add a line http-gw: > [EMAIL PROTECTED] Our local network is 172.26.0.0.
I guess the following things would help: - replace ALL:@@ALL by ALL:ALL (no ident lookups by default) or maybe ALL EXCEPT http-gw:@@ALL (lookups for every service except http-gw) or - http-gw:172.26. @@ALL (or http-gw:172.26. [EMAIL PROTECTED]) This line would allow access from 172.26.x.x without ident lookup. Every other address would cause an ident lookup. or - use ipfwadm to protect the ident port Thanks, Peter -- Peter Tobias <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> PGP ID EFAA400D, fingerprint = 06 89 EB 2E 01 7C B4 02 04 62 89 6C 2F DD F1 3C -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .