From owner-freebsd-isp@FreeBSD.ORG  Fri Feb 17 17:55:30 2006
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8229516A420
	for <freebsd-isp@freebsd.org>; Fri, 17 Feb 2006 17:55:30 +0000 (GMT)
	(envelope-from jsimola@gmail.com)
Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.205])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E034443D46
	for <freebsd-isp@freebsd.org>; Fri, 17 Feb 2006 17:55:29 +0000 (GMT)
	(envelope-from jsimola@gmail.com)
Received: by uproxy.gmail.com with SMTP id h2so305043ugf
	for <freebsd-isp@freebsd.org>; Fri, 17 Feb 2006 09:55:28 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=fby/Wnv9sKgUwoFB7kBCbuB2iNZuWGBvMekiojG2heJwXYRsmk9N4XH1baAVl15N6W4Fvx4jNedc4a1bih5deD0F6TD/SVzXSoLhZKcWWcTsKVFjUyK0v/x70M7CiPeK5EUvXSz09m4SZt9+cDGpb/lpMbfwza4GDJIZVlf1RyA=
Received: by 10.67.26.18 with SMTP id d18mr970657ugj;
	Fri, 17 Feb 2006 09:55:26 -0800 (PST)
Received: by 10.66.223.20 with HTTP; Fri, 17 Feb 2006 09:55:26 -0800 (PST)
Message-ID: <8eea04080602170955u6d0875c0n125024190bab1c0@mail.gmail.com>
Date: Fri, 17 Feb 2006 09:55:26 -0800
From: Jon Simola <jon@abccomm.com>
Sender: jsimola@gmail.com
To: freebsd-isp@freebsd.org
In-Reply-To: <20060217162927.GA23261@ns2.wananchi.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <20060217162927.GA23261@ns2.wananchi.com>
Subject: Re: walled garden concept
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2006 17:55:30 -0000

On 2/17/06, Odhiambo Washington <wash@wananchi.com> wrote:

> Does anyone know of any tutorials for setting up a "walled garden"?
> I work for an ISP and we'd like to allow a specific dialup account
> Free Access via our RADIUS, but we want to limit this user to access
> just three or so urls: Our customer {registration|renewal|webselfcare}
> interfaces only.

Configure RADIUS to assign the account an IP from a private range.
Then you can redirect any/all http requests to wherever you want.

> I am looking for ideas on how this is done. I suppose it's done on the
> NAS, yes?

It could be done in several ways. If your access server supports local
user tables (I've only ever used Livingston/Lucent Portmasters, which
do) then it could all be done on the access server. Otherwise, it's
some minor network glue to make it work between RADIUS, DNS and
webservers.

--
Jon Simola
Systems Administrator
ABC Communications