Re: Stronger security with BSD Firewall and Freeradius
On Mon, 2 Apr 2007, Marko Lerota wrote:
> I've seen that is possible to use switch port blocking with freeradius
> and cisco switches via 802.1X and EAP protocol. Here is more info:
> http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
>
> What if I don't have switch that supports 802.1X or I want that blocking
> is done by FreeBSD, not the switch. Because FreeBSD is the firewall or
> gateway to some networks. Is there any solution that implements freeradius
> with PF or any other firewall/blocking feature?
Definition: IEEE 802.1X is an IEEE standard for port-based Network Access
Control.
Port based means, that you have to have large number of ports that you can
control by individual usage.
Ports can be: ethernet ports or wireless port. In the first case you would
need large number of ports in your firewall, which is not really feasible.
The later case you should use hostapd. With the hostapd your can configure
your firewall as a authenticator (802.1x terminology) or access
point, that can provide wireless access based on credential supplied by
your users (userid+password, certificate, etc.).
I suspect you would like to have something similar that authpf do.
Authenticate on the firewall, then allow access on the internal network.
Have a look at man authpf or http://www.openbsd.org/faq/pf/authpf.html
about authpf usage.
I hope this helped.
Best Regards,
Janos Mohacsi
Network Engineer, Research Associate, Head of Network Planning and Projects
NIIF/HUNGARNET, HUNGARY
Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
>
> --
> One cannot sell the earth upon which the people walk
> Tacunka Witco
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)