From: "Alex Nee" <hard__ware@dynamicaccess.biz>
To: "lists.netfilter" <netfilter@lists.netfilter.org>
Subject: Re: iptables with LDAP authentication
Date: Tue, 29 Apr 2003 13:54:15 +1000 [thread overview]
Message-ID: <001301c30e03$00a267c0$7b7b10ac@hardware> (raw)
In-Reply-To: 33580.196.1.114.224.1051533291.squirrel@unipune.ernet.in
Would It be possible to maybe get an LDAP server to Inject
Rules as needed via a SSH Tunnel into the Gateway as people were
authenticated ...
then as for quotas use the ipt_quota PoM patch (works well for me)
there is also talk on the developer IRC channels that ipt_quota maybee
getting
a hard & soft limit options aswell, so established & related connections
wont be hard cut off at the limit
effectivelly allowing 'allot' of clients to finnished there web surfing ect
before they get cut off permantly .(until a quota resets or an admin renews
it for them)
----- Original Message -----
From: "Yogesh Subhash Talekar" <yogesh@unipune.ernet.in>
To: <netfilter@lists.netfilter.org>
Sent: Monday, April 28, 2003 10:34 PM
Subject: iptables with LDAP authentication
> hi,
>
> I have a full Class C real IP network. All department have their own Linux
> servers and the last IP (X.X.X.254) is given to the CISCO router which is
> our gateway to Internet. Currently i have a OpenBSD firewall configured as
> bridge with IP-filter.
>
> Now I want to go with Linux firewall, if it will have following features:
>
> 1. It will run IP-tables firewall and will authenticate everyone (rather
> each session for each type of service .. http, ftp, ssh etc.) against the
> central LDAP server which is on some other server.
>
> 2. It will put on bandwidth restriction on each campus departmental
> server. (it is possible with tc/qdisc)
>
> All I want to know is ... is it possible to authenticate the traffic
> flowing thro' a Linux ip-tables bridging firewall against a central
> OpenLDAP database?
> Will it maintain the sessions for each user separately for HTTP (Squid?),
> FTP and telnet or ssh ? Is it possible to log per head traffic and ban
> them if the exceed some limit (say 200 MB per month).
>
> Any suggestions/ links / advice will be highly appriciated.
>
> thanks in advance
>
> --yogesh
next prev parent reply other threads:[~2003-04-29 3:54 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-27 6:11 How to block a range of IPs? Afshin Lamei
2003-04-27 7:25 ` Michael K
2003-04-27 10:42 ` Martin Josefsson
2003-04-28 12:34 ` iptables with LDAP authentication Yogesh Subhash Talekar
2003-04-29 3:54 ` Alex Nee [this message]
2003-04-27 9:26 ` How to block a range of IPs? Cedric Blancher
2003-04-27 11:45 ` FWD: " Julius Wijaya
-- strict thread matches above, loose matches on Subject: below --
2003-04-30 1:05 iptables with LDAP authentication Khanh Tran
2003-04-30 13:40 ` Stefan Nehlsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='001301c30e03$00a267c0$7b7b10ac@hardware' \
--to=hard__ware@dynamicaccess.biz \
--cc=alex@dynamicaccess.biz \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox