Temporary one-time firewall pass-throughs
I once saw a system for accessing network services such as SSH or mysql behind a firewall that worked like this:
Regular users could log into a page on the firewall and choose which server they wanted and how long they want it for.
The web service would add a firewall exception for the specified information for the client IP address.
(Administrators could add for other IPs too.)
I am trying to implement a system like this that works with pfSense.
Unfortunately, I have not been able to find that project, so I will be starting from scratch.
I have modified other packages on pfsense, but never created one myself.
I am looking for any thoughts on whether this should be a package or integrated into the www of pfsense.
I could try using the pfsense user manager.
Also, if anyone else has seen such a system, I would like to know.
Thank you all.
That is sort of a "reverse captive portal" - you may have better luck searching on that term.
Depending on what modifications are needed for that to work, a package may be better. It's too late for something like that to make it into pfSense 2.0 but it may be possible for 2.1 or later.
Just to keep this updated, searching for reverse captive portal eventually got me to "Netscreen WebAuth"1 which is almost exactly what I am looking for.
I have winter vacation from school until the end of January, so I will work on it over that time.