Identd requests through firewall

[Robby Workman <netfilter@rlworkman.net>]

Greetings...
IRC servers do an identd lookup when connecting to them, and although 
most of them do not require a response, I'd like to at least have the 
capability to return a response should I need to do so.  I currently 
have all incoming identd requests to the firewall rejected with TCP 
RST, and this is adequate for the time being.

What I would like to do is forward the request to one of the boxes 
behind the firewall (whichever one is attempting a connection with an 
IRC server).  I know how to forward them all to one of the individual 
machines (say box 1), but this does not help if I'm using one of the 
other boxes to connect.

In order for a connection to be considered "RELATED," an helper module 
would have to exist.  In the absence of such a module (the netfilter 
IRC module does not do this iiuc), is there some other way to make 
iptables "know" that box1 has initiated a connection to $IRCSERVER and 
hence forward incoming identd requests from $IRCSERVER to box 1?

It shouldn't matter, but Firewall is Slackware 10.0 +patches, and most 
boxes behind the firewall are Slackware -something...

Thanks in advance...


Network Diagram:

   Dialup
   Internet
      |
      |
------------
| (ppp0)   |
| Firewall |
| (eth0)   |
------------
      |
      |
------------
|          |
|  Switch  |
|          |
------------
      |
      |---------------------------
      |             |            |
      |             |            |
    box 1         box 2        box 3


-- 

http://rlworkman.net