From owner-freebsd-hackers@FreeBSD.ORG Tue May 22 10:05:51 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7CE45106564A for ; Tue, 22 May 2012 10:05:51 +0000 (UTC) (envelope-from s@samu.pl) Received: from mail.mydevil.net (mail.mydevil.net [94.23.92.220]) by mx1.freebsd.org (Postfix) with ESMTP id 41EC48FC14 for ; Tue, 22 May 2012 10:05:51 +0000 (UTC) Received: from [192.168.1.101] (user-46-113-83-171.play-internet.pl [46.113.83.171]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.mydevil.net (Postfix) with ESMTPSA id 4772FA7F3 for ; Tue, 22 May 2012 12:04:50 +0200 (CEST) Message-ID: <4FBB64F2.1020000@samu.pl> Date: Tue, 22 May 2012 12:05:38 +0200 From: =?UTF-8?B?SmFrdWIgU3phZnJhxYRza2k=?= User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.23) Gecko/20110922 Thunderbird/3.1.15 MIME-Version: 1.0 To: freebsd-hackers@freebsd.org. X-Enigmail-Version: 1.1.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: Re: Separating IP addresses between users X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 May 2012 10:05:51 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 16.05.2012 21:06, Will Froning wrote: > Hello Jakub, > > I've never used it, but have you looked at authpf(8)? A quick look at the man pages suggest you can have different NAT entries per-user. > > Thanks, > Will > > -- > Will Froning > Unix SysAdmin > Will.Froning@GMail.com > MSN: wfroning@angui.sh Hi, If I understand the manual page correctly, it allows for per user NAT entriees, but only on their sshd(8) sessions. What I need is to separate every service of an user - crontab launched software, php-spawned applications, every possible aspect of his account. A jail-based solution would be fine, so that the user can 'see' all the IPs I allow him to 'see' in a network interface. (I hope that my mail client isn't screwed up again and I've actually replied to the maillist, and not started a new thread...) - -- Best Regards, Jakub SzafraƄski -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEbBAEBAgAGBQJPu2TyAAoJEMFTYabJw8eXj84H+MY9NU1jrEfvzvJOL+Kf8+A/ 8l4XzN/qkmsDV2WuzwGByZNmeTSH89V3iVSic6mAL1agMnDuY1TV5rbslX/b+uNd fwwbFW279OEsRhVXAFTT6i+8yGab47Zw28SoF+fTPvW+FarL2rCROrsYnI7qff0L 9kRJ4BD8taS1RFDZZj13nHuHWnQlApCib3NAEQumiWXILS9eNHLAs9lNV1P24baW JWpz4spCYnN6jKjDPnN4PXERHMLYTvZy9DUl6x9GWcT7V4OL80z72ur/tomIXvZ6 UHYrBU72TkJCTMi8Nw7DV/NYeL3ACFWQN8lFO4cOB07mc3bJrdy4tylu/iFqlA== =kdWX -----END PGP SIGNATURE-----