RE: inetd question
Yes, I use a proxy and both proxy and www-client run on the same
machine. But it appears the ident calls came from my firewall where I
run a http-gw.
You're absolutely right that I should get rid of that traffic. There is
no need for the firewall to ask identd on a local machine. But it should
ask identd for connections from outside. Can I configure tcpd so that it
only ask outside machines? Currently I have ALL:@@ALL in my
/etc/hosts.allow file. Would it suffice to add a line http-gw:
ALL@172.26? Our local network is 172.26.0.0.
Dr. Michael Meskes, Projekt-Manager | topsystem Systemhaus GmbH
firstname.lastname@example.org | Europark A2, Adenauerstr. 20
email@example.com | 52146 Wuerselen
Go SF49ers! Go Rhein Fire! | Tel: (+49) 2405/4670-44
Use Debian GNU/Linux! | Fax: (+49) 2405/4670-10
>From: Peter Tobias [SMTP:firstname.lastname@example.org]
>Sent: Tuesday, June 17, 1997 2:37 AM
>To: Kai Henningsen
>Cc: Die Adresse des Empfängers ist unbekannt.
>Subject: Re: inetd question
>As far as I know Michael uses a proxy in the same lan (maybe the client
>also runs on this machine). When you get some pages from the local
>proxy and the proxy does an ident lookup for each connection you'll get
>lots of ident lookups (getting pages from the proxy is quite fast so
>you'll get lots of lookups in a very short time).
>> > Using "nowait.120" is of course a solution but it is probably better
>> > to find the application that is causing the problem.
>> It is not clear that there is a problem, other than heavy use. There may
>> be, of course, such as ident queries actually causing more ident queries,
>> but we don't know yet if something like that happens.
>Getting more than 40 ident lookups a minute is not a usual situation. The
>best solution is to find the reason (the sender!) of the ident requests
>(if it is a local service/system the ident lookups for that service/system
>should probably be turned off). Setting the limit to 120 will keep the
>system running but won't reduce the (maybe unnecessary) traffic. If the
>number of requests can't be reduced the identd should be run in standalone
>Peter Tobias <email@example.com> <firstname.lastname@example.org>
>PGP ID EFAA400D, fingerprint = 06 89 EB 2E 01 7C B4 02 04 62 89 6C 2F DD F1
>TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
>Trouble? e-mail to email@example.com .
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to firstname.lastname@example.org .