From owner-freebsd-isp@FreeBSD.ORG  Fri Feb 17 17:07:43 2006
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BBE9516A420
	for <freebsd-isp@freebsd.org>; Fri, 17 Feb 2006 17:07:43 +0000 (GMT)
	(envelope-from virtualsid@gmail.com)
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.200])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 65A3C43D67
	for <freebsd-isp@freebsd.org>; Fri, 17 Feb 2006 17:07:35 +0000 (GMT)
	(envelope-from virtualsid@gmail.com)
Received: by wproxy.gmail.com with SMTP id 37so193431wra
	for <freebsd-isp@freebsd.org>; Fri, 17 Feb 2006 09:07:35 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=qtjsCKLgo6Sb9+D+VqZt9jjdTxuLo0qMWBClNHZ3acke1z+z9BsDt8nLIRtl/fRHuEoYLCPZh+omyeoY75DcZFvl+bD5TalTjPYRK/gCqsJlJxe25d81dQFVh5ja4cZEb3pJQBq9KL5XccZHNQhNCS0wGVmf9MkW2CTyLfrDXb0=
Received: by 10.64.91.17 with SMTP id o17mr1099375qbb;
	Fri, 17 Feb 2006 09:07:34 -0800 (PST)
Received: by 10.65.95.17 with HTTP; Fri, 17 Feb 2006 09:07:34 -0800 (PST)
Message-ID: <d20e2c140602170907w11ff00dag@mail.gmail.com>
Date: Fri, 17 Feb 2006 17:07:34 +0000
From: Siraj 'Sid' Rakhada <virtualsid@gmail.com>
To: Odhiambo Washington <wash@wananchi.com>, freebsd-isp@freebsd.org
In-Reply-To: <20060217162927.GA23261@ns2.wananchi.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <20060217162927.GA23261@ns2.wananchi.com>
Cc: 
Subject: Re: walled garden concept
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2006 17:07:43 -0000

Hello Wash,

On 17/02/06, Odhiambo Washington <wash@wananchi.com> wrote:

> Does anyone know of any tutorials for setting up a "walled garden"?
> I work for an ISP and we'd like to allow a specific dialup account
> Free Access via our RADIUS, but we want to limit this user to access
> just three or so urls: Our customer {registration|renewal|webselfcare}
> interfaces only.
>
> I am looking for ideas on how this is done. I suppose it's done on the
> NAS, yes?

What equipment do you use for the dial-up end? I'm not sure how to do
this on FreeBSD per se, but you can do this kind of solution on Cisco
+ RADIUS by sending an av-pair which says to the Cisco 'apply this
access-list' to the virtual interface when the user logs on.

Does this sound like the kind of solution you want?

It's been a long long time since I last configured this kind of thing thoug=
h!

Regards,

Sid