oidentd can forward ident queries to the host they were intended for, provided that this host is connecting through the machine oidentd is running on.
The target host is determined by reading the kernel’s connection tracking file. On Linux systems without a connection tracking file, oidentd can instead be compiled with libnetfilter_conntrack support.
When forwarding is enabled, the default behavior is to forward immediately and
only fall back to using the configured static replies if forwarding fails.
This can be changed using the
-M) flag, in which case
oidentd will only forward requests if no matching static reply can be found.
Forwarding can be enabled on the device performing network address translation
by running oidentd with the
-f) option. Optionally, a target
port may be specified using
--forward=port. If no port is specified, port
113 is used.
All machines you wish to forward requests to must be running an ident server
capable of handling forwarded requests, such as oidentd with the
-P) option. For example, oidentd can be run on a machine behind
NAT with the following
oidentd -P 10.0.0.1
10.0.0.1 to forward queries to the current oidentd instance.
If you specified a custom target port for forwarding, make sure the target server is configured to listen on that port:
oidentd -P 10.0.0.1 -p 113
113 is the default and need not be specified explicitly.