Hi, you are going the right path, but... I would set up a VPN gateway ( poptop for example ), and when they connect they could get a static IP. Based on this static IP it would be easy to control their access to db, file or some other server or service on your network. This would be easy to set up if you have not more then 20 users ( IMHO ). This is only an idea and it is probably not the perfect solution ;) Regards, Edvin Seferovic -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Nagy Zoltan Sent: Samstag, 09. April 2005 18:20 To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: vpn problem hi i'm think about how can i set up a vpn on our lan, and make possible that not all systems are reachable by the connected vpn users something like that user A have access to our data servers only, but user B can access the database,firewall servers i'm thinking about that if the clients can login to the vpn gw server i could use gid match to put the clients ip in a recent list, and i can use the recent lists to mark the packets and filter by that ;) i'm thinking about that i've missed something...and there is a simpler solution ;) kirk
