RE: Guest Access.

David Cecil (davidc@dcmicro.com)
Sun, 18 May 1997 23:45:36 -0400

> I want to set up a guest login on my PM2ER that will allow someone =
with only
> terminal emulation software to login and download internet access =
software.
> I need a hand on how to set this up. (I am a newbie). Has anyone else =
done
> this? I am open for suggestions. I am using WinNT 3.51, Radius NT, and =
of
> couse the PM2ER. Any suggestions, ideas, hints appreciated.

A while back Livingston's terric tech support people showed me how to =
set up a filter for a "guest" account that only allows the caller to =
access a particular server.=20

The information below shows how to create a filter that restricts users =
to HTTP and DNS protocols with a particular server (replace =
XXX.XXX.XXX.XXX with your server's IP address). You could add "permit" =
statements to allow the FTP protocol as well.

While logged into the PortMaster:
----------------------------------------

add filter guest.in
set filter guest.in 1 permit 0.0.0.0/0 XXX.XXX.XXX.XXX/32 icmp
set filter guest.in 2 permit 0.0.0.0/0 XXX.XXX.XXX.XXX/32 tcp dst eq 80
set filter guest.in 3 permit 0.0.0.0/0 XXX.XXX.XXX.XXX/32 udp dst eq 53
set filter guest.in 4 permit 0.0.0.0/0 XXX.XXX.XXX.XXX/32 tcp dst eq 53
save all

Here's how to use the filter using an entry in the Radius USERS file for =
the "guest" user:

guest Password =3D ""
User-Service-Type =3D Framed-User,
Port-Limit =3D 1,
Session-Timeout =3D 420,
Framed-Protocol =3D PPP,
Framed-Routing =3D None,
Framed-MTU =3D 1006,
Framed-Compression =3D Van-Jacobsen-TCP-IP,
Framed-Filter-Id =3D "guest"=20

Hope this helps!

David Cecil
ConnectUp, Inc.
davidc@connectup.com
www.connectup.com