> > can ipfilters/ipnat be used to properly handle ident requests for irc
> > sessions? 
> I dont know if it is supported... if it is, it is probably very tricky...

I don't think it is supported, but writing a proxy-identd (as a userland
daemon), running on the NAT machine, should be simple.

Note that you can get all the info you need manually by running "ipnat -l"
on the NAT machine. Then just pick the proper line from that output (matching
the requested connection), send a modified query to the identd on the
machine behind the NAT and forward it's answer to the requestor.

Should be less than 100 lines of C code.

I won't comment on the usefullness of such a daemon and identd in general.


Martin

P.S.: of course this is not suggesting to actually run "ipnat -l" from the
daemon.