I've a following situation:
network1 - gate - network2
- network2 has several services.
- network1 has a lot of developers.
I need to make access from developers to services with separated access, for example:
dev1
should have access to debug ports onhost1
andhost2
,dev2
should have access to debug portal onhost1
andhost3
andhost4
dev3
should have access to http, debug and jmx ports onhost6
So I need one authentication and authorization system for different services. HAProxy could work on TCP level, so I need in AA system, I think radius should be fine.
Is it possible to connect radius with haproxy and make accesses how I'd like to make them ?
Best Answer
I think that your only solution is a custom web application that, when a user logs in, it creates a temporary NAT rule for it (or allows the traffic to the NATted port temporarily).