From owner-freebsd-isp Mon Jun 29 08:06:32 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA00960 for freebsd-isp-outgoing; Mon, 29 Jun 1998 08:06:32 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from ns.webwizard.net.mx (mexcom.net.mx [207.249.162.140]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA00820 for ; Mon, 29 Jun 1998 08:06:09 -0700 (PDT) (envelope-from eculp@webwizard.org.mx) Received: from sunix (eculp@sunix.mexcom.net [206.103.64.3]) by ns.webwizard.net.mx (8.8.8/8.8.7) with SMTP id KAA17310; Mon, 29 Jun 1998 10:02:52 -0500 (CDT) Message-ID: <3597AD18.4269525F@webwizard.org.mx> Date: Mon, 29 Jun 1998 10:04:56 -0500 From: Edwin Culp Organization: Mexico Communicates X-Mailer: Mozilla 3.01Gold (X11; I; Linux 2.0.14 i586) MIME-Version: 1.0 To: Evren Yurtesen CC: freebsd-isp@FreeBSD.ORG Subject: Re: cisco References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Evren Yurtesen wrote: > > the problem is I just do not want my dialup user to not to be able > to use port 80, I do not want people on my local network to not to > be able to use port 80 too! > how may I do it? That is why I suggested tacacs. First you create your acl's on your cisco, but you don't apply them. You build and install tacas and configure it according to the manual I referenced before. You then apply the acl's on a user and/or group basis. some maybe helpful Reference material http://www.cisco.com/cpropub/univercd/data/doc/software/11_1/rfun/lrsysmgt.htm http://www.cisco.com/warp/public/701/31.html http://www.cisco.com/warp/public/76/7.html The most important is the file users_guide that comes in the tac_plus source directory. probecho ed > > +--------------------------------------------------------+ > | Name : Evren Yurtesen - yurtesen@ispro.net.tr | > | S-mail: Mithatpasa Cad. No:1079/13 35290 Guzelyali | > | Home:+90-232-2857604 Work:+90-232-2463992 Izmir/TURKEY | > +--------------------------------------------------------+ > > On Mon, 29 Jun 1998, Edwin Culp wrote: > > > Evren Yurtesen wrote: > > > > > > hello > > > this is not exactly related to freebsd, sorry but... :) > > > well I want to restrict my users to use port 80 to surf on the net, > > > instead I want them to use my proxy server at port 8080. > > > because I have limited bandwidth, also I just want to close port 80 > > > for my users, the other people should be able on the outside should > > > be able to connect my proxy server. > > > > > > also I want to do the reverse action to my un*x machines... > > > I do not want other people who are not belonging to my domanin > > > to be able to make telnet to my machines, but I want the people here > > > to be able to make telnet to their accounts outside... > > > > > > how may I do this? > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-isp" in the body of the message > > > > tacacs permits per user acl's for cisco, in addition to accounting. > > There is a port > > /usr/ports/net/tac_plus in the work/tac* directory there > > should be a pretty good tutorial type manual. > > > > provecho, > > > > ed > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message