hi, I have a full Class C real IP network. All department have their own Linux servers and the last IP (X.X.X.254) is given to the CISCO router which is our gateway to Internet. Currently i have a OpenBSD firewall configured as bridge with IP-filter. Now I want to go with Linux firewall, if it will have following features: 1. It will run IP-tables firewall and will authenticate everyone (rather each session for each type of service .. http, ftp, ssh etc.) against the central LDAP server which is on some other server. 2. It will put on bandwidth restriction on each campus departmental server. (it is possible with tc/qdisc) All I want to know is ... is it possible to authenticate the traffic flowing thro' a Linux ip-tables bridging firewall against a central OpenLDAP database? Will it maintain the sessions for each user separately for HTTP (Squid?), FTP and telnet or ssh ? Is it possible to log per head traffic and ban them if the exceed some limit (say 200 MB per month). Any suggestions/ links / advice will be highly appriciated. thanks in advance --yogesh
