Date: Sat, 18 Feb 2006 01:30:27 +0000 From: "Siraj 'Sid' Rakhada" <virtualsid@gmail.com> To: "Odhiambo Washington" <wash@wananchi.com>, freebsd-isp@freebsd.org Subject: Re: walled garden concept Message-ID: <d20e2c140602171730j6519b93ex@mail.gmail.com> In-Reply-To: <20060217200318.GC10377@ns2.wananchi.com> References: <20060217162927.GA23261@ns2.wananchi.com> <d20e2c140602170907w11ff00dag@mail.gmail.com> <20060217200318.GC10377@ns2.wananchi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 17/02/06, Odhiambo Washington <wash@wananchi.com> wrote:
> I am foreseeing a situation where I have a new 'customer' or one whose
> service expired. I want these two to be able to dialin to my NASes for
> free, but only get access to site1, site2 or site3. Everything else is
> blocked, until they dialin with the name they are paying for. I will
> give them a common userid/passwd pair for this purpose.
This is exactly the kind of thing I've done a long time ago ('98 or
so)! It was basically so that people could sign up via a signup CD-ROM
:-)
> Your instructions (or Read This F Manual) to do this are welcome.
I hope the following links will point you onto the right track:
This is the kind of system that I used:
http://puck.nether.net/pipermail/cisco-bba/2004-May/000247.html
Cisco's own docs for that system:
http://www.cisco.com/warp/public/480/radius_ACL1.html
I've not done the style described in the url below, but it seems a
similar solution, but with more work on the RADIUS server end:
http://puck.nether.net/pipermail/cisco-bba/2004-May/000247.html
Oh, one tip I will give - don't forget to allow DNS traffic through ;-)
This isn't really a FreeBSD issue as such, so I've tried to keep it
brief as I'm not sure if it's on topic or not.
Hope it helps,
Sid
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d20e2c140602171730j6519b93ex>