I have a use case for authpf. However, I'd prefer to stick with IPFW as it seems to be more maintained and more recent than the included PF version. However, I've been unable to locate an alternate option that'll work with IPFW.
Maybe I'm missing something, or maybe there's another way...? Please advise.
Here's my use case:
I have a VPN network that provides services to untrusted users. The servers they access are also used by internal people and, as such, need to remain connected to the internal network as well as be accessible to the untrusted VPN users.
So the untrusted users VPN into the edge router and are placed in a VLAN. There's an authentication router with one port in the VLAN and the other in the internal network.
authpf is used to allow the user to SSH to the authentication router. After successful authentication, their VPN client IP is used to create the requisite firewall rules to redirect specific ports to specific servers on the private network for services that the untrusted user is allowed to access.
When the VPN user is finished and their SSH session ends, the firewall rules are removed.
Maybe I'm missing something, or maybe there's another way...? Please advise.
Here's my use case:
I have a VPN network that provides services to untrusted users. The servers they access are also used by internal people and, as such, need to remain connected to the internal network as well as be accessible to the untrusted VPN users.
So the untrusted users VPN into the edge router and are placed in a VLAN. There's an authentication router with one port in the VLAN and the other in the internal network.
authpf is used to allow the user to SSH to the authentication router. After successful authentication, their VPN client IP is used to create the requisite firewall rules to redirect specific ports to specific servers on the private network for services that the untrusted user is allowed to access.
When the VPN user is finished and their SSH session ends, the firewall rules are removed.