Justin Shore wrote:
Gadi Evron wrote:
Apparently, marketing departments like the idea of being able to send customers that need to pay them to a walled garden. It also saves on tech support costs. Security being the main winner isn't the main supporter of the idea at some places.
I would love to do this both for non-pays and security incidents. I'd like to do something similar to let customers update their provisioning information for static IP changes so cable source verify doesn't freak out. Unfortunately I haven't been able to find any open source tools to do this. I can't even think of commercial ones off the top of my head.
It's a relatively simple concept. Some measure of integration into the DHCP provisioning system(s) would be needed to properly route the customer's traffic to the walled garden and only to the walled garden. Once the problem is resolved the walled garden fixes the DHCP so the customer can once again pull a public IP and possibly flushes ARP caches if your access medium makes that a problem to be dealt with.
I would think that the walled garden portion could be handled well-enough with Squid and some custom web programming to perform tasks to reverse the provisioning issues. I'm sure people have written internal solutions for SPs before but I haven't found anyone that has made that into an OSS project and put it on the Web. I'd love to make this a project but there is little financial gain to my small SP so if it costs much money it won't get management support.
Justin
There is all sorts of kit that will do this for you, Ellacoya, Redback etc. They all have APIs and all work well. The customer keeps their public IP address, but you can then make it belong to another virtual router instance, or you can apply certain firewall/ACL/policy rules to it. For example, my Ellacoyas will, for a walled customer, deny traffic to anything but the walled garden hosts and will then route any port 80 traffic to my proxy server that re-directs it all to a walled garden web server. Then soon as they hand over their payment details and we take payment, a request is sent to the Ellacoya to remove the restrictions. Lovaly. -- Leigh