RE: [fw-wiz] Firewalling at the domain users level instead of network level

From: Melson, Paul (PMelson_at_sequoianet.com)
Date: 07/19/04

  • Next message: Devdas Bhagat: "Re: [fw-wiz] More Syslog Questions"
    To: "Santos" <casd@netvisao.pt>, <firewall-wizards@honor.icsalabs.com>
    Date: Mon, 19 Jul 2004 16:23:03 -0400
    
    

    You can use iptables to force proxy redirection over specific ports
    through the firewall. Why not redirect that to Squid with LDAP or PAM
    authentication? That would authenticate users by browser session, and
    Squid supports ACL's by username (and group name if using LDAP).

    PaulM

    > -----Original Message-----
    > Hi all.
    >
    >
    > I'm implementing a "Windows clients, Linux servers" kind of network.
    > Some users may login at different machines, therefore, ip
    > level is not
    > enough. I wonder if it's possible to control the access at
    > the "domain
    > users" level instead of network or ip level. I could implement some
    > proxies, but each client machine had to be configured and that would
    > mean extra work. IPtables can filter at the user level, but only with
    > local users. Is there a way to configure iptables and
    > kerberos working
    > together or something like that? Is this doable with PAM? I
    > have read
    > that SAMBA authenticated gateway HOWTO, but it doesn't look very
    > reliable. Well, so basically what i want, is a firewall
    > similar to a ISA
    > Server firewall
    >
    > Any ideas about this would be apreciated, thanks in advance.
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Devdas Bhagat: "Re: [fw-wiz] More Syslog Questions"

    Relevant Pages

    • Re: Feedback solicited - best way to harden a mail/web server?
      ... Was the system protected by a properly configured firewall? ... it's not a bad "starting point" and it can generate an IPtables rule ... > nor is there a web or ftp server; aside from that I haven't tried to secure ... Before I'll install some nifty application ...
      (comp.os.linux.security)
    • Re: EMERGENCY - need to secure my server against an ongoing SPAMMER
      ... computer with a broadband connection. ... that IP range will prevent that spammer from wasting your systems ... This approach eventually makes your firewall machine so busy it has ... A better approach is to use IPTables to deny ALL inbound attempts to ...
      (Fedora)
    • Re: Outlook using RPC over HTTPS does not authenticate using the Kerberos Realm
      ... Used Outlook in Safe Mode, ... For testing, client and server are on the same network, so no proxy server. ... Please first select "Integrated Windows Authentication" on the PRC virtual ... Disable firewall or antivirus on PC, ...
      (microsoft.public.exchange.admin)
    • linux - iptable firewall DNS question
      ... When my firewall is active, i am unable to use name solving features from my ... iptables -P INPUT ACCEPT ... # $ipnet -> adresse ip de l'interface connectée à internet ... echo ACCES AU FIREWALL DEPUIS LOCAL ...
      (comp.security.firewalls)
    • Re: firestarter start failure?
      ... It writes to iptables firewall rules, and then is done, ... unless gui is open. ... Do I have to start Firestarter after I have rebooted? ... When Firestarter is installed from a package, the firewall ...
      (Ubuntu)