Homero, You can specify Framed-Filter-Id and other such attributes. I believe that most NASs support port redirects in filters. Allow me to provide another possible (less expensive?) solution.
Here is what I was planning to do for content filtered users. Check out squid-guard.org. Your cisco 2511 supports WCCP (v1), right? Use WCCPv1 to redirect all port 80 traffic to a squid (squid-cache.org) cache. You can use a group for redundancy. Use FreeRADIUS's exec reply addributes to setup iptables/ipchains rules and use your squid cache box as a radius accounting relay. Setup each user in a secondary group on the radius auth box (ie. grated, pgrated, justcached). Have the reply attribute exec (I haven't read the docs thoroughly on how to do this) iptables and create a redirect from port 80 to whatever port matches the content rating the customer wants. Next time that IP from the pool is used, clear out any rules that match that source address and add in a new one. You may have to devise a means by which to spread the filter rules to a cache group if you run into scalability issues. I'm sure the radius gurus on this list could correct me on a few things here (and they're welcome to :). Good luck and let us know how it goes. Cheers, Mike On Mon, 1 Oct 2001, Homero Borgo Valdez wrote: > Hi! > i want to known if i can assign to an group of users some filter that can be > redirected to an proxy (software of proxy = bessproxyISP) so that users on > that group cann?t view porn sites, etc.. but other users on other group can > have free view > some thing like things on the N2H2 page > (http://www.n2h2.com/support/terminal_server/choicenet2.php) (by the way i > have that service but i don?t have support from they) but they use chap > (login users on the same /etc/raddb/users file!) and i prefer the system > authentication system (/etc/shadow)... > > > radius server SO: solaris X86 > TS: TotalControl, Patton 2800 and Cisco 2511 > and DEFAULT Auth-Type = System > > please help! > by the way spanish is very welcome! ;) > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
