[FW1] IRC,IDENT and Firewall-1

Thu, 31 Aug 2000 10:55:17 -0700 


First I want to apologise if this is a topic that has been hashed over
before but I just subscribed to the list server. Also, is there a database
of all the pervious posts somewhere that I can search through. Retrieving
a digest at a time is painful and slow.

Here is my situation:
I use a dialup into work as my ISP to save monthly costs. We have a proxy
server which authenticates whether our users are alooweed access through
the firewall. If they are authorised, then they can get out into the
internet. Noone is ever allowed to talk directly to the firewall from
either side.  We are trying to get IDENT to work for IRC connections from
inside out network. Right now, we can only connect to IRC servers which
don't require IDENT of which there are only 2 (Yes, I've tried every single
server on EFNET!). Both of those servers are flaky at best and split out
and go up/down alot.  We'd like to be able to use any IRC server but we
must first get IDENT to work. We have several rules built and IDENT and IRC
are both enabled and allowed although the IDENT requests when coming back
in from an IRC server look like "AUTH" requests to the firewall, that is
according to the log. Is there a way to allow IDENT requests to route back
to the calling workstation instead of having it killed at the firewall? If
this isn't possible, I was thinking that I could install an IDENT daemon on
the firewall, but that would require talkig directly to the firewall which
is pretty dangerous. We've played around with this but haven't gotten
anything working. It looks like when the IDENT request is coming in, it's
not on port 113 which is what I would expect as that is what MIRC uses, it
is on a different port each time so even enabling a single port wouldn't
help. Forgive me if my terminology is kinda screwy. I hope I explained
myself correctly. We have Firewall-1 v4.0.


Help! I miss IRC!

John



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to