> > I have a related question.
> >
> > I want to create an account which can only reach
> > the HTTP server on the local LAN (same one the PM
> > is on). I don't want this account to be able to
> > access the internet (i.e., see the router). In fact,
> > I'd prefer it not get DNS service so it could *really*
> > only see the HTTP server and nothing else (the user
> > would hit pages that only use IP addresses in their
> > links). The application is sign-up for service.
> > I.e., I want *anybody* to be able to dial in and
> > fill out signup forms, using a special userid/password,
> > but I don't want that account (which might likely
> > appear in advertisements) to have any further
> > useful privileges.
>
> permit 0.0.0.0/0 your.www.server.ip/32 tcp dst eq 80
>
> Put the 'signup' user in RADIUS with signup.ppp as the filter, and make the
> above signup.ppp.in, and you're done.
Is there an implicit deny at the end of a filter on the Livingstons like
there is for the Cisco's?
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
Patrick Greenwell (510) 943-5769 voice
Systems Administrator (510) 210-2000 modem
Value Net, Inc. (510) 943-1708 fax
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/