that was my point, I would rater not use WCCP, because the router we have access to here doesnt have access to it.
I was thinking that rather than having RADIUS specify the IP range... I could set certain users to be assigned to tunnel to the DansGuardian box, it would solve my problems...
I was looking for any insight into if anyone else had any type of solution for forwarding certain users to a content filtering box using radius.
Thanks Again, Ryan
Dana Hudes wrote:
Tunneling implies some encapsulation. This is not what WCCP does.
Use your router configuration to send http traffic for certain ip address ranges to the proxy. Use RADIUS to assign the users
that need content filtering to the appropriate address range.
This ip address assignment is the only role RADIUS plays.
If you need help making the appropriate configuration for freeradius
to assign ip address based on authenticated username, by all means
speak up (after you've read the documentation). The rest is out of scope of this list.
On Tue, 3 Aug 2004, Ryan Leonard wrote:
So Dana and I discussed using a WCCP capeable router to push http traffic through the proxy... The oly problem is, I don't want it for all users, just certain ones. I was hoping to be able to tunnel certain users, or assign certain users a proxy server upon logging in.
Anyone else have any ideas?
Ryan
Dana Hudes wrote:
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlIt is not the job of RADIUS to do content filtering. Traffic filters, yes you can always throw those in to prevent ip address spoofing and so on.
Accomplish content filtering with a transparent proxy and use WCCP to push the http traffic to your proxy. Contact me off-list for additional guidance.
On Tue, 3 Aug 2004, Ryan Leonard wrote:
We are looking for a solution to provide content filtering to dialup customers. Currently we have to setup access on each machine to use a proxy. This is a horrible way for obvious reasons.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I am looking for a way to force certain users to go through our proxy... I can't find anything about this, the only thing I could think of was a tunnel.
Tunnel-Type:0 = L2F, Tunnel-Medium-Type:0 = IP, Tunnel-Server-Endpoint:0 = 209.128.224.130,
I am not sure if my tunnel is messed up, or if I am dreaming... any ideas?
Ryan
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
