oidentd_masq.conf man page
oidentd_masq.conf — oidentd IP masquerading (NAT) configuration file.
If you are using IP masquerading or NAT, oidentd can optionally return a username for connections from other machines. Support for this is enabled by calling oidentd with the -m (or --masquerade) flag and by creating an /etc/oidentd_masq.conf file. This file is read from top to bottom, and oidentd stops at the first matching entry it encounters.
oidentd can also forward requests for an IP masqueraded connection to the machine from which the connection originates by way of the -f (or --forward) option. This will only work if the host to which the connection is forwarded is running oidentd with the -P (--proxy) flag, or if the host's ident daemon returns a valid reply regardless of the input supplied by and the address of the host sending the request.
When forwarding is enabled with the -f option, oidentd forwards ident queries before reading the IP masquerading configuration file. If this is not desired, the -M (or --masquerade-first) option can be used.
<IP Address|Hostname>[/<Mask>] <Ident Response> <System Type>
The first field contains the IP address or the hostname of a machine that IP masquerades through the machine on which oidentd runs. The mask parameter can be either a network mask or a mask in CIDR notation. A mask of 24 is equivalent to 255.255.255.0, a mask of 16 is equivalent to 255.255.0.0, etc.
The second field specifies the reply that oidentd will return for lookups to the host matching the IP address specified in the first parameter.
The third field specifies the operating system the machine matching the first parameter is running.
<Host>[/<Mask>] <Ident Response> <System Type>
192.168.1.1 someone UNIX
192.168.1.2 noone WINDOWS
192.168.1.1/32 user1 UNIX
192.168.1.0/24 user2 UNIX
192.168.0.0/16 user3 UNIX
somehost user4 UNIX
192.168.1.0/255.255.255.0 user5 UNIX
Janik Rabe <email@example.com>
Originally written by Ryan McCabe <firstname.lastname@example.org>.