Hi Ed, Just curious if you have your directory structure created properly for each of the respective authpf.rules files. Along with your pf.conf and authpf.rules files, you ought to consider posting your authpf directory structure as well.
Best, Kevin ----- Original Message ----- From: "Ed Powers" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, July 04, 2003 12:58 PM Subject: Multi-Users using AuthPF / Anchors > Originally Posted to [EMAIL PROTECTED] - Apologies for the double post. > ------ > > Greets. > > I'm having an issue with authpf where I can only have one user(_id) connected > at the same time. That is, the authpf.rules file gets loaded and works > properly with the anchors I have set in place in pf.conf, but only if the same > user id logs in. When another id logs in it will stop the traffic flow of the > first. And, when the first id severs the SSH connection to the fw, that will > break the data flow for the second. > > More specifically: > > I use authpf to control access to/from my wireless connections and daughters > computer to the internet. > > +---------+ > le0| |hme1 > Net ------+OBSD 3.3 +------ Wireless > | | > +----+----+ > |hme0 > | > Inside > > There are three different user id's (something like): > > userA > userB > kidpc > > And two rulesets: > > Default ruleset is just to allow traffic flow in on the hme1 interface and > allow for wireless machines used by userA and userB get to Net or Inside. > > kidpc ruleset allows for traffic into hme0 for access to Net (subject to other > global rules set on le0). > > If userA authenticates (w/ password protected keys) all is well. If userA > authenticates again - on another machine - everything still continues to work > on both authenticated machines. > > Now, if userB authenticates all appears ok (to userB) but connections for userA > die. And, if the SSH connection for one (or both) of the userA machines is > broken, then userB's connections come to a halt. > > The same occurs when authenticating with kidpc account. > > When watching states with pfctl -ss I see that all of userA's states (except > the ssh connection that is used for the authentication itself) are cleared > when userB authenticates. > > Setup: > Sparc 5 > 3.3 Stable (Built with -mcpu=v8) > > This configuration (that is, with multiple users) worked perfectly on 3.2 on > the same hardware using the "tail" option for authpf.rules placement. > > Thanks for any insight folks. > > Ed Powers > -- > _______________________________________________ > Get your free Verizonmail at www.verizonmail.com > >
