Upstream NAS flooding my radius

Nathan M locu.lists at gmail.com
Tue Dec 20 19:50:01 CET 2011


On Fri, Dec 16, 2011 at 9:17 PM, Alan DeKok <aland at deployingradius.com> wrote:
> That is distinctly anti-social behavior from whoever owns the NAS.

Agreed.

>
>  Another solution is to use RADIUS. :)
>
>  Set up a proxy for ONLY that NAS.  Call it "A".  Have it proxy ALL
> packets to the local proxy you're already running, "B".  This
> configuration should be very, very, small.  You can strip out 99% of the
> normal server configuration.
>
>  In the configuration for "A", set "max_outstanding" to a low value,
> like 100 or 200.  See raddb/proxy.conf for details.
>
>  Then, in the "post-proxy type Fail" section, set "do_not_respond".
>
>  This configuration limits the proxy load to no more than the upstream
> can handle.  It also throws away packets when it receives too many.
>
>  It's a bit more work than iptables, but it's cross-platform, and
> guaranteed to work.
>
>  Alan DeKok.
> -

Bingo!  That's what I was looking for.  Thanks Alan.

- N




More information about the Freeradius-Users mailing list