Home » Mailing list archives » openbsd-misc » 2010 » December » 7

Doubts about dynamic forwarding and traffic queueing

Previous thread: Re: 'cvs update' asking for password?! by Dave Anderson on Tuesday, December 7, 2010 - 4:19 pm. (1 message)

Next thread: Attention.your account has been blocked by Bank security on Tuesday, December 7, 2010 - 1:25 pm. (2 messages)
[view original message]
From: Leonardo Rodrigues
Subject: Doubts about dynamic forwarding and traffic queueing
Date: Tuesday, December 7, 2010 - 4:47 pm

Hello everyone,

I'm trying to come up with a solution for the following scenario, and
its answer still eludes me...

An user sets up an SSH connection (using flags -N -D) with dynamic
forwarding enabled (for web surfing, git, messenger, etc), to an
OpenBSD machine. That machine runs PF and traffic queueing.

Is there a way to shape/queue traffic for that user, based on that
user id (for example, using authpf-noip)?
Since port forwarding has to be disabled in the SSH daemon, in order
to prevent users from circumventing authpf, is there a way to still
have the dynamic forwarding behaviour using only PF rules loaded by
authpf-noip for that user?

Any insight on the matter is welcomed =)


[ message continues ]
Previous thread: Re: 'cvs update' asking for password?! by Dave Anderson on Tuesday, December 7, 2010 - 4:19 pm. (1 message)

Next thread: Attention.your account has been blocked by Bank security on Tuesday, December 7, 2010 - 1:25 pm. (2 messages)