[rbak-nsp] http redirect for pppoe subscibers / radius commands

David Freedman david.freedman at uk.clara.net
Thu Sep 25 06:48:51 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here is an example http redirect:

!!Context Stuff

context foonet
!
policy access-list you-didnt-pay
!
  seq 10 permit ip any 192.168.1.0 0.0.0.255 class  not-for-redirect-class
<-- customer can return traffic to your NOC subnet (this traffic will
be classed as "not for redirection")
!
  seq 20 permit udp any host <ns> eq domain class not-for-redirect-class
<-- customer can speak to the DNS resolvers (which should not allow them
to tunnel IP over DNS!)
!
  seq 30 permit tcp any 1.2.3.4 0.0.0.0 eq www class not-for-redirect-class
!
<--- Customer can speak to the "you must pay" webserver (should use
ssl as well)
!
  seq 1000 permit ip any any class drop-class
!
<-- Everything else is classified as drop-class (which we will drop
later)
!

!
 http-redirect profile you-didnt-pay
  url https://www.company.com/youdidntpay.cgi?user=%u
!

- -----------------------------------------------------------

!!Global stuff (forward policy must be global but references
your contexts quite confusingly)


forward policy you-didnt-pay

 access-group you-didnt-pay foonet <-- name your context here
  class not-for-redirect-class <-- non http we NEED permitted
  class redirect-class         <-- http redirected
   redirect destination local
  class drop-class             <---non http we DONT NEED dropped
   drop

 access-group  barnet <-- The next context you want
 etc...


!! Radius stuff

Forward-Policy= you-didnt-pay




Forward-Policy is a VSA defined in the redback dictionary:

ATTRIBUTE       Forward-Policy                  92      string
Redback



Marcin Kuczera wrote:
> hello,
> 
> could anyone drop me an example of configuration for HTTP redirect ?
> 
> I have pppoe subscribers, but for those that don't pay I want to
> printout a webpage with information about payment.
> 
> I need an example of full profile, that includes NAT profile,
> http-redirect profile and anything that would be necessary for that.
> 
> It is still to wired for me.. some flow-chart would be helpfull ;-)
> 
> 
> Btw, is it possible to enable radius "command receiver" in SEOS 6.1.1.4
> so that It would be able to send "clear subscriber" command from radius
> to RedBack, to change subscriber profile immediatelly after subscriber
> applies that has accepted the information about payment (warning).
> 
> I tried that with MikroTik, works fine.
> But SEOS seems to be not responding...
> 
> Regards,
> Marcin
> 
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
> 


- --
David Freedman
Group Network Engineering
Claranet Limited
http://www.clara.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFI22yTtFWeqpgEZrIRAoXIAJ43S0wKilWIEcCKJaDCp6tREl+YJgCgivid
JaFhwghEgh7K+kPi45nc2bs=
=pdx4
-----END PGP SIGNATURE-----

More information about the redback-nsp mailing list