From owner-freebsd-isp@FreeBSD.ORG Fri Feb 17 20:03:28 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CE8A16A420 for ; Fri, 17 Feb 2006 20:03:28 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 92DAE43D45 for ; Fri, 17 Feb 2006 20:03:21 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.60 #0 (FreeBSD 4.11-STABLE)) id 1FABp0-0008Sc-Mi by authid for ; Fri, 17 Feb 2006 23:03:18 +0300 Date: Fri, 17 Feb 2006 23:03:18 +0300 From: Odhiambo Washington To: freebsd-isp@freebsd.org Message-ID: <20060217200318.GC10377@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , freebsd-isp@freebsd.org References: <20060217162927.GA23261@ns2.wananchi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.11 (2005-09-15) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.11 Subject: Re: walled garden concept X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Feb 2006 20:03:28 -0000 * On 17/02/06 17:07 +0000, Siraj 'Sid' Rakhada wrote: > Hello Wash, > > On 17/02/06, Odhiambo Washington wrote: > > > Does anyone know of any tutorials for setting up a "walled garden"? > > I work for an ISP and we'd like to allow a specific dialup account > > Free Access via our RADIUS, but we want to limit this user to access > > just three or so urls: Our customer {registration|renewal|webselfcare} > > interfaces only. > > > > I am looking for ideas on how this is done. I suppose it's done on the > > NAS, yes? > > What equipment do you use for the dial-up end? I'm not sure how to do > this on FreeBSD per se, but you can do this kind of solution on Cisco > + RADIUS by sending an av-pair which says to the Cisco 'apply this > access-list' to the virtual interface when the user logs on. > > Does this sound like the kind of solution you want? > > It's been a long long time since I last configured this kind of thing though! That is like what I want, though I am not any familiar with what it is that I want ;-) Let me expound: I simply have three sites: http://{site2|site2|site3}.ourdomain.name We use Cisco eqpt for NAS, and a RADIUS server. site1, site2 and site3 are meant to allow customers to register for, renew or manage the service they have purchased from us. A customer only gets a card that has a serial number and a PIN from our system. This allows them to sign up for or renew a service they already have. The last site allows then the luxury to manage the service. I am foreseeing a situation where I have a new 'customer' or one whose service expired. I want these two to be able to dialin to my NASes for free, but only get access to site1, site2 or site3. Everything else is blocked, until they dialin with the name they are paying for. I will give them a common userid/passwd pair for this purpose. Now what I learnt was that the concept is called "walled garden". Your instructions (or Read This F Manual) to do this are welcome. PS: I have rcvd some pointers off list, but I need more ideas, really. TIA -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ "I cannot and will not cut my conscience to fit this year's fashions." -- Lillian Hellman