From a92589b82be0e9123e7f782734ecee64c06fcf3d Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Sun, 14 Oct 2012 20:41:58 +0100 Subject: [PATCH] radius.m4: Allow external servers to contact the identd. Otherwise all requests for NATted connections will fail. --- radius.m4 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/radius.m4 b/radius.m4 index 2d5f8aa..b8481bb 100644 --- a/radius.m4 +++ b/radius.m4 @@ -88,7 +88,10 @@ for p in ftp sip h323; do run modprobe nf_nat_$p done -## Forbid anything complicated to the NAT address. +## Forbid anything complicated to the NAT address. Be sure to allow ident, +## though. +run iptables -A INPUT -d 62.49.204.158 -p tcp -j ACCEPT \ + -m multiport --destination-ports=113 run iptables -A INPUT -d 62.49.204.158 ! -p icmp -j REJECT m4_divert(-1) -- 2.11.0