Thread: Wireless Setup With AuthPF Help
View Single Post
  #3   (View Single Post)  
Old 1st July 2014
EverydayDiesel EverydayDiesel is offline
Shell Scout
  
Join Date: Jan 2009
Posts: 124
Default
Thanks for your help!

Quote:
Originally Posted by jggimi View Post
1. The "auth_web" server is where requests from an unauthenticated user to any IP address's destination port 80 are routed. That local server can place a static page telling the user to authenticate, etc. Once a user is authenticated (this means having an active SSH console session to an authpf login shell on the server running PF), this traffic is no longer intercepted and can go where the user intended.
So if the web service was running on the same machine i would just put 127.0.0.1 for the auth_web variable?


Quote:
Originally Posted by jggimi View Post
2. The authpf_users table is described in both the AuthPF chapter of the PF User's Guide and in the authpf(8) man page. I'll quote from the Guide.
Code:
In addition to the $user_ip macro, authpf will make use of the authpf_users table (if it exists) for storing the IP addresses of all authenticated users. Be sure to define the table before using it...
The best I can tell this table is created in memory and maintained by openbsd as long as I add this line to my pf.conf. If someone logs on via ssh then somehow it will know to add the user to this table?
Code:
table <authpf_users> persist

Quote:
Originally Posted by jggimi View Post
3. This is the author's known external (Internet) static address. See the comments above the last two rules in that HOWTO, where the macro is used. We try not to put our actual Internet address in public forums when we share our rulesets. Weaknesses might be discovered and exploited. The Internet is a dangerous place.
Being that is the case, I would say that the variable needs to be $ext_if instead of an external ip address.?.


Quote:
Originally Posted by jggimi View Post
4. Anchor options are discussed in the Anchor chapter of the PF User's Guide. I'd mentioned this chapter to you two days ago, in your thread on scheduling connections.
Unfortunately I have been stuck on creating tables. I have been reading and I am trying to understand how to implement them better before I actually do one.
The best I can tell some are created in memory and defined in the actual config file and others are files that are saved on the hard drive. I will experiment with these a bit later but at the moment I am still learning.
Reply With Quote