On 2008/12/18 05:30 PM Jeff Greer wrote: > Hi, > > I am wondering if there is some built in mechanism for authenticating > users so that they can gain full access to the network behind the > firewall? > It has been several years since I used Shorewall but find myself in > need of it again. When I was using it before I hacked pop-before-smtp > to open the full network to users and was wondering if there was a > built in way to do this now. > You'll have to do this manually.
What we do that works very nicely is to define a subzone so we have loc and cloc:loc in zones, loc policy is to drop all and cloc policy is to allow all. Squid has a url_rewrite program that does 'shorewall add eth0:whatever cloc' and then they can breakout. You can obviously replace the squid captive portal system with something to check your pop3 log files or whatever you want. -- Colin Alston <[email protected]> Linux & Internet Services Thusa Business Support (Pty) Ltd Tel: (+27) 031 277 1272 Fax: (+27) 031 277 1269 ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
