Question : Small "Mock ISP" with 4 phone lines needs an NAS

I'm making somewhat of a "mock ISP" with four telephone lines. I plan to use Linux and FreeRADIUS for authentication. I also plan to simply use four phone modems.

What NAS software do I need? Is there open source? Can I run it on the same Linux box that is running FreeRADIUS?

Can I control Internet content? In fact, the way this will be used, the user dials in and should only be allowed access to one or two websites. I'm assuming this server should also be acting as somewhat of a proxy server and I need control over what dial-in clients have access to.

Any recommendations?

Answer : Small "Mock ISP" with 4 phone lines needs an NAS

I am going to make an assumption; we are providing access to a website, but we aren't providing dns or the website.

Provide the dial-in access (ppp) and dhcp will provide the addresses.
Setup a dns forwarder to resolve the names to IPs against the ISP's DNS.
Setup NAT using iptables (simple example below).
Use a transparent proxy (squid) to control web access and reduce network traffic.

There is a good tldp.org Transparent Proxy article that I have used. http://tldp.org/HOWTO/TransparentProxy-4.html and the page after that has the iptables rule. You can limit the site(s) that can be visited with the proxy, and since it is transparent there is no additional client configuration. A transparent proxy will redirect requests to remote web servers, with a destination of port 80 to the proxy with the appropriate port (3128).

The rule on the next tldp.org page is:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
You may want to it be (explanation following):
iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -I PREROUTING -i ppp1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -I PREROUTING -i ppp2 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -I PREROUTING -i ppp3 -p tcp --dport 80 -j REDIRECT --to-port 3128
Changing -A to -I (capital i like insert) will put the rule at the top of the chain instead of the bottom. I am not familiar enough with ppp to have it build the rule and strip it out. Since the incoming interface is ppp* you will need the rules on them instead of eth0.

You WILL want to block traffic that is not on 80. Since 443 can be hole, if you don't need it, you should block it with iptables as well. Briefly, since 443 (https) is encrypted it is possible to tunnel other types of traffic out. If you must have 443, you should try to limit the outside IPs it can connect to.

A simple NAT script:
#!/bin/bash
WANNIC=eth0 #change to appropriate interface
echo 0 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o $WANNIC -j MASQUERADE

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \
&& iptables -A INPUT -m state --state NEW -i ! $WANNIC -j ACCEPT
# the second line allows all new traffic to start, going out.
# you could add --dport 80 to it and it would only permit http
echo 1 > /proc/sys/net/ipv4/ip_forward

Random Solutions

I need information about the SO_KEEPALIVE parameter in the setsockopt function.

How to network 2 PCs - broadband modem/router

Migrating of exchange server to data centre

IP adress conflicts

event id 5509 is reported in the DNS log of event viewer...

Dual Static IP addresses for one E-mail server

Numeric domain names

CISCO IP SEC Issues

ProfileWrapper in BEA Weblogic workshop

Dial Up Networking with a Nokia 6130