From: Stefan Nehlsen <sn@ParlaNet.de>
To: netfilter@lists.netfilter.org
Subject: Re: iptables with LDAP authentication
Date: Wed, 30 Apr 2003 15:40:06 +0200 [thread overview]
Message-ID: <20030430154006.A24267@ParlaNet.de> (raw)
In-Reply-To: <01CEA3A5B8B2D511890F0002A5870AEC0128AD79@EXCHANGE>; from khanh@slc.edu on Tue, Apr 29, 2003 at 09:05:32PM -0400
On Tue, Apr 29, 2003 at 09:05:32PM -0400, Khanh Tran wrote:
> Check out:
>
> http://www.linuxselfhelp.com/HOWTO/Authentication-Gateway-HOWTO/setup.html
>
> Scroll down to the 3.2 section. It has a link to a iptables PAM that
> supposedly will insert the proper iptables lines to allow the authenticated
> client access through the firewall. Hope this helps...
How about using ippool?
Instead of using adding and deleting rules, it seems to be easier to me to
filter on pools.
Modifications will be made to the pools.
What is the status of the pool-stuff?
Does it work?
Is it in use?
cu, Stefan
> hi,
>
> I have a full Class C real IP network. All department have their own Linux
> servers and the last IP (X.X.X.254) is given to the CISCO router which is
> our gateway to Internet. Currently i have a OpenBSD firewall configured as
> bridge with IP-filter.
>
> Now I want to go with Linux firewall, if it will have following features:
>
> 1. It will run IP-tables firewall and will authenticate everyone (rather
> each session for each type of service .. http, ftp, ssh etc.) against the
> central LDAP server which is on some other server.
>
> 2. It will put on bandwidth restriction on each campus departmental
> server. (it is possible with tc/qdisc)
>
> All I want to know is ... is it possible to authenticate the traffic
> flowing thro' a Linux ip-tables bridging firewall against a central
> OpenLDAP database?
> Will it maintain the sessions for each user separately for HTTP (Squid?),
> FTP and telnet or ssh ? Is it possible to log per head traffic and ban
> them if the exceed some limit (say 200 MB per month).
>
> Any suggestions/ links / advice will be highly appriciated.
>
> thanks in advance
>
> --yogesh
>
--
Stefan Nehlsen | ParlaNet Administration | sn@parlanet.de | +49 431 988-1260
next prev parent reply other threads:[~2003-04-30 13:40 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-30 1:05 iptables with LDAP authentication Khanh Tran
2003-04-30 13:40 ` Stefan Nehlsen [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-04-27 7:25 How to block a range of IPs? Michael K
2003-04-27 10:42 ` Martin Josefsson
2003-04-28 12:34 ` iptables with LDAP authentication Yogesh Subhash Talekar
2003-04-29 3:54 ` Alex Nee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030430154006.A24267@ParlaNet.de \
--to=sn@parlanet.de \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox