Originally Posted to [EMAIL PROTECTED] - Apologies for the double post.
------
Greets.
I'm having an issue with authpf where I can only have one user(_id) connected
at the same time. That is, the authpf.rules file gets loaded and works
properly with the anchors I have set in place in pf.conf, but only if the same
user id logs in. When another id logs in it will stop the traffic flow of the
first. And, when the first id severs the SSH connection to the fw, that will
break the data flow for the second.
More specifically:
I use authpf to control access to/from my wireless connections and daughters
computer to the internet.
+---------+
le0| |hme1
Net ------+OBSD 3.3 +------ Wireless
| |
+----+----+
|hme0
|
Inside
There are three different user id's (something like):
userA
userB
kidpc
And two rulesets:
Default ruleset is just to allow traffic flow in on the hme1 interface and
allow for wireless machines used by userA and userB get to Net or Inside.
kidpc ruleset allows for traffic into hme0 for access to Net (subject to other
global rules set on le0).
If userA authenticates (w/ password protected keys) all is well. If userA
authenticates again - on another machine - everything still continues to work
on both authenticated machines.
Now, if userB authenticates all appears ok (to userB) but connections for userA
die. And, if the SSH connection for one (or both) of the userA machines is
broken, then userB's connections come to a halt.
The same occurs when authenticating with kidpc account.
When watching states with pfctl -ss I see that all of userA's states (except
the ssh connection that is used for the authentication itself) are cleared
when userB authenticates.
Setup:
Sparc 5
3.3 Stable (Built with -mcpu=v8)
This configuration (that is, with multiple users) worked perfectly on 3.2 on
the same hardware using the "tail" option for authpf.rules placement.
Thanks for any insight folks.
Ed Powers
--
_______________________________________________
Get your free Verizonmail at www.verizonmail.com
