# DNS help please read!



## royalweb (Feb 26, 2010)

I DO NOT KNOW WELL ENGLISH, so I used the Google translate 
Hello,

Thus we need something for FreeBSD, but I do not know how true is called ... Basically like this ... One provider has the option when the user connects via its PPPoE if not paid the bill whatever page ukuca expel him, the message NOT settled debts to the U.S.. E with respect to work in a cable television that would help us very much about notifications ... means that the user connects, but when you connect Drag probably another one dns or something where house whenever a page is always page expel him from the server where it says the message ...


Please if you know where there is an explanation or if someone knows to help me ... Please note that we need for FreeBSD, or if there is for something else and that povezem ..

Thank you in advance for all ...


----------



## paean (Feb 26, 2010)

What language do you speak? There may be a BSD forum in your native language.


----------



## DutchDaemon (Feb 26, 2010)

OP is from Bulgaria.


----------



## snow (Mar 9, 2010)

Sorry but name that he provided in profile is NOT Bulgarian 
I guess he is Turkish.


----------



## DutchDaemon (Mar 9, 2010)

I'm going on his IP address.


----------



## SirDice (Mar 9, 2010)

Let me see if I can translate this a little :e

Users connect to network using PPPoE. If a user doesn't pay his/her bill that user will get flagged. When a flagged user logs in they're redirected to a special web page telling them they need to pay their bill. 

If I understood correctly the OP is looking for a way to make it work.


----------



## DutchDaemon (Mar 9, 2010)

In that case: 

assign a reserved pool of IP addresses to non-payers
make sure they get one of those IP addresses when they log in (RADIUS, or whatever)
put the IP addresses in a static pf table
disallow all services *except DNS* to those IP addresses
use a PF rdr statement to force all web traffic from those IP addresses to localhost:3128
run local Squid proxy serving nothing but an error message on localhost:3128 (link all error pages to that single error message), with an ACL that disallows everybody (which produces the error message)
make sure the error message (plain HTML, no links) tells them what's wrong and who to contact

Or just do the first two steps and assign unroutable IP addresses when they log in. I'm sure they'll call sooner or later.


----------



## SirDice (Mar 9, 2010)

DutchDaemon said:
			
		

> run local Squid proxy serving nothing but an error message on localhost:3128 (link all error pages to that single error message), with an ACL that disallows everybody (which produces the error message)
> make sure the error message (plain HTML, no links) tells them what's wrong and who to contact


I wouldn't even use Squid, just a simple HTTP webserver would do. All it needs to do is serve that "you need to pay" page. Everything else is done by PF anyway.


----------



## DutchDaemon (Mar 9, 2010)

I'm afraid I've been there/done that! -> the local webserver will not understand the original URL that's part of the redirected request (and that URL can be anything under the sun), which will lead to all kinds of weird behaviour. Squid will do this because it has the Host interception logic built in. (Ok, I haven't tried this with mod_proxy, mod_rewrite (wildcarded?) or similar under Apache, might work).


----------



## SirDice (Mar 9, 2010)

DutchDaemon said:
			
		

> I'm afraid I've been there/done that! -> the local webserver will not understand the original URL that's part of the redirected request, which will lead to all kinds of weird behaviour. Squid will do this because it has the Host interception logic built in. (Ok, I haven't tried this with mod_proxy or similar under Apache, might work).



Hmm, got a point there. The webserver should ignore any HTTP/1.1 Host: header and just serve the same site for everything. Shouldn't be to difficult to archive :e


----------

