From owner-freebsd-isp Wed May 24 15: 3:17 2000 Delivered-To: freebsd-isp@freebsd.org Received: from loki.intrepid.net (intrepid.net [204.71.127.3]) by hub.freebsd.org (Postfix) with ESMTP id CB4A837BD86 for ; Wed, 24 May 2000 15:03:00 -0700 (PDT) (envelope-from mark@loki.intrepid.net) Received: (from mark@localhost) by loki.intrepid.net (8.8.5/8.8.5) id SAA31949; Wed, 24 May 2000 18:02:48 -0400 Date: Wed, 24 May 2000 18:02:48 -0400 From: Mark Conway Wirt To: Troy Settle Cc: lures@mozcom.com, freebsd-isp@FreeBSD.ORG Subject: Re: Need advice on software for ISP startup using FreeBDS 4.0 Message-ID: <20000524180248.Y26866@intrepid.net> References: <240500145.41002@207.206.68.172> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from troy@picus.com on Wed, May 24, 2000 at 04:21:30PM -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, May 24, 2000 at 04:21:30PM -0400, Troy Settle wrote: > > ** 3. No PAP or CHAP Authentication. > > Reccomend use PAP w/Cistron Radius I prefer Radius, but if he's only using Cisco boxes, TACACs+ would be a viable alternative. There are ports in /usr/ports/net, but I haven't used them. > > ** 6. Firewall for security and to drop all banners and auto Web > ** Page spawning. > > Have fun with this one. You'll probably end up paying lots of money and/or > spending lots of time getting something to work for this. Saw a write-up in Linux J. a few months ago on how to use Apache's rewrite engine to do this, when used as a proxy. The main problem with this approach is getting a good list of pattern matches for the ad URLs. You can do it with regular expressions, and some of the big Ad providers (like doubleclick) would be relatively easy to match, but to do it exhaustively would probably be impossible. > > ** 8. Using a bundled CISCO AS5301-CH terminal server with 48 modems > ** and 2 T1-24 channel lines for dial in. > > I would reccomend that you reconsider your choice of NAS. My experience > with Cisco has been that they make good routers but awful dialup equipment. We demo-ed the Cisco stuff, and it's gotten better. We saw performance similar to Lucent PM-3s. --Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message