PF+Jail+IRC Cannot redirect oidentd from jail without "~"

[Thomas Steen Rasmussen]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 06-07-2014 11:53, bryn1u85 . wrote:
> Hey,
> 
> I have a problem, have been sitting since a few days and can't
> resolve the problem.
> 
> I want to redirect oidentd port 113 from jail, becuse i use to
> irssi and want to connect with irc servers without "~" before ident
> example ~ident at host .
> 
> I don't know what else can i do. Nothing helps.
> 
> My etc/pf.conf
> 
> ... nat on em0 from $ip_oksymoron to any -> $ip_pub rdr on em0 inet
> proto tcp from any to $ip_pub port 113 -> $ip_oksymoron port 113 
> ... black in all pass in on $ext_if proto tcp from any to
> $ip_oksymoron port 113 ...
> 
> I checked from host without pf, works well. Checked from host with
> pf and works well but from jail it still doesn't work. Someone can
> help with this issue ?

Hello,

Try adding the "static-port" keyword to your nat rule.

Your TCP connections to IRC are coming from another port than you
think, static-port fixes that.

Best regards,

Thomas Steen Rasmussen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTurpkAAoJEHcv938JcvpYHRAP/RFoFafeg3tkDnyZZIeBcodW
HH9F+BYebU+iut0A3KM0jcN5jw/UHh9R2DDQX5lDT7Zkou39nxyLehFPZJ2ukCpG
jgn6cyi0/6pnjjF09thasBQSJvABy4Z/9T92s9g1WAHXvpcShRs3KaSq/AXbGdwx
9hOfhmg6Gxt8MzrANtRXpgdRSC2RU1lwKHWH2Qpskzu5d0sBVe2/Yv0BTZaSU/YU
qUBaVWGeEy3ajlKFcGsi9bs6gVmCJPdu96SMkvJsdWxJRGBUvCkpt07SCkFXoOlS
JkGUlMoorD6UvBQmYQizuFUfTd3gYMpu6/rH81dAARBohNQI741fUMz3NxTnEau5
yDyOZ2kEptYvYo1jK/a290aCFkkiblbmrt/r+oOgGQJPoQow13B2+b+qTnVvtOAj
HHPsQL8tSVmgoYbIDdpORd25a/mQ8SMC3GJ1S0Y2wia4qkhhmzISPiR81BRersQy
iD6pkJc22h39hvvJyxsUqrDe+lFbN6Sc3HiTvRPE3qu5f1tNafB9IAfDCDtcJOwx
4/tMbsBbpuLe6QKwuzOxP780M8n7degdIr9ItUInSrYV+fztQuUf1fvrkzZGcAQG
+zZxu/nqfhIwvTyuiHgaCzohaka5mBYMyHVq5I8P4+7bpahdkHsYJOWedYfXU+02
1gm0UV0r0vyDfCxv7lIy
=j9gn
-----END PGP SIGNATURE-----