From owner-freebsd-chat Wed Sep 29 12: 8:15 1999 Delivered-To: freebsd-chat@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 2F0B1155BB for ; Wed, 29 Sep 1999 12:08:06 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id MAA20055; Wed, 29 Sep 1999 12:07:29 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199909291907.MAA20055@gndrsh.dnsmgr.net> Subject: Re: Filtering port 25 (was Re: On hub.freebsd.org refusing to talk to dialups) In-Reply-To: <199909291738.KAA16940@usr06.primenet.com> from Terry Lambert at "Sep 29, 1999 05:38:51 pm" To: tlambert@primenet.com (Terry Lambert) Date: Wed, 29 Sep 1999 12:07:29 -0700 (PDT) Cc: ben@scientia.demon.co.uk, chat@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > FWIW, most ISPs buy POPs (Points of Presense) from a big provider, > > > and do not control the IP address assignment (even for static IP > > > addresses) nor do they control the account name assignments, which > > > must apriori not conflict with existing RADIUS records from the > > > middle tier provider. > > > > Technical correction, they do control the account name assignments, > > which is done through domainized versions of RADIUS by apending > > a @domain that is used by a local to the POP radius proxy to forward > > the request to the correct client of the big provider. Radiator > > and Merit Radius both have this feature and are used extensivly > > by the wholesale dialup providers. > > The technical name of this suffix is called the RADIUS "realm". Rights, thanks, but I don't use that name for it, it confuses all the other folks around here into thinking that I am talking about our Kerberous stuff :-) ;-). > Not everyone uses this, as they require license fees. Allmost everyone in the wholesale dialup business uses this. A Radiator licence at $1000 is pennies when your dealing with things at this scale. The ISP end of it does not take a modified radius server if the Radiator configuration is set to strip the realm during proxy. > > > We have contracts with some of these wholesale providers and we > > totally control the account name portion. We don't even need to call > > them when we add/delete accounts. > > I assume you are talking accounts using dynamic IP assignment? Mostly, but not totatly, we can do static IP as well. We can even inject routes to get fancier customers with IP space using these setups. It's a lot more complicated and we only have 1 wholesaler that is currently willing to do this, but it works just fine. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message