How can I block web access for a given dial-up user? Or to put it another way, how do you set up an "e-mail only" account for a single user.

Running RH 6.1, Apache, Sendmail, RADIUS.

Everything I've seen in search responses deals with LANs in which access is blocked using ipchains for a single IP address, but that won't work for dial-up users getting different IPs on each dial-up attempt.

Thanks!

What kind of access are you trying to block? Are you trying to stop connections to your server from users of dial-up internet accounts? A little more information is needed.

We're a small ISP doing dial-up and satellite access. Recently had a couple of customers inquire about e-mail only accounts.

Trying to figure out how to block a dial-up customer from accessing the internet beyond our server/router and limit them to SMTP/POP3 functions only.

We're running Lucent Portmasters (PM3) as the dial-up servers, with RADIUS running on the RH server for authentication. Using a Cisco 2500 series router.

I've got a couple of customers requiring static IP addresses, which I've been able to do in RADIUS with no problem. I was thinking about a solution to assign the e-mail customer a fixed IP, and then somehow filter that address using IP chains or the router. I think the block would have to occur at the router, thus limiting the e-mail customer to our subnet.

Otherwise, I would need some sort of filter/block that looks at the username and dynamic IP address assigned by RADIUS that would work regardless of the IP assigned.

If there's a different/simpler approach, let me know....

Thanks!