Vega - Brunello Ivan skrev: > I'll to expand the explanation: > > 1) I need something which let customers' clients perform some sort of > auto-registration. > 2) Firewall should lookup access against such list, and just let registered > users. > 3) allowed users should get in, notably on FTP services, but maybe other > ones. > 4) I expect not to have access to clients (this are owned and managed by > other IT infrastructures), > so I don't expect to be able to install any kind of sw, but I could try > to pass specs to IT managers > > Looking at the above specs the easiest thing I could think of is DDNS:
Dynamic DNS? > - has public specs, so can be valitated by external IT managers > - is not (always) tied to a specific client > - could be made transparent to end-users (they do not need to "go to that > site and insert credentials to register"). > You have a PAM-module for iptables, see howto: http://www.linuxjunkies.org/html/Authentication-Gateway-HOWTO.html Never implemented that myself, though. And it doesn't seem to be exactly what you need. > Sorry for not being enough clear, but I'm checking against requisites my > developers pass me every now and then. Interesting enough! But this case seems kinda off base to me. You need to authenticate untrusted hosts which requires you to expose *something* to the world. I would keep that *something* away from my firewall as I don't want it to interact with a user like that. A chrooted FTP would be a more clever way to go about or use some VPN solution. There are SSL-based VPN solutions using activex which do not require client installation, but will require use of Internet Explorer. > Ivan > >> -----Messaggio originale----- >> Da: Vidar Tyldum Hansen [mailto:[EMAIL PROTECTED] >> Inviato: venerdì 5 gennaio 2007 21.44 >> A: Vega - Brunello Ivan >> Cc: '[email protected]' >> Oggetto: Re: OT: To all Netfilter gurus >> >> Vega - Brunello Ivan skrev: >>> I wish to check for a possible deployment: >>> >>> 1) have a firewall which should filter by IP source address >>> 2) want to publish an internal FTP server >>> 3) I want to enable ip address of client to access internal client >>> ONLY if it successfully authenticates. >>> >>> >>> Authentication and IP authorization should be transparent to users. >> Limit SYN-packets to 2 over 10 minutes or something? I fail >> to see what exactly you try to accomplish with this. >> Extreme paranoia about bugs in the FTP software? >> >> Enlighten us (or just me if I'm being narrow minded?) :) >> > _______________________________________________ > tsl-discuss mailing list > [email protected] > http://lists.trustix.org/mailman/listinfo/tsl-discuss _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
