We currently use a three-server setup of Firewall-1 NG (2x firewalls
and a managemenent server with Rainwall clustering) and we plan to
move to an open source solution.
We have very specific needs and the one that is very important is: Our
users pay for their internet traffic and pay-as-you-go is an option
for users. In our setup we have about 25000 users.
At the moment they authenticate against a radius server and then the
firewall will allow them to use a set of paid services. Our
programmers are monitoring the stateful connections in real time and
will stop the connection of a user when there is no more money
available for pay-as-you-go-users and store the accounting information
in an SQL-database (postgresql).
Is there a way shorewall can be used in a similar way? From what I
could see in the documentation about accounting is that it is possible
to do accounting for users, but to me that looked like users
registered on the system on which the firewall is running. Can this
type of accounting be done while using a radius server to do
authentication? I suppose the rules will have to be adjusted on the
run as authentications and de-authentications take place and that, if
we use two servers the iptables must be in sync.
Regards
Johann
--
Johann Spies Telefoon: 021-808 4036
Informasietegnologie, Universiteit van Stellenbosch
"Let your conversation be without covetousness; and be
content with such things as ye have: for he hath said,
I will never leave thee, nor forsake thee."
Hebrews 13:5
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
