Firewalling at the domain users level instead of network level

Discussion in 'Linux Networking' started by Santos, Jul 18, 2004.

  1. Santos

    Santos Guest

    Hi all.


    I'm implementing a "Windows clients, Linux servers" kind of network.
    Some users may login at different machines, therefore, ip level is not
    enough. I wonder if it's possible to control the access at the "domain
    users" level instead of network or ip level. I could implement some
    proxies, but each client machine had to be configured and that would
    mean extra work. IPtables can filter at the user level, but only with
    local users. Is there a way to configure iptables and kerberos working
    together or something like that? Is this doable with PAM? I have read
    that SAMBA authenticated gateway HOWTO, but it doesn't look very
    reliable. Well, so basically what i want, is a firewall similar to a ISA
    Server firewall

    Any ideas about this would be apreciated, thanks in advance.


    Santos
     
    Santos, Jul 18, 2004
    #1
    1. Advertisements

  2. First, you want a linux version of ISA server. Well, the domain
    concept of windows is kind of logical ... so, you might have to get
    down to ip level filtering. You can use squid and iptables for that.
    You can run dhcpd but associate that with MAC , so the ip remains
    same. use these ip ranges or individual ips in squid access control
    list and iptables.

    Someone else might help you with samba kind of solution.


    hth
     
    Raqueeb Hassan, Jul 18, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.