It is a tricky concept, but it can be done with a lot of effort. Probably not for all applications ( since it doesn't make any sense for some of them ). Maybe you should consider making a real network DMZ. The concept of DMZ allows you to define and allow/disallow access to services from the Internet and those from the local LAN. You DO NOT make things or services available "to the DMZ" !
Start simple ! Regards, E:S From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Jesse Stone Sent: Samstag, 06. September 2008 01:50 To: FreeRadius users mailing list Subject: Re: Freeradius Usage Thank you for the quick response. I may not have mentioned this previously but I am by no means a linux/networking expert. The company I work for is pro-MS. Recently, I got the urge to get back into Linux and here I am. My thinking (in regards to network structure) was that I wanted applications intended to the public as far away from my local lan as posible. The local lan requires the app server though- OpenVPN, Samba (as a PDC), misc other things so I wanted it available to the local lan but not to the DMZ. My main questions though are with Freeradius. My setup is for "hobby" purposes only and already I would have difficulty telling you exactly which users have access to what. I want to using a technology like Freeradius or LDAP create 1 central place on the app server that EVERYTHING would authenication to. In a perfect world, the end result would be that I could type something like this: select %user% from permissionsDB and be returned something like this: SSH: NO, OpenVPN: YES, Samba: %Specific group% (which indicates shares available), Shell Access: No, ect Basically, I want a setup where I can easilly scale upwards without having to "teach" each new application how to use a DB. Freeradious also can authenicate my wireless users when would also be great as for all I know, half my bandwidth is being used by my neighbors. -Jesse On Fri, Sep 5, 2008 at 4:34 PM, Edvin Seferovic <[EMAIL PROTECTED]> wrote: Hi, excuse me for asking, but why dont you set up the AppServer in your DMZ ? you could have ( what I call ) the T - structure >< --- INTERNET --> GATEWAY ( server1 ) <---> LOCAL LAN I I DMZ I SERVER2 + APPServer It depends how your users use the gateway and how are they suppose to connect to the Internet. Regards, E:S From: freeradius-users-bounces+edvin.seferovic=kolp.at <http://kolp.at/> @lists.freeradius.org <http://lists.freeradius.org/> [mailto:freeradius-users-bounces+edvin.seferovic <mailto:freeradius-users-bounces%2Bedvin.seferovic> =kolp.at <http://kolp.at/> @lists.freeradius.org <http://lists.freeradius.org/> ] On Behalf Of Jesse Stone Sent: Samstag, 06. September 2008 01:25 To: FreeRadius users mailing list Subject: Freeradius Usage Hi All, I am new to this mailing list and am about to ask a probably very silly question. Please feel free to direct me to resources that'll help me answer them. I want to setup the following: Gateway [server1] - nic1 = Internet - nic2 = DMZ [server2] - nic3 = Router w/ Wireless -> App Server [Server3] (FREERADIUS SERVER HERE) -> Local Lan I read a lot about both Freeradius and LDAP and cannot determine if either can accomplish my goals. What I want is: 1) 1 central place where all user authenication takes place: SSH, Shell Access, Samba, OpenVPN, Mumble, Any other app that requires user administration. 2) This information stored in a SQL type database so that I can build my own custom apps to report on user usage, performance ect. 3) My router has wireless and I have enabled the security features. I would still like authenication to take place before a wireless user is allowed on the network. For example, Currently, I have this: Router w/ Wireless -> App Server [Server3] + Local Lan I want this: Router w/ Wireless -> App Server [Server3] -> Local Lan Is Freeradius the best approach for my needs? Do I need anything else? -Jesse - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html