hi all,
Application gateways can do the authentication based on the
user rather than the ip-address alone. But, using a packet
filter (like ipfw) I think we cannot do the auth based on users -
like for example - I cannot say -
allow user X from machine Y ftp access to outside.
1. I would like to know how hard it would it be to add user level
authentication to ipfw.
2. One solution I feel is to redirect all the packets (of a, say, a TCP
application) to a local port on the firewall so that it can do the
required authentication and use one more connection to send the
packets out using another connection.
But, in that case we will be going to application level for each
packet which is not essential. So, is it possible to
take the help of a user level process to just authenticate (say, at
the initiation of a connection/session) and once the authentication
succeeds forward at the ip-level only?
Will there be any problems in such a scheme?
Any inputs/ideas will be greatly appreciatated.
TIA
gopi
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
