diff -U4 -r oidentd-2.0.8/ChangeLog oidentd-2.0.8d/ChangeLog
--- oidentd-2.0.8/ChangeLog	2007-04-10 20:57:32.000000000 +0100
+++ oidentd-2.0.8d/ChangeLog	2007-04-10 22:13:49.000000000 +0100
@@ -1,5 +1,5 @@
-Tue Apr 10 20:57:00 BST 2006    Simon Arlott <oidentd@fire.lp0.eu>
+Tue Apr 10 22:14:00 BST 2006    Simon Arlott <oidentd@fire.lp0.eu>
 
     * Fix bug handling NAT with a different destination port on Linux.
 
     * Fix forwarding when the destination port is different.
@@ -7,8 +7,10 @@
     * Add an option that does forwarding only if the masquerading file lookup fails.
 
     * Support Layer 3 Independent Connection tracking on Linux.
 
+	* Handle local NAT on Linux (instead of fowarding to self).
+
 Mon May 22 00:20:15 EDT 2006    Ryan McCabe <ryan@numb.org>
 
     * Released as version 2.0.8.
 
diff -U4 -r oidentd-2.0.8/src/kernel/linux.c oidentd-2.0.8d/src/kernel/linux.c
--- oidentd-2.0.8/src/kernel/linux.c	2007-04-10 20:49:05.000000000 +0100
+++ oidentd-2.0.8d/src/kernel/linux.c	2007-04-10 22:12:58.000000000 +0100
@@ -51,8 +51,9 @@
 #define NFCONNTRACK	"/proc/net/nf_conntrack"
 
 static int netlink_sock;
 extern struct sockaddr_storage proxy;
+extern char *ret_os;
 
 static int lookup_tcp_diag(	struct sockaddr_storage *src_addr,
 							struct sockaddr_storage *dst_addr,
 							in_port_t src_port,
@@ -305,11 +306,8 @@
 			struct sockaddr_storage *faddr)
 {
 	char buf[2048];
 
-	/* laddr is unneeded on Linux */
-	(void) laddr;
-
 	/*
 	** There's no masq support for IPv6 yet.
 	*/
 
@@ -444,8 +442,55 @@
 
 		if (nport != fport)
 			continue;
 
+		/* Local NAT, don't forward or do masquerade entry lookup. */
+		if (localm == remoten) {
+			int con_uid = -1;
+			struct passwd *pw;
+			char suser[MAX_ULEN];
+			char ipbuf[MAX_IPLEN];
+
+			sin_setv4(htonl(remotem), &ss);
+			get_ip(faddr, ipbuf, sizeof(ipbuf));
+	
+			if (con_uid == -1 && faddr->ss_family == AF_INET)
+				con_uid = get_user4(htons(masq_lport), htons(masq_fport), laddr, &ss);
+
+			/* Add call to get_user6 when IPv6 NAT is supported. */
+
+			if (con_uid == -1)
+				return (-1);
+
+			pw = getpwuid(con_uid);
+			if (pw == NULL) {
+				sockprintf(sock, "%d,%d:ERROR:%s\r\n",
+					lport, fport, ERROR("NO-USER"));
+
+				debug("getpwuid(%d): %s", con_uid, strerror(errno));
+				return (0);
+			}
+
+			ret = get_ident(pw, masq_lport, masq_fport, laddr, &ss, suser, sizeof(suser));
+			if (ret == -1) {
+				sockprintf(sock, "%d,%d:ERROR:%s\r\n",
+					lport, fport, ERROR("HIDDEN-USER"));
+
+				o_log(NORMAL, "[%s] %d (%d) , %d (%d) : HIDDEN-USER (%s)",
+					ipbuf, lport, masq_lport, fport, masq_fport, pw->pw_name);
+
+				goto out_success;
+    		}
+
+			sockprintf(sock, "%d,%d:USERID:%s:%s\r\n",
+				lport, fport, ret_os, suser);
+
+			o_log(NORMAL, "[%s] Successful lookup: %d (%d) , %d (%d) : %s (%s)",
+				ipbuf, lport, masq_lport, fport, masq_fport, pw->pw_name, suser);
+		
+			goto out_success;
+		}
+
 		if (localn != ntohl(SIN4(faddr)->sin_addr.s_addr)) {
 			if (!opt_enabled(PROXY))
 				continue;