From owner-freebsd-isp@FreeBSD.ORG Sat Feb 18 01:30:29 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C49E16A420 for ; Sat, 18 Feb 2006 01:30:29 +0000 (GMT) (envelope-from virtualsid@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B1DE43D46 for ; Sat, 18 Feb 2006 01:30:29 +0000 (GMT) (envelope-from virtualsid@gmail.com) Received: by zproxy.gmail.com with SMTP id 40so553094nzk for ; Fri, 17 Feb 2006 17:30:28 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ILn5fOQmw3mLgiP7EnVJd7k7cL3ovf3S0WzzA3DlRrfyqi+MmhwYQqrv5Zc2w/6Jjo4fwtiPT8UVfFhUm3bOqnVyE9L58XFqyT9fmtdgiY2MCZfnO43Wkmn3jwvmLEcB14jRr7XP360vrlsAppNwXwXVVcVLPciG61ip/8kRQgo= Received: by 10.65.100.10 with SMTP id c10mr80893qbm; Fri, 17 Feb 2006 17:30:27 -0800 (PST) Received: by 10.65.95.17 with HTTP; Fri, 17 Feb 2006 17:30:27 -0800 (PST) Message-ID: Date: Sat, 18 Feb 2006 01:30:27 +0000 From: "Siraj 'Sid' Rakhada" To: "Odhiambo Washington" , freebsd-isp@freebsd.org In-Reply-To: <20060217200318.GC10377@ns2.wananchi.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20060217162927.GA23261@ns2.wananchi.com> <20060217200318.GC10377@ns2.wananchi.com> Cc: Subject: Re: walled garden concept X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Feb 2006 01:30:29 -0000 On 17/02/06, Odhiambo Washington wrote: > I am foreseeing a situation where I have a new 'customer' or one whose > service expired. I want these two to be able to dialin to my NASes for > free, but only get access to site1, site2 or site3. Everything else is > blocked, until they dialin with the name they are paying for. I will > give them a common userid/passwd pair for this purpose. This is exactly the kind of thing I've done a long time ago ('98 or so)! It was basically so that people could sign up via a signup CD-ROM :-) > Your instructions (or Read This F Manual) to do this are welcome. I hope the following links will point you onto the right track: This is the kind of system that I used: http://puck.nether.net/pipermail/cisco-bba/2004-May/000247.html Cisco's own docs for that system: http://www.cisco.com/warp/public/480/radius_ACL1.html I've not done the style described in the url below, but it seems a similar solution, but with more work on the RADIUS server end: http://puck.nether.net/pipermail/cisco-bba/2004-May/000247.html Oh, one tip I will give - don't forget to allow DNS traffic through ;-) This isn't really a FreeBSD issue as such, so I've tried to keep it brief as I'm not sure if it's on topic or not. Hope it helps, Sid