From owner-freebsd-questions@FreeBSD.ORG  Mon Jan 24 14:11:44 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CB44F16A4CE
	for <freebsd-questions@freebsd.org>;
	Mon, 24 Jan 2005 14:11:44 +0000 (GMT)
Received: from top.daemonsecurity.com (FW-182-254.go.retevision.es
	[62.174.254.182])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 523EB43D58
	for <freebsd-questions@freebsd.org>;
	Mon, 24 Jan 2005 14:11:44 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from [IPv6???1] (localhost.daemonsecurity.com [127.0.0.1])
	by top.daemonsecurity.com (Postfix) with ESMTP id D4515FD020;
	Mon, 24 Jan 2005 15:11:42 +0100 (CET)
Message-ID: <41F50216.2060206@locolomo.org>
Date: Mon, 24 Jan 2005 15:11:34 +0100
From: Erik Norgaard <norgaard@locolomo.org>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20041114
X-Accept-Language: en, en-us, da, it, es
MIME-Version: 1.0
To: Gareth Bailey <gjbailey@gmail.com>
References: <48a5f32a05012405206911ca59@mail.gmail.com>
In-Reply-To: <48a5f32a05012405206911ca59@mail.gmail.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-questions <freebsd-questions@freebsd.org>
Subject: Re: Internet sharing authentication
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jan 2005 14:11:44 -0000

Gareth Bailey wrote:
> Greetings,
> 
> I have set up a FreeBSD gateway/firewall with ipf and ipnat in the
> past, but I am now confronted with a new challenge. I need to setup
> the firewall to only allow internet (www) access to users who
> successfully authenticate themselves with a username/password
> combination.
> 
> Ideally, a user will open their web browser and be confronted with a
> authentication popup before gaining access to browse the web. Users
> should be able to access mail without authentication.

Squid seems to be your friend for www/ftp.

What do you mean by accessing mail without authenticatoin? hotmail or 
similar? If you want to provide mail service yourself, then users must 
authenticate in order not to be able to read others mail, also by 
authenticating smtp and only allow smtp to your server you prevent virus 
and spambots from spreading.

Cheers, Erik
-- 
Ph: +34.666334818                           web: http://www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID:  A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2