Avatar of JasonPJohnson
JasonPJohnson
Flag for United States of America asked on

dynamic firewall rules with authentication

I was looking for an open source solution to a reverse captive portal, I have users that require access to internal resources, FTP, HTTP, HTTPS from the outside. What i want is a public website where they can go type in their username & password and then the firewall will dynamically create a rule that will enable the ports assigned to this user from the source address they are at.

Next to writing my own solution i wanted to know if any thing like this was already done.
Linux NetworkingRoutersHardware Firewalls

Avatar of undefined
Last Comment
JasonPJohnson

8/22/2022 - Mon
Aaron Tomosky

What about something like an sslvpn?
pmasotta

why not just a squid solution
JasonPJohnson

ASKER
Don't want a ssl VPN, squid could work like reverse proxy with authentication so u have any information?
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
ASKER CERTIFIED SOLUTION
pmasotta

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
JasonPJohnson

ASKER
Right but on reverse my  requirement is more like port knocking with a authentication web page, this is also inbound
pmasotta

with squid you do not have a web page, about inbound what's the problem? squid could also listen to a internal NIC
JasonPJohnson

ASKER
SO how would the reverse proxy handle authentication ? I want my external users to authenticate and then be granted temp acess to certain ports ie 3389 for a 30 min
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
pmasotta

no. AFAIK squid does not handle timed authorizations...
JasonPJohnson

ASKER
Back to the drawing board..
hvillanu

Hi,
You can use auth_param digest to autenticate users on Squid.

This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
JasonPJohnson

ASKER
Thanks