I've gathered that packets forwarded from elsewhere can't be restricted by uid. Is it different if the user is using ssh port-forwarding? What I find myself needing to do is to allow a couple of external contractors to have access to different points in our network. While adequately trusted (i.e. I'm willing to let them ssh in) I'd like to restrict where else they can connect to. My thought was that, because the connection is coming through SSH, there is a local user associated with the connection. Can anyone confirm this? If not, and allowing that the contractors are not on fixed ip addresses, how would you recommend I allow (an unknown number of) people each to have access to a different specific list of address/port pairs in my local network? Hoping someone can come up with something > Keith Ealanta > Support Engineer > > There are 10 types of people in this world, those who understand > trinary, those who don't, and those who are sick of this joke. ------------------------------------------------------------- Keith Ealanta Software Support Engineer Golf Partners Australia Limited Tel: +61 3 8575 5050 Direct: +61 3 03 8575 5085 Mobile: Fax: +61 3 Email: kealanta@xxxxxxxxxxxxxxxxxxx Web: www.golflink.com.au ------------------------------------------------------------- This message and any attachments (the "message") are confidential and intended solely for the addressees. Any unauthorised use or distribution is prohibited.
