We're running an iptables setup with scripted authentication, that enables users to reach the internet on a per-ip basis.
Users will authenticate to another machine on the network, that in turn opens a tunnel to the firewall, executes the script and closes the connection. The firewall will then on a regular basis send echo requests to the machine, and in case of a time out it will remove the clients ip- address from the table. How does this compare to a pfauth-based setup. I'm not sure I understand the mechanics of the authentication. Is it indirectly an implementation of ip-authentication thru the use of a secure tunnel as identification? Any thoughts appreciated, \mb
