Iptables as auth ?

Iptables as auth ?

[Rio Martin.]

Folks,
Is there any way to configure iptables to perform nat only if the 
authentication from radius server is correct ?
I am looking for the documentation on google, but found nothing, need help ..

Regards,
Rio Martin.

-- 
Atlanta makes it against the law to tie a giraffe to a telephone pole
or street lamp.

Re: Iptables as auth ?

[Ramin Dousti]

On Tue, Jul 15, 2003 at 05:38:53PM +0700, Rio Martin. wrote:

> Folks,

Hello,

> Is there any way to configure iptables to perform nat only if the 
> authentication from radius server is correct ?

What is the exact packet flow (for both the initial flow and the RADIUS
packet exchange) that you were expacting? How does an application which is
only smart enough for its own protocol integrate the RADIUS auth? Or how
can you trigger a RADIUS auth from the firewall to the actual user/client
that is generating the traffic?

What you want is only to accomplish by installing client software on all
the client machines... which is not a part of netfilter framework.

Ramin

> I am looking for the documentation on google, but found nothing, need help ..
> 
> Regards,
> Rio Martin.
> 
> -- 
> Atlanta makes it against the law to tie a giraffe to a telephone pole
> or street lamp.
> 

Re: Iptables as auth ?

[Rio Martin.]

On Tuesday 15 July 2003 20:58, Ramin Dousti wrote:
> On Tue, Jul 15, 2003 at 05:38:53PM +0700, Rio Martin. wrote:
> What is the exact packet flow (for both the initial flow and the RADIUS
> packet exchange) that you were expacting? How does an application which is
> only smart enough for its own protocol integrate the RADIUS auth? Or how
> can you trigger a RADIUS auth from the firewall to the actual user/client
> that is generating the traffic?
> What you want is only to accomplish by installing client software on all
> the client machines... which is not a part of netfilter framework.
> Ramin

okay i describe again what i want:
                        
INTERNET ----> Linux NAT Gateway + RADIUS ----> PC Client 1, 2, 3.. 100

Users in PC Client 1 .. 100 must authenticate with RADIUS before its traffic 
goes to Internet. I dont know how its going to work, but what i have in my 
mind for now is RADIUS must cooperate with somekind of daemon that should 
execute iptables to perform NAT to client IP.

Regards,
Rio Martin.



-- 
There is a great discovery still to be made in Literature: that of
paying literary men by the quantity they do NOT write.

Re: Iptables as auth ?

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 930 bytes --]

On Thu, 2003-07-17 at 09:47, Rio Martin. wrote:

> INTERNET ----> Linux NAT Gateway + RADIUS ----> PC Client 1, 2, 3.. 100
> 
> Users in PC Client 1 .. 100 must authenticate with RADIUS before its traffic 
> goes to Internet. I dont know how its going to work, but what i have in my 
> mind for now is RADIUS must cooperate with somekind of daemon that should 
> execute iptables to perform NAT to client IP.

I'm actually working on such a solution, project is for the moment named
gnufw. Some information can be found at http://www.gnufw.org

I planned to release the first version around the beginning of september
(sooner if possible).

For the moment we've got a generic framework and a communication
protocol :
	A daemon that send queued packet to an external server doing auth.

Work is now done on the auth server.

Any contributers are welcome.

BR,
-- 
Eric Leblond <eric@regit.org>
Regit.org

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]