On 11/8/05, Joe Maimon <[EMAIL PROTECTED]> wrote: > Framed-Route instructs the NAS to install a route as described by the > value, to the dialed up user. (at least that what my nas's do) > > So in and of itself, I do not think it will accomplish any sort of > forced proxying.
Right.. the framed route itself doesnt, but you can use this to force a new default route on the user, cant you? > When you say force do you mean > > * does not work unless they are configured to use proxy X > > This would generally be a function of ACL which can be configured in > different ways. Using Framed-Route or Framed-IP-Address may be usefull > to you for that. No, I don't care what proxy the do or do not have set up on their machine... > * transparent proxying > > If you combine Framed-Route and/or Framed-IP-Address with policy routing > (or natting) or "vrf" tables, you will probably achieve your goal. But > your use of Framed-Route may not be required at all. I *think* that's more what I'm looking for.. The idea is to put a user in a suspended group that will only allow them to go to the payment server. By using a proxy, I can intercept all port 80 traffic and redirect them to the proper location. Does that make more sense? -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html