Config Examples

Tim Sylvester tim.sylvester at networkradius.com
Sun Dec 6 00:59:54 CET 2009


Alex,

You are insulting people that are trying to help you, for FREE. Chill out!

When you did netstat -a, you probably did something like this:

[root at springy html]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address
State
tcp        0      0 *:ldap                      *:*
LISTEN
tcp        0      0 *:mysql                     *:*
LISTEN
tcp        0      0 *:sunrpc                    *:*
LISTEN
tcp        0      0 *:ftp                       *:*
LISTEN
tcp        0      0 springy.smartcow.com:ipp    *:*
LISTEN
tcp        0      0 springy.smartcow.com:smtp   *:*
LISTEN
tcp        0      0 *:rndc                      *:*
LISTEN
tcp        0      0 *:ldap                      *:*
LISTEN
tcp        0      0 *:http                      *:*
LISTEN
tcp        0      0 *:ssh                       *:*
LISTEN
tcp        0      0 *:https                     *:*
LISTEN
tcp        0    132 springy.smartcow.com:ssh    sporky.smartcow.com:55457
ESTABLISHED
tcp        0      0 springy.smartcow.com:ssh    sporky.smartcow.com:64928
ESTABLISHED
tcp        0      0 springy.smartcow.com:ssh    sporky.smartcow.c:ddi-tcp-5
ESTABLISHED
tcp        0      0 springy.smartcow.com:ssh    sporky.smartcow.com:64026
ESTABLISHED
udp        0      0 *:radius                    *:*
udp        0      0 *:radius-acct               *:*

If you look carefully at the headings, you will see that *:* is the in
"Foreign Address" column. Reading the man page for netstat shows that the
Local Address and Foreign address column are:

   Local Address
       Address and port number of the local end of the socket.  Unless the
--numeric (-n) option
       is specified, the socket address is resolved to its canonical host
name (FQDN),  and  the
       port number is translated into the corresponding service name.

   Foreign Address
       Address and port number of the remote end of the socket.  Analogous
to "Local Address."

Since RADIUS uses UDP and is connectionless, the concept of the remote end
of the socket doesn't mean much. If you READ the man page, you can use the
netstat -an, which will show port numbers and IP address numbers. You will
see something like:

[root at springy html]# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address
State
tcp        0      0 0.0.0.0:389                 0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:3306                0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:111                 0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:21                  0.0.0.0:*
LISTEN
tcp        0      0 127.0.0.1:631               0.0.0.0:*
LISTEN
tcp        0      0 127.0.0.1:25                0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:953                 0.0.0.0:*
LISTEN
tcp        0      0 :::389                      :::*
LISTEN
tcp        0      0 :::80                       :::*
LISTEN
tcp        0      0 :::22                       :::*
LISTEN
tcp        0      0 :::443                      :::*
LISTEN
tcp        0      0 ::ffff:10.0.0.91:22         ::ffff:10.0.0.242:55457
ESTABLISHED
tcp        0      0 ::ffff:10.0.0.91:22         ::ffff:10.0.0.242:64928
ESTABLISHED
tcp        0      0 ::ffff:10.0.0.91:22         ::ffff:10.0.0.242:8892
ESTABLISHED
tcp        0      0 ::ffff:10.0.0.91:22         ::ffff:10.0.0.242:64026
ESTABLISHED
udp        0      0 0.0.0.0:1812                0.0.0.0:*
udp        0      0 0.0.0.0:1813                0.0.0.0:*

The last two lines are the entries for the RADIUS server listening on port
1812 for authentication requests and on port 1813 for accounting requests.

*:* has nothing to do with dynamic ports.

Go back and read the information in the configuration files, man pages, web
site, and mailing lists. Then if you have some other questions, send you
questions to the mailing list in a respectful, grateful manner. 

Tim





Since radius uses UDP the "F



> -----Original Message-----
> From: freeradius-users-
> bounces+tim.sylvester=networkradius.com at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+tim.sylvester=networkradius.com at lists.freeradius.org] On Behalf
> Of Alex Bahoor
> Sent: Saturday, December 05, 2009 2:43 PM
> To: 'FreeRadius users mailing list'
> Subject: RE: Config Examples
> 
> 
> You're missing the point. This is how networking works.
> 
> Alex
> 
> -----Original Message-----
> From: freeradius-users-
> bounces+alexbahoor=sbcglobal.net at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+alexbahoor=sbcglobal.net at lists.freeradius.o
> rg] On Behalf Of tnt at kalik.net
> Sent: Saturday, December 05, 2009 2:26 PM
> To: FreeRadius users mailing list
> Subject: RE: Config Examples
> 
> > This is a fact--the internet would not work if DNS uses dynamic port
> to
> > listen to? You must understand, all these known port numbers are used
> to
> > start up client connections
> 
> Ok, let's say you want to use port 1645 for radius authentication. What
> do
> you do? Go round the shops and see if they have a device with that one?
> Or
> should you have flexibility ot use 1645 or 1812 as you please? Or
> should
> 1645 now be banned for use with radius because it confuses you?
> 
> Ivan Kalik
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature
> database 4663 (20091205) __________
> 
> The message was checked by ESET NOD32 Antivirus.
> 
> http://www.eset.com
> 
> 
> 
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature
> database 4663 (20091205) __________
> 
> The message was checked by ESET NOD32 Antivirus.
> 
> http://www.eset.com
> 
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list