Re: firewall question
Giuseppe Sacco <gsacco@hsomail.com> writes:
> Weel, we have all our data available in a web server, so we'd like to browse
> the data in the same way. Maybe we can have something like:
>
> CLIENT FW SERVER
> browser
> authenticator-daemon firewall web server
>
> when the user outside the firewall ask to connect via https://
> then the firewall can ask the client to autenticate himself.
HTTPS supports client certificates, which you can use to authenticate
the user. A good place to start looking for more information is
<URL:http://www.verisign.com/>.
You should be able to configure something with ipportfw or redir to
just send the HTTPS connections to the firewall to the web server, and
_make sure the web server is secure_, e.g. it only allows connections
from listed client certificates.
You could also put the web server on two IP addresses, and have
virtual servers so that one is used by internal LAN access, and the
other is used by forwarded connections from the firewall. That way
you can configure each virtual server with different security
requirements, e.g. basic authentication for external users if the data
isn't very sensitive. See the web server manual for more details.
--
Carey Evans http://home.clear.net.nz/pages/c.evans/
"Is there anyone who actually believes that USAicans are so modest or
intellectually honest as to be unable to find someone to sue?" - Cameron Laird
Reply to: