On Mon, Sep 24, 2007 at 12:57:19PM +0200, Max Laier wrote: > On Monday 24 September 2007, Cristian KLEIN wrote: > > Christopher Cowart wrote: > > > The real question is: what's the best way to dynamically update the > > > NAT table? > > > > You may use IPFW with IPNAT or PF instead. PF is able to reload its > > configuration without disruption. Moreover, because the state table is > > not flushed during a reload, you can even move NATed clients from one > > public IP to another, without them noticing. > > In fact pf comes with an almost ready-made sollution. Check out authpf(8) > for details.
That looks pretty cool. The problem is these are not local users; the only way to authenticate them is to use web-based services. -- Chris Cowart Lead Systems Administrator Network & Infrastructure Services, RSSP-IT UC Berkeley
pgp5PM4J8pomA.pgp
Description: PGP signature
