From owner-freebsd-isp@FreeBSD.ORG Fri Feb 17 17:55:30 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8229516A420 for ; Fri, 17 Feb 2006 17:55:30 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id E034443D46 for ; Fri, 17 Feb 2006 17:55:29 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: by uproxy.gmail.com with SMTP id h2so305043ugf for ; Fri, 17 Feb 2006 09:55:28 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=fby/Wnv9sKgUwoFB7kBCbuB2iNZuWGBvMekiojG2heJwXYRsmk9N4XH1baAVl15N6W4Fvx4jNedc4a1bih5deD0F6TD/SVzXSoLhZKcWWcTsKVFjUyK0v/x70M7CiPeK5EUvXSz09m4SZt9+cDGpb/lpMbfwza4GDJIZVlf1RyA= Received: by 10.67.26.18 with SMTP id d18mr970657ugj; Fri, 17 Feb 2006 09:55:26 -0800 (PST) Received: by 10.66.223.20 with HTTP; Fri, 17 Feb 2006 09:55:26 -0800 (PST) Message-ID: <8eea04080602170955u6d0875c0n125024190bab1c0@mail.gmail.com> Date: Fri, 17 Feb 2006 09:55:26 -0800 From: Jon Simola Sender: jsimola@gmail.com To: freebsd-isp@freebsd.org In-Reply-To: <20060217162927.GA23261@ns2.wananchi.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20060217162927.GA23261@ns2.wananchi.com> Subject: Re: walled garden concept X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Feb 2006 17:55:30 -0000 On 2/17/06, Odhiambo Washington wrote: > Does anyone know of any tutorials for setting up a "walled garden"? > I work for an ISP and we'd like to allow a specific dialup account > Free Access via our RADIUS, but we want to limit this user to access > just three or so urls: Our customer {registration|renewal|webselfcare} > interfaces only. Configure RADIUS to assign the account an IP from a private range. Then you can redirect any/all http requests to wherever you want. > I am looking for ideas on how this is done. I suppose it's done on the > NAS, yes? It could be done in several ways. If your access server supports local user tables (I've only ever used Livingston/Lucent Portmasters, which do) then it could all be done on the access server. Otherwise, it's some minor network glue to make it work between RADIUS, DNS and webservers. -- Jon Simola Systems Administrator ABC Communications