Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Temporary one-time firewall pass-throughs

    Firewalling
    2
    3
    2668
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yakatz last edited by

      I once saw a system for accessing network services such as SSH or mysql behind a firewall that worked like this:
      Regular users could log into a page on the firewall and choose which server they wanted and how long they want it for.
      The web service would add a firewall exception for the specified information for the client IP address.
      (Administrators could add for other IPs too.)

      I am trying to implement a system like this that works with pfSense.
      Unfortunately, I have not been able to find that project, so I will be starting from scratch.
      I have modified other packages on pfsense, but never created one myself.
      I am looking for any thoughts on whether this should be a package or integrated into the www of pfsense.
      I could try using the pfsense user manager.
      Also, if anyone else has seen such a system, I would like to know.

      Thank you all.

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        That is sort of a "reverse captive portal" - you may have better luck searching on that term.

        Depending on what modifications are needed for that to work, a package may be better. It's too late for something like that to make it into pfSense 2.0 but it may be possible for 2.1 or later.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • Y
          yakatz last edited by

          Just to keep this updated, searching for reverse captive portal eventually got me to "Netscreen WebAuth"1 which is almost exactly what I am looking for.
          I have winter vacation from school until the end of January, so I will work on it over that time.

          [1] http://s0.m0n0.ch/wall/list/showmsg.php?id=183/81

          1 Reply Last reply Reply Quote 0
          • First post
            Last post