hallo, btw, on AIX, for example, they have an ability to allow only a certain group of users to use a particular route. kinda cool? looking at the linux route man page, i do not see a similar option. this would be a good project after the fall semester is over :) bye, -alexm On Wed, 22 Nov 2000, Steffen Dettmer wrote:
* Andreas Siegert wrote on Tue, Nov 21, 2000 at 10:56 +0100:
User Auth could be some Client on the WinXXX side that allows the user to enter user id / password or SecurID key that is checked by the Firewall before it allows routing of packets coming from 10.1.1.1
If there's nothing for linux avialable, you could develop (or hack) something. You could use a auth connect allowing routing for some time. If that connect and auth succeeded, a rule is inserted or remove in a IP chain. Another program or daemon or similar have to check the age (or whatever your criterias are) and remove the rules under some conditions.
For auth connects you could use some CGI script, a SSH connect to a special "login/auth" shell (wouldn't be so difficult I think; password auth is done by SSH, the shell (the mini program) just need to notify some daemon or similar to open the firewall). Same for telnet (since SSH tunneled in IPSec is not required I think :)). Or you run a own listener on some free port (maybe useing tcpserver or inetd).