First off, I'd like to say that I am pretty much new to linux. Well, I guess I'm not real new, but not experienced enough yet to tackle issues like the following:

I did a custom install of RedHat v7.1 and added the option for medium security. So, I believe I have a firewall and this might be a problem concerning the following.

I can use the irc on linux friendly servers such as irc.openprojects.net. But, if I try to access a EF-Net or DAL-Net server. I get the following response:

*** Banned: Install Identd for access (2001/4/18 09.20)
--- Closing Link: GRebel[GRebel@255.255.255.255] (Banned)

So, I'm thinking it has something to do with identd, xinetd, and maybe my firewall.

If anyone has come across this or knows what to do to get this identd situation fixed, I'd appreciate any help at all.

See, I don't think that the case is that I'm banned from these servers, because I can log into them from windows, using MIRC.

Thankyou for taking the time to read this...

Confused GRebel

o o o I know this one....

Ok so the IRC server you want to use wants to know your Linux's login user name.

So it's looking for identd on port 113 on your system.

Goto your Linux box and type "# netstat -nap | grep LISTEN"
Do you see the identd service running on port 113 ? if not it's not loaded as default because it's a security risk.

If it's not loaded type this:
/etc/rc.d/init.d/identd start

If it's loaded then the firewall is blocking it as it should do.

To check this type:
# iptables -L
if you get error messages then you don't use IPtables

so type
ipchains -L -n
if it shows you a list then your using ipchains, so type this to allow all access to port 113. "again not good idea for security reason"
type:
# ipchains -A input -p tcp -s 0/0 --sport 1023:65535 -d 0/0 --dport 113 -j ACCEPT
#ipchains -A output -p tcp -s 0/0 --sport 113 -d 0/0 -j ACCEPT

This is a generic command as I don't know your internal or external IP address. "should still work"

Again I wouldn't use this unless you put strong rules in and only allow trusted IRC servers to ask your system.

If not someone like me will come a long and look at your auth port for your user login info and then attempt to brute force your password. "takes time but can work"

bye,
/Raz

GRebel: Thanx for quick response Raz...

o o o I know this one....

GRebel: I was beginning to feel hopeless with this situation until your most informative post came along.

Ok so the IRC server you want to use wants to know your Linux's login user name.

So it's looking for identd on port 113 on your system.

Goto your Linux box and type "# netstat -nap | grep LISTEN"
Do you see the identd service running on port 113 ? if not it's not loaded as default because it's a security risk.

GRebel: I do see it there and it's listening.

If it's not loaded type this:
/etc/rc.d/init.d/identd start

If it's loaded then the firewall is blocking it as it should do.

To check this type:
# iptables -L
if you get error messages then you don't use IPtables

GRebel: When I typed this with path included I did get errors and proceeded to your next bit of advice.

so type
ipchains -L -n
if it shows you a list then your using ipchains, so type this to allow all access to port 113. "again not good idea
for security reason"
type:
# ipchains -A input -p tcp -s 0/0 --sport 1023:65535 -d 0/0 --dport 113 -j ACCEPT
#ipchains -A output -p tcp -s 0/0 --sport 113 -d 0/0 -j ACCEPT

GRebel: With your help I found I am using ipchains.

This is a generic command as I don't know your internal or external IP address. "should still work"

GRebel: I'm certain that will fix the problem, however I don't want to suffer in security. What do you mean by internal and external IP address? I have just the single computer connected currently with broadband ADSL. I think I know what you mean by external IP address as in my ISP's provided static I.P. they assigned to me. Is internal, like a gateway address or broadcast address? How could I find out my internal I.P. Address? Sorry for all the questions and I hope I don't sound too unintelligent.

Again I wouldn't use this unless you put strong rules in and only allow trusted IRC servers to ask your system.

GRebel: Would you be willing to go over what kind of strong rules, syntax I would need to secure the box, yet allow for certain irc servers to access identd?

If not someone like me will come a long and look at your auth port for your user login info and then attempt to
brute force your password. "takes time but can work"

GRebel: Thankyou for taking the time to read and input your knowledge towards my lack of knowledge... Hehehe...

GRebel: Hopefully these posts can prove useful to others who read them as well. I'm sure I'm not the only one who was wondering about this subject. I did scour the internet looking for a fix and only found bits and pieces suggesting things, but nothing concrete until this post.

GRebel: Take Care fellow Linux users and I look forward to your next post Raz.

-=*> GRebel <*=-

Long live Tux...

GRebel,

Well I've just come back from the pub so this might not make much sense but I'll have ago.

Right.
You must have 2 IP address for you to get this far.

First ip address is your external ISP address allocated to your ISP for you by the IANA. "known as your internet address"
But correctly called XPN address "external public network address"

Second ip is your internal address which is allowed by one of the following ranges that you decide. "known as your IPN Internal public address"
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

On your system you must know this info when you set it up
So type #ifconfig -a

you'll get the address's setup for you on your interface(s)
example:

eth0 Link encap:Ethernet HWaddr 00:50:8B:9A:7A:9C
inet addr:10.5.1.4 Bcast:10.5.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:415337 errors:0 dropped:0 overruns:0 frame:0
TX packets:399742 errors:0 dropped:0 overruns:0 carrier:3
collisions:5067 txqueuelen:100
Interrupt:17 Base address:0x3000

eth0:0 Link encap:Ethernet HWaddr 00:50:8B:9A:7A:9C
inet addr:32.96.111.130 Bcast:32.96.111.255 Mask:255.255.255.252
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:17 Base address:0x3000

in this case it's an example so the eth0 ip address is the IPN address of 10.5.1.4
The eth0:0 ip address is internet IP address of 32.96.111.130 "Yes this is my real IP address lol"

Right next step is to find the ip address of the IRC server you want to allow access to your auth port on.

So as EF net are large, I don't know the range of IP address's they have.
Connect to them and wait for that error you got last time.
When it says this type this and get the info you need
#ipchains -L -M -n
should see something that shows your server accessing the IRC server including the address you need.

example:
prot expire source destination ports
TCP 22:27.77 10.5.1.10 212.16.1.11 2311 (62708) -> 194

port 194 is used by IRC + ports 6667

now the server address is 212.16.1.11 in this example:

ok so once you know this you can setup a rule just for this server.

so you would type the following info from the example above. "only on input chain"
ipchains -A input -p tcp -s 212.16.1.11 --sport 1023:65535 -d 32.96.111.130 --dport 113 -j ACCEPT

"-s is the server address"
"-d is your IP address given to you by the ISP"

Now you have a more secure rule where only the IRC server can hack you back.

Look, Linux is not for using as a IRC client so if you want to do this do it at your own risk, or use a Windows system that doesn't understand Auth requests.

ps. if you have only one external IP address and don't any internal systems to connect to the internet, I would use your linux box to route the Windows systems to so this for you with NAT. "network address translation ..."

/RAz

All I can say really, is wow! That's so much useful knowledge you've unloaded on me, Raz. Thankyou tremendously.

Now, I have some idea of how things work. Hopefully if, you don't mind, we could discuss more networking and security issues. Sounds as if you really know your stuff.

I'll give these options a try out and report back to you here.

Here's a question related to the ipchains: How would I go about removing a rule I set in ipchains? Say for instance, I try out your rule. What's the best way to get that rule removed, in case I want to go back to the original setup I had before I entered that rule?

Take it ez Raz and may the penguin force dwell in you always. Hehehe...

-=*> GRebel <*=-

in training...

Np that's what the forum's for.

Type "#ipchains -F" to flush the rules then test the new ones.

Don't do this from a ssh or telnet link as it will kick you off.
Make a script that clears the rules but leaving you connected.

/Raz