Temporary one-time firewall pass-throughs
-
I once saw a system for accessing network services such as SSH or mysql behind a firewall that worked like this:
Regular users could log into a page on the firewall and choose which server they wanted and how long they want it for.
The web service would add a firewall exception for the specified information for the client IP address.
(Administrators could add for other IPs too.)I am trying to implement a system like this that works with pfSense.
Unfortunately, I have not been able to find that project, so I will be starting from scratch.
I have modified other packages on pfsense, but never created one myself.
I am looking for any thoughts on whether this should be a package or integrated into the www of pfsense.
I could try using the pfsense user manager.
Also, if anyone else has seen such a system, I would like to know.Thank you all.
-
That is sort of a "reverse captive portal" - you may have better luck searching on that term.
Depending on what modifications are needed for that to work, a package may be better. It's too late for something like that to make it into pfSense 2.0 but it may be possible for 2.1 or later.
-
Just to keep this updated, searching for reverse captive portal eventually got me to "Netscreen WebAuth"1 which is almost exactly what I am looking for.
I have winter vacation from school until the end of January, so I will work on it over that time.[1] http://s0.m0n0.ch/wall/list/showmsg.php?id=183/81