Re: [Emerald] Adding filters on a PM3
Ed Miller ( (no email) )
Tue, 2 Feb 1999 10:47:31 -0500
We are using Emerald 2.5.227 and the PM3's w/3.8.2 OS as our RAS.
>What we are trying to do is to set up an online signup system that will let
>anyone to access our RAS with a set username and password (for example
>username : newcustomer and password : newcustomer). Those who are dialing
>with this username and password will be told to go to our subscription page
>(for example subscribe.abcnet.com w/IP 220.127.116.11)to fill out the
>relevant pages and get a membership online.
>To achieve this we added a filter named online to the PM3 as below. Our aim
>is to prevent people to go anywhere else other than the subscription page.
>Let's assume that our DNS server is at 18.104.22.168 :
>Filtername : online
> 1 permit 0.0.0.0/0 22.214.171.124/32 tcp dst eq 53
> 2 permit 0.0.0.0/0 126.96.36.199/32 udp dst eq 53
> 3 permit 0.0.0.0/0 188.8.131.52/32 tcp dst eq 80
>Once this was accomplished we created a service account (name : online
>subsciption) in Emerald and added as the service default Framed-Filter :
>Guess what? It didn't work. People acessing the RAS with the above filter
>and username/password can still go anywhere they want.
>We found out that the Rad Attribute should be Framed-Filter-Id for PM3 and
>changed that accordingly. But still it let's everyone through.
>What are we doing wrong here ? Should we add the rad attribute as a VSA ?
>Is something wrong with the filter ?
>Any help will be appreciated.
I have no answer to this but I do have a question. Why RAS? Arn't you using
RadiusNT with the Emerald? Do you mean NAS?
For more information about this list, including removal,
please see http://www.iea-software.com/maillist.html