oidentd can forward ident queries to the host they were intended for, provided that this host is connecting through the machine oidentd is running on.

The target host is determined by reading the kernel’s connection tracking file. On Linux systems without a connection tracking file, oidentd can instead be compiled with libnetfilter_conntrack support.

When forwarding is enabled, the default behavior is to forward immediately and only fall back to using the configured static replies if forwarding fails. This can be changed using the --masquerade-first (-M) flag, in which case oidentd will only forward requests if no matching static reply can be found.

Configuring The Proxy Server

Forwarding can be enabled on the device performing network address translation by running oidentd with the --forward (-f) option. Optionally, a target port may be specified using --forward=port. If no port is specified, port 113 is used.

Configuring The Servers

All machines you wish to forward requests to must be running an ident server capable of handling forwarded requests, such as oidentd with the --proxy (-P) option. For example, oidentd can be run on a machine behind NAT with the following command:

oidentd -P

This allows to forward queries to the current oidentd instance.

If you specified a custom target port for forwarding, make sure the target server is configured to listen on that port:

oidentd -P -p 113

Port 113 is the default and need not be specified explicitly.