* Quoting Alex Neuman van der Hans (alex at nkpanama dot com):
> Rolf Kutz wrote:
> >* Quoting Alex Neuman van der Hans (alex at nkpanama dot com):
> >>I've set up a few. Definitely your best shot would be to use m0n0 for
> >>your firewall/routing needs, along with a bit of traffic shaping. I'd
> >>block outgoing port 25 to prevent abuse (and let your clients know that
> >This helps preventing abuse like castration
> >prevents rape. How shall people contact their
> >providers smtpd if 25 is blocked?
> Two ways. One would be to set up an internal mailserver running
> MailScanner (http://mailscanner.info) that works as an internal relay
> and set up a forwarding rule just like some people do for squid caching.
> The other would be to have a notice in the captive portal page that says
> that you should use your company's (or your ISP's) webmail instead, or
> services like mail2web.com, or use SSL (smtps), or port 587, or a VPN.
> It *would* require having knowledgeable staff, which in some hotels
> isn't the case.
How does using smtps or vpn reduce abuse, if I
would be sending mail over my ISPs smtpd anyway?
And pointing to webmail doesn't really help
either. The question is whether you want to
offer _Internet_access or _web_access? Why not block
everything but Port 80? Abuse can be done with
ftp, ssh or netcat.
> This isn't as crazy as it sounds. I've set up several
> hotels/resorts/golf clubs like this, and I've been to quite a few here
> and all over the world that do the same thing.
A million flies can't be wrong? I really hate
internet cafés where I can't even run putty or
they even block ssh and I can't log into my
servers. If they offer Internet they should
deliver unfiltered IP. Next thing you know is they
block you from "harmful" websites, too.