Framed-Route and proxying
Jason Frisvold
xenophage0 at gmail.com
Tue Nov 8 16:17:58 CET 2005
On 11/8/05, Joe Maimon <jmaimon at ttec.com> wrote:
> Framed-Route instructs the NAS to install a route as described by the
> value, to the dialed up user. (at least that what my nas's do)
>
> So in and of itself, I do not think it will accomplish any sort of
> forced proxying.
Right.. the framed route itself doesnt, but you can use this to force
a new default route on the user, cant you?
> When you say force do you mean
>
> * does not work unless they are configured to use proxy X
>
> This would generally be a function of ACL which can be configured in
> different ways. Using Framed-Route or Framed-IP-Address may be usefull
> to you for that.
No, I don't care what proxy the do or do not have set up on their machine...
> * transparent proxying
>
> If you combine Framed-Route and/or Framed-IP-Address with policy routing
> (or natting) or "vrf" tables, you will probably achieve your goal. But
> your use of Framed-Route may not be required at all.
I *think* that's more what I'm looking for.. The idea is to put a
user in a suspended group that will only allow them to go to the
payment server. By using a proxy, I can intercept all port 80 traffic
and redirect them to the proper location.
Does that make more sense?
--
Jason 'XenoPhage' Frisvold
XenoPhage0 at gmail.com
More information about the Freeradius-Users
mailing list