##########"FreeRadus with mySQL,Apache and Iptables RULZ " !!!#############
#!bull/sh.t
#How did I get this Idea?
#Dealing with deadbeat customers since 1978 !
#After completeing my education at the University of BOFH (try google
#search "BOFH" to find this gemstone.)
#Working with my good debian guru friend "Jay Fluhary"
#My favorite qoute is from apache:
# Do NOT simply read the instructions in here without understanding
# what they do, if you are unsure consult the online docs. You have been
# warned.
#Here we go for the LAST TIME save it if you need it use it at your own
#risk.Dont ask me no, stupid questions, and I wont tell you no lies..YOU
#HAVE BEEN WARNED!...HA!
Run FreeRadius with database (mine is mysqld) and setup "radgroupreply"
table something like this:
1 2minute Session-Timeout = 120 0
2 default Session-Timeout = 21600 0
3 default Idle-Timeout = 1800 0
4 lame Framed-IP-Address = 192.168.0.90 0
5 lame Session-Timeout = 60 0
Off course you must READ and edit raddb.conf and sql.conf !
setup "usergroup" table in mysqld
Give every user "username = default" (the 6 hour bump and 30 min Idle
Timeout)
When payments are late, change the user from default to lame (in
"usergroup" table)
Now when a lame user log's from "radcheck" table, FreeRadius authenticates
from radcheck and checks usergroup table then picks up a deadbeat customer
(lame)set,s the to IP 192.168.0.90 and a two minute session timeout set by
"radgroupreply" table.
The same server must run apache server and virt eth1:? lets say eth1:1 and
be apache's (let's say)192.168.0.89's server.
Now install your page "(mine is"TwighLight Zone" with midi and nice quick
message about paying for your service)" on apache.
Do the iptables much like what a squid proxy would use but:
iptables -t nat -A PREROUTING -p tcp -s 192.168.0.90 -i eth1 -j DNAT --to
192.168.0.89:80 which is my apache eth1:1 "Zone Page"
I did this because payments are always late, if I just disabled customer's
my stupid users would call in and say. "they never recieved a bill !, and
why should they have to pay it's not working, Don't I get a discount for the
rest of the month?"
Well anyhow,Getting back to the theme:
It does not matter where they try to go because iptables keeps them in the
"ZONE well, for two minutes anyhow then drops em like a hot potatoe :)"
I may have missed a few minor details of which, one important note is the
DNAT (nats only to the same machine so apache has to be up on the same
server too)
I would have used the "We are in control....,but that would be the "Outer
Limits" I can see my users claiming I ruined their machine.
I have an old "Indian Head" monoscope pattern from early tv days, on
standby, in case the worst would happen like maybe a router gives up.
#Be nice to your BOFH, you have been warned....HA!
#end of script.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
