From: "Alex Nee" <hard__ware@dynamicaccess.biz>
To: "lists.netfilter" <netfilter@lists.netfilter.org>
Subject: Re: iptables with LDAP authentication
Date: Tue, 29 Apr 2003 13:54:15 +1000 [thread overview]
Message-ID: <001301c30e03$00a267c0$7b7b10ac@hardware> (raw)
In-Reply-To: 33580.196.1.114.224.1051533291.squirrel@unipune.ernet.in
Would It be possible to maybe get an LDAP server to Inject
Rules as needed via a SSH Tunnel into the Gateway as people were
authenticated ...
then as for quotas use the ipt_quota PoM patch (works well for me)
there is also talk on the developer IRC channels that ipt_quota maybee
getting
a hard & soft limit options aswell, so established & related connections
wont be hard cut off at the limit
effectivelly allowing 'allot' of clients to finnished there web surfing ect
before they get cut off permantly .(until a quota resets or an admin renews
it for them)
----- Original Message -----
From: "Yogesh Subhash Talekar" <yogesh@unipune.ernet.in>
To: <netfilter@lists.netfilter.org>
Sent: Monday, April 28, 2003 10:34 PM
Subject: iptables with LDAP authentication
> hi,
>
> I have a full Class C real IP network. All department have their own Linux
> servers and the last IP (X.X.X.254) is given to the CISCO router which is
> our gateway to Internet. Currently i have a OpenBSD firewall configured as
> bridge with IP-filter.
>
> Now I want to go with Linux firewall, if it will have following features:
>
> 1. It will run IP-tables firewall and will authenticate everyone (rather
> each session for each type of service .. http, ftp, ssh etc.) against the
> central LDAP server which is on some other server.
>
> 2. It will put on bandwidth restriction on each campus departmental
> server. (it is possible with tc/qdisc)
>
> All I want to know is ... is it possible to authenticate the traffic
> flowing thro' a Linux ip-tables bridging firewall against a central
> OpenLDAP database?
> Will it maintain the sessions for each user separately for HTTP (Squid?),
> FTP and telnet or ssh ? Is it possible to log per head traffic and ban
> them if the exceed some limit (say 200 MB per month).
>
> Any suggestions/ links / advice will be highly appriciated.
>
> thanks in advance
>
> --yogesh
next prev parent reply other threads:[~2003-04-29 3:54 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-27 6:11 How to block a range of IPs? Afshin Lamei
2003-04-27 7:25 ` Michael K
2003-04-27 10:42 ` Martin Josefsson
2003-04-28 12:34 ` iptables with LDAP authentication Yogesh Subhash Talekar
2003-04-29 3:54 ` Alex Nee [this message]
2003-04-27 9:26 ` How to block a range of IPs? Cedric Blancher
2003-04-27 11:45 ` FWD: " Julius Wijaya
-- strict thread matches above, loose matches on Subject: below --
2003-04-30 1:05 iptables with LDAP authentication Khanh Tran
2003-04-30 13:40 ` Stefan Nehlsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='001301c30e03$00a267c0$7b7b10ac@hardware' \
--to=hard__ware@dynamicaccess.biz \
--cc=alex@dynamicaccess.biz \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.