I've a following situation:
network1 - gate - network2
- network2 has several services.
- network1 has a lot of developers.
I need to make access from developers to services with separated access, for example:
dev1should have access to debug ports onhost1andhost2,dev2should have access to debug portal onhost1andhost3andhost4dev3should have access to http, debug and jmx ports onhost6
So I need one authentication and authorization system for different services. HAProxy could work on TCP level, so I need in AA system, I think radius should be fine.
Is it possible to connect radius with haproxy and make accesses how I'd like to make them ?
Best Answer
I think that your only solution is a custom web application that, when a user logs in, it creates a temporary NAT rule for it (or allows the traffic to the NATted port temporarily).