OT: Re: Deny internet access to delinquent accounts

[19bab79]

I am sorry to say, but hiring a consultant is completely out of the question.
The only way to learn is to jump in and do it myself. Then, I will also know
how everything works if things end up breaking sometime. I will be building
and deploying this in a virtual environment. So hardware cost is not an
issue. I have all the time i need because that is one of the secretaries
jobs (collections of delinquent accounts). I love to do this kind of stuff
so I will be working on it in my free time as well as at work.

The plan is to run all of the different subnets (all access points in our
wireless internet company make up different subnets) into interfaces on one
side of the pfsense/freeradius machine. Since there are quite a few access
points, we will probably have to deploy a couple of these virtual machines
to cut the workload on each vm, and to make sure they don't slow down the
traffic at all.

Ideally I would like the machine to check each user the first time they try
to access the internet once a week. I would like to put this/these machines
close to the gateway of the network so they could still navigate our network
after they have been blocked from leaving. This would allow them to navigate
to our web page and the billing system that they can log into to manage
their account (the billing system is already up and working).

Saying all of this, I am wondering if it would be easier, since the boxes
will be on the edge of the network, if I configured the firewalls web gui so
that the secretary could easily input the ip addresses of the delinquent
account holders into a rule to block their traffic through the firewall. If
I were to do that, I would just need to figure out how to show them a page
so that they knew why they weren't getting the internet. Although, it would
be nice to have it all work automatically, with the box checking ip
addresses for delinquency on their way out once a week.

I really do appreciate all of the replies I have gotten so far. 


Alexander Clouter wrote:
> 
> Hi,
> 
> 19bab79 <bryanb at awsllc.net> wrote:
>> 
>> This is more of a project than a necessity. I was hoping to get this done
>> on
>> my own. We can't really afford to pay for the tech support either since
>> we
>> are a small company.
>>
> Well a quick way to produce a budget from thin air is to work out on a 
> monthly basis how much it costs *not* to have something like this in 
> place.
> 
> Remember to include in late payments, interest, your company 
> pro-actively chasing after customers *and* the load on your helpdesk in 
> time (including the delaying of *real* non-billing calls).  I am sure 
> there are other costs you can think of too :)
> 
>> I will keep searching on my own and hope some more replies come in. 
>> 
> Good luck, but seriously you need to spend your time looking into how to 
> get your network *infrastructure* (switches, routers, DNS servers [aka 
> views] and any proxy servers) to treat users differently without 
> changing their IP addresses/etc or getting them to reconnect....on the 
> fly and instantly.
> 
> Getting something to decide whether a person has paid or not is a flag 
> in a database that changes an attribute, this is a trivial problem and 
> the least of your problems.
> 
> You need to find out if your infrastructure can do what you need.  Means 
> you need to know someone who knows your infrastructure *and* knows how 
> to build something like this.  You might need to hire in some conslutant 
> time.
> 
> Cheers
> 
> -- 
> Alexander Clouter
> .sigmonster says: Stone's Law:
>                   	One man's "simple" is another man's "huh?"
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 

-- 
View this message in context: http://old.nabble.com/Deny-internet-access-to-delinquent-accounts-tp26938916p26950600.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.