vpn problem

Seferovic Edvin edvin.seferovic at kolp.at
Sat Apr 9 17:23:02 CEST 2005


Hi,

you are going the right path, but... 

I would set up a VPN gateway ( poptop for example ), and when they connect
they could get a static IP. Based on this static IP it would be easy to
control their access to db, file or some other server or service on your
network. This would be easy to set up if you have not more then 20 users (
IMHO ). This is only an idea and it is probably not the perfect solution ;)

Regards,

Edvin Seferovic

-----Original Message-----
From: netfilter-bounces at lists.netfilter.org
[mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of Nagy Zoltan
Sent: Samstag, 09. April 2005 18:20
To: netfilter at lists.netfilter.org
Subject: vpn problem


hi

i'm think about how can i set up a vpn on our lan,
and make possible that not all systems are reachable by the connected vpn
users
something like that user A have access to our data servers only, but user B
can access the database,firewall servers
i'm thinking about that if the clients can login to the vpn gw server i
could use gid match to put the clients ip in a recent list,
and i can use the recent lists to mark the packets and filter by that ;)
i'm thinking about that i've missed something...and there is a simpler
solution ;)


kirk






More information about the netfilter mailing list