How to fix the proxy source address
Yusuke SAKAMOTO
yanny at hongo.wide.ad.jp
Sun Apr 24 14:23:40 CEST 2011
I'm so sorry.
I sent duplicate mails because I had a mis-configuration in my
mail client.
Please ignore the duplicate ones. I'm really sorry...
(2011/04/24 21:04), Yusuke SAKAMOTO wrote:
> Hi all.
>
> I'm using FreeRADIUS 2.1.10 on FreeBSD.
> May I ask about the freeradius's socket creation behavior?
>
> I set up the following environment, and I use FreeRADIUS as a
> radius proxy server. The host has two IP addresses (X.X.X.X
> and X.X.X.Y), but FreeRADIUS is running only on X.X.X.X
> because I start it by "radiusd -i X.X.X.X".
>
> +-------------------+ +-------------+
> | client | ------------> X.X.X.X | |
> +-------------------+ | | |
> | | FreeRADIUS |
> +--------+ | 2.1.10 |
> +-----------------------+ | | |
> | another RADIUS server |<-+ X.X.X.Y | |
> +-----------------------+ +-------------+
>
> In this environment, I expect the FreeRADIUS to use X.X.X.X as the
> source IP address when proxying the request, and FreeRADIUS usually
> works so.
>
> I found, however, when clients sent a lots of requests and they
> exhausted 256 IDs in proxied radius packet, FreeRADIUS created a new
> socket on X.X.X.Y in spite of "-i X.X.X.X" option. The log message was
> " ... adding new socket proxy address * port ZZZZZ".
> # Of course, the port on X.X.X.X was not exhausted.
>
> Could you tell me if I can fix the source address to X.X.X.X?
> # I know the listen section in radiusd.conf is available, but I'm
> # afraid that "-i" option overwrites it.
>
> Regards,
> --
> Yusuke Sakamoto
More information about the Freeradius-Users
mailing list