Source IP address for proxy requests
Nicolas Baradakis
nbk at sitadelle.com
Tue Sep 26 15:26:48 CEST 2006
Peter Nixon wrote:
> On Tue 26 Sep 2006 11:55, Nicolas Baradakis wrote:
>
> > However, a proxy request is different, because it's a new outgoing
> > packet. In this case, we don't force the source IP in FreeRADIUS and
> > we shouldn't do so because the NAS and the realm server are possibly
> > on a different network. (it depends on the local network configuration)
> >
> > The network configuration of the host is outside the scope of
> > FreeRADIUS. The correct way to solve the problem is to fix the
> > network routes on the host, so the outgoing requests have the
> > desired source IP.
>
> Yes you are correct. Abviously I didn't read the thread in enough
> depth. It does bring up the issue that we maybe should have an optional
> proxy_source_ip config option..
I don't think it's a good idea, because all the realm servers may not be
on the same network. IMHO FreeRADIUS doesn't have to cope with the network
configuration of the host: it only has to set the destination IP, and the
rest is handled by the kernel.
--
Nicolas Baradakis
More information about the Freeradius-Users
mailing list