Account connections to 'walled garden' hosts

  • I have CP working properly on my pfsense box, with some hosts declared in walled garden. I'm using radius authorization/accounting for CP clients. Now the question: how to exclude radius accounting when client connects to some hosts (or, how to account this traffic with another way on radius server)? And, is it possible to do NOT ACCOUNT all traffic from clients to walled garden's hosts? E.g. if I have local servers in DMZ behind of pfsense, all client's traffic to this hosts don't cost anything and I don't want account it.


  • Anyone?

  • I'm not sure if i understand what you want, but it sounds as if you just want to allow traffic for anyone to a certain server.
    You can do that if you put the server IP on the "allowed IP" list.

    But i dont know how radius accounting works so dont quote me ^^"

  • "Allowed IP" is "walled garden" equivalent. In other words, I want to limit client's traffic (e.g. 1Gb per month) with radius accounting, but I don't want to account all traffic going from clients to hosts in "allowed ip". Now all client's traffic accounted (from/to "allowed ip" and internet both, without difference). How to exclude radius accounting of traffic that going from/to "allowed ip" hosts?

  • Well, the trafic that uses the permitted IP's is just passed, because the firewall is intructed to do so. I tend to say that no volume accounting is done fort this traffic - it isn't seen by Radius at all.

    That's what you want, right ?

    As GruensFroeschli, I can't say if the Radius actually 'counts'  ;) - I never tried it.

  • Yes, you're right, it's all what I want. But, I would like to be assured in it, that the traffic from/to "ip list" hosts doesn't accounts with Radius at all.

    p.s. as I know, for example, mikrotik radius clients always counts "walled garden" traffic.