Le jeu 18/12/2003 Ã 05:19, Keith Ealanta a Ãcrit : > I've gathered that packets forwarded from elsewhere can't be restricted by > uid. You can't with standard mean but you can use nufw: http://www.nufw.org to do so. > Is it different if the user is using ssh port-forwarding? > What I find myself needing to do is to allow a couple of external > contractors to have access to different points in our network. > While adequately trusted (i.e. I'm willing to let them ssh in) I'd like to > restrict where else they can connect to. > My thought was that, because the connection is coming through SSH, there is > a local user associated with the connection. > Can anyone confirm this? sshd switch to if of user connected. So it has to be a user associated to if. > If not, and allowing that the contractors are not on fixed ip addresses, how > would you recommend I allow (an unknown number of) people each to have > access to a different specific list of address/port pairs in my local > network? If it is not the case, you can : - or use ipsec with provided keys - or use nufw - or use both : do tunnel and authenticate people in the tunnel NR, -- Eric Leblond Nufw, Now User Filtering Works (http://www.nufw.org)
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?=
