Link to home
Start Free TrialLog in
Avatar of JasonPJohnson
JasonPJohnsonFlag for United States of America

asked on

dynamic firewall rules with authentication

I was looking for an open source solution to a reverse captive portal, I have users that require access to internal resources, FTP, HTTP, HTTPS from the outside. What i want is a public website where they can go type in their username & password and then the firewall will dynamically create a rule that will enable the ports assigned to this user from the source address they are at.

Next to writing my own solution i wanted to know if any thing like this was already done.
Avatar of Aaron Tomosky
Aaron Tomosky
Flag of United States of America image

What about something like an sslvpn?
Avatar of pmasotta

why not just a squid solution
Avatar of JasonPJohnson


Don't want a ssl VPN, squid could work like reverse proxy with authentication so u have any information?
Avatar of pmasotta

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Right but on reverse my  requirement is more like port knocking with a authentication web page, this is also inbound
with squid you do not have a web page, about inbound what's the problem? squid could also listen to a internal NIC
SO how would the reverse proxy handle authentication ? I want my external users to authenticate and then be granted temp acess to certain ports ie 3389 for a 30 min
no. AFAIK squid does not handle timed authorizations...
Back to the drawing board..
You can use auth_param digest to autenticate users on Squid.