One means to insert and remove Netfilter rules is to use
pam_iptables. This is a pluggable authentication module (PAM)
written by Nathan Zorn that can be found at
http://www.itlab.musc.edu/~nathan/pam_iptables
.
This PAM module allows users to use ssh and telnet to authenticate
to the gateway.
Another means to dynamically remove and create Netfilter rules is
to use NocatAuth. NocatAuth can be found at
http://nocat.net
.
NocatAuth provides a web client for authenticating to the gateway.
The authentication gateway will act as the dynamic host
configuration protocol (DHCP) server for the public network. It
only serves those requesting DHCP services on the public
network. I used the
ISC DHCP Server
.
The gateway can use any means of PAM authentication. The
authentication mechanism the Medical University of South Carolina
uses is LDAP. Since LDAP was used for authentication, the pam
modules on the gateway box were set up to use LDAP. More
information can be found at
http://www.padl.com/pam_ldap.html
.
PAM allows you to use many means of authentication. Please see the
documentation for the PAM module you would like to use. For more
information on other methods, see
pam modules
.
If NocatAuth is used, an authentication service needs to be setup.
The NocatAuth authentication service supports authentication with
LDAP,RADIUS,MySQL,and a password file. More information can be
found at
http://nocat.net/download/NoCatAuth/
.
The gateway box also serves as a DNS server for the public
network. I installed Bind, and set it
up as a caching nameserver. The rpm package caching-namserver was
also used. This package came with Red Hat.
