help:[freeradius+mysql]destination unreachable(host administratively prohibited)

Sam Hooker sth at noiseplant.com
Wed Jul 27 16:08:38 CEST 2011


Gary,

You're looking for 'iptables -nvL | grep 3306' to produce something like this:

    0     0 ACCEPT     tcp  --  *      *       192.168.21.223        0.0.0.0/0           tcp dpt:3306


-sth

sam hooker|sth at noiseplant.com|http://www.noiseplant.com

"I have not failed, I've just found 10,000 ways that won't work."
    Thomas Edison

----- Original Message -----
> ping isn't the same as a open udp port.
> 
> run the command:
> /sbin/iptables-save
> 
> and past the output. If it's not the firewall then it's probably ACLs
> as
> those are really the only two things that are going to return a
> admin-prohib icmp packet.
> 
> Cheers,
> Harry
> 
> On 07/27/2011 09:06 AM, gary wrote:
> > Hi Harry
> > radius server and nas ping no problem each other.
> > checking firewall no problem.
> > the OS is Fedora 12.
> >
> > Best Regards
> > Gary
> >
> > BROWAN COMMUNICATIONS INC.
> > Tel:886-3-600-6899 ext.4842
> > Fax:886-3-597-2970
> > e-mail:gary.yang at browan.com
> >
> > ----- Original Message ----- From: "Harry Hoffman"
> > <hhoffman at ip-solutions.net>
> > To: "gary" <gary.yang at browan.com>;
> > <freeradius-users at lists.freeradius.org>
> > Sent: Wednesday, July 27, 2011 7:19 PM
> > Subject: Re: help:[freeradius+mysql]destination unreachable(host
> > administratively prohibited)
> >
> >
> >> Did you open your firewall? Redhat-like distros send dest-prohib by
> >> default for ports blocked by iptables.
> >>
> >> Cheers,
> >> Harry
> >>
> >> gary <gary.yang at browan.com> wrote:
> >>
> >>> Hi All
> >>> I have trouble about freeradius+mysql.
> >>> I configured freeradius(2.1.10) +mysql(5.5.14) and selftest by
> >>> radtest everything is okay.
> >>> But when I try external nas client it always returns "null
> >>> response".
> >>> the setup as below.
> >>> PC(client)<===>wireless AP(nas,192.168.21.223)<===>radius
> >>> server(192.168.21.30)
> >>> my nas table:
> >>> mysql> select * from nas;
> >>> +----+--------------------+---------------------+-------+----------+--------------+----------+---------------+---------------------+
> >>>
> >>> | id | nasname | shortname | type | ports
> >>> | secret | server | community | description |
> >>> +----+--------------------+---------------------+-------+----------+--------------+----------+---------------+---------------------+
> >>>
> >>> |  1 | 192.168.21.223 | 192.168.21.223 | other | NULL |
> >>> testing123 | NULL | NULL | RADIUS Client |
> >>> |  3 | 127.0.0.1 | localhost | other | NULL
> >>> | testing123 | NULL | NULL | RADIUS Client |
> >>> +----+--------------------+---------------------+-------+----------+--------------+-----------+---------------+--------------------+
> >>>
> >>> radcheck table:
> >>> mysql> select * from radcheck;
> >>> +----+--------------------+-------------------+----+--------+
> >>> | id | username | attribute | op | value |
> >>> +----+--------------------+-------------------+----+--------+
> >>> |  1 | gary | User-Password | := | gary |
> >>> |  2 | test | User-Password | := | test |
> >>> |  3 | 001d09cb2715 | User-Password | := | test |
> >>> +----+--------------------+-------------------+----+--------+
> >>>
> >>> 192.168.21.223 is the wireless AP(nas) and my radius server is
> >>> 192.168.21.30.
> >>> I am using wireshark to capture the packets and it shows
> >>> "destination
> >>> unreachable(host administratively prohibited)".
> >>> see screenshot as below. Can anyone help me?
> >>>
> >>>
> >>> Best Regards
> >>> Gary
> >>>
> >>> -
> >>> List info/subscribe/unsubscribe? See
> >>> http://www.freeradius.org/list/users.html
> >
> >
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list