Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 26 May 2000 09:58:32 -0500
From:      "Travis Leuthauser" <travis@winconx.com>
To:        <freebsd-isp@FreeBSD.ORG>, <lures@mozcom.com>
Subject:   Re: Need advice on software for ISP startup using FreeBDS 4.0
Message-ID:  <04b601bfc722$dc577d80$20503cd0@travis>
References:  <250500146.75583@207.206.68.135>

next in thread | previous in thread | raw e-mail | index | archive | help

----- Original Message -----
From: <lures@mozcom.com>
To: <freebsd-isp@FreeBSD.ORG>
Cc: <"[so@server??????????????
Sent: Thursday, May 25, 2000 11:00 PM
Subject: Re: Need advice on software for ISP startup using FreeBDS 4.0


> 2.On the statement No PAP or CHAP Authentication. There was
 <snip>
> This discussion subject has spawned new questions in my mind.
> What is the sequence of events in the login process from an
> windows dial in user?

User connects to NAS, NAS passes off authentication information to
radius server, server returns valid/invalid login.  If valid login, returns
IP
address and so forth to NAS for user, or instructs NAS to assign IP.

>
> Is windows looking for a PAP login behind the scenes?
>

Windows does use PAP to authenticate.

> Who is the master login id/password holder, FBSD or  radius or
> what?

My recommendation would be to set up cistron radius on your freebsd mail
server something like this.

DEFAULT    Auth-Type=System, Simultaneous-Use=1      (System means
/etc/master.passwd, Sim-Use means only one concurrent connection per
username)
        Service-Type=Framed-User,                                      (Set
up as framed-user ie. PPP MPP)
        Framed-Protocol=PPP,
        Framed-IP-Netmask=255.255.255.255,
        Framed-Routing=None,
        Framed-MTU=1500,
        Framed-Compression=Van-Jacobson-TCP-IP,
        Idle-Timeout=1200,
        Session-Timeout=28800

I went through several different radius servers before I found Cistron.  I
works excellently.  Especially the simultaneous-use feature.  It carries
across most NAS
servers.  Whereas several other radius servers you have to use vendor
specific commands.

> costs $890 per month versus $600 per month. Besides ISDN is
> dead with DSL on the horizon. Let some other ISP handle the

Just personal opinion, but I tend to disagree that ISDN is dead, at least
down here in Louisiana.  A large number of businesses are sticking with ISDN
because it's tested and stable.  I think that's the case pretty much
anywhere that has lenient pricing on ISDN circuits like we do.  The circuits
here aren't metered.  It's a flat rate regardless of usage.

> 5. Apache13 form the FBSD ports collection. From the
> responses it looks like no body is using the ports
> collection as they are out of date. Apache 1.3.12 seems to
> be the version to use as it's stable. A post did say that,
> This will be changing to only 3 base Apache servers
> (apache13,apache13+ipv6, and apache13-ssl).  Additional
> functionality would then be added by installing an apache
> module port (mod_ssl, mod_fp, mod_php[34],etc) although 2.0
> is in its 3rd alpha stage.
>
> Well I am lost again. What functionally does ipv6, ssl, fp,
> php provide? Are these functions something your ISP
> supports?

Essentially, the three base apache servers will be just good old web serving
apache.  Apache with support for the new ipv6 implementations, and apache
with ssl (high encryption support).  I'm not sure of the specs of ipv6, I'm
sure someone else here will enlighten us all.  You will need ssl if you are
planning on having customers sign up on line.  I certainly wouldn't submit
my cc # anywhere that doesn't have a secure site.  The fp (frontpage
extensions) make it easy for your users to develop web pages with frontpage,
using the cute little hover buttons and counter, and then publish it to your
server.  php, if I am correct is a database querying tool.  Not too certain
on that, but again, I'm sure someone will enlighten.

>
>
> 6.  On the question, Do I have to use quota to limit disk
> space for web page subscribers. Since the only access to
> the FBSD disk space in my case will come from the
> personal/home web page builders and people who want a
> private FTP site. It seems Quote is the simplest solution.
> I don't want to host business web pages of any sort. If I
> do I have to collect and report taxes on this activity.
> That is just too much red tape for the money.

I would recommend using quotas on your users, that limits the amount of junk
they can store on your server.  If you don't, I promise you will have at
least one user with a ton of stuff in their directory.  You can also use
quotas to limit the size of their email stored on the server.

>
> 7. Your responses were real informing on the subject of
> email software. As I now understand it POP3 sends the email
> to the client and deletes the email from the server,
> whereby IMAP does the sending and them keeps the email on
> the server for some set period. The FBSD sendmail comes
> with SMTP and POP3 which is provided by the popper daemon.
> I want access to the mail system to have login
> Authentication.
>
> How does sendmail handle this with radius controlling the dial
> in world?
>
> I see in the MS Windows OS all the email application need
> the POP and SMTP DNS name or IP address. How do I make this
> happen in FBSD sendmail?

As far as email goes, this is just my personal opinion, but I'd stay as far
away from sendmail as possible.  I haven't had many good experiences with
it.  We run qmail on all of our mail servers.  There are a few reasons for
that.  Security wise, I don't think qmail can be beat.  qmail allows you to
store your user's mail in their home directory which has a few advantages.
One set of quotas controls web storage, ftp storage, and mail.  Meaning it's
up to your user to decide if they wanna use the space you give them for
mail, web, or file storage.  No one gets cheated that way, if they don't
want a web page, then they can keep even more mail on the server.  If they
fill up their storage space with web pages, they get no email.

Regardless of which mail server you decide to run, it will default to using
your master.passwd file.

Hope that helps some.

Travis Leuthauser
Network Administrator
DDS Group



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?04b601bfc722$dc577d80$20503cd0>