help:[freeradius+mysql]destinationunreachable(hostadministratively prohibited)

gary gary.yang at browan.com
Thu Jul 28 07:17:38 CEST 2011


Hi Fajar
Sure. I am replying to say the root cause is firewall issue.
The firewall has to be optimized.
Thansk for your reply.

Best Regards
Gary

BROWAN COMMUNICATIONS INC.
Tel:886-3-600-6899 ext.4842
Fax:886-3-597-2970
e-mail:gary.yang at browan.com

----- Original Message ----- 
From: "Fajar A. Nugraha" <list at fajar.net>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Thursday, July 28, 2011 12:02 PM
Subject: Re: 
help:[freeradius+mysql]destinationunreachable(hostadministratively 
prohibited)


> On Thu, Jul 28, 2011 at 10:48 AM, gary <gary.yang at browan.com> wrote:
>> After I remark "-A INPUT -j REJECT --reject-with icmp-host-prohibited" it
>> work.
>> But "iptables -nvL | grep 1812" command still output nothing.
>> Now the iptables-save output.
>> *******************************************************
>> [root at gary sysconfig]# /sbin/iptables-save
>> # Generated by iptables-save v1.4.5 on Thu Jul 28 11:41:12 2011
>> *filter
>> :INPUT ACCEPT [69:8978]
>> :FORWARD ACCEPT [0:0]
>> :OUTPUT ACCEPT [17:3842]
>> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>> -A INPUT -p icmp -j ACCEPT
>> -A INPUT -i lo -j ACCEPT
>> -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
>> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
>> COMMIT
>> # Completed on Thu Jul 28 11:41:12 2011
>> ********************************************************
>
> You REALLY should get help from a Linux sysadmin. That config
> basically means "accept all input and output traffic", which is
> probably not what you want. If you want to enable radius traffic you
> should add a rule that allows needed port (e.g. udp port 1812 and
> 1813). If you don't care about firewall then it might be better to
> turn it off altogether.
>
> -- 
> Fajar
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html 




More information about the Freeradius-Users mailing list