Can specific user logins be restricted to certain ports? (or, how to allow logins from outside firewall, but restrict administrator access to inside firewall)
I am considering Redmine for management of a project I'm working on. The project spans multiple organizations, so we would need to configure our firewall so that the Redmine server is exposed. Long story, but having everyone VPN in is not an option.
My security folks are OK with this, provided that Redmine can be configured so that the Redmine accounts with administrator privileges cannot be logged-into through the exposed port. In other words, the server allows access through two ports; but the port that's visible outside the firewall does not allow users with administrator access to log in; users with administrator access can only log in via the port that's not visible outside the firewall.
If this is not possible, can anyone think of another way to effect the same result? The only thing I've been able to come up with is to not have any accounts with administrator access; and when administration is necessary, to take the machine off the net from its console and then edit/replace configuration files to give an account administrator privileges in Redmine, and then use that to do admin stuff. But that's a huge pain. Any other ideas?