Howto proxy (or not) based on client IP ?
Phil Mayers
p.mayers at imperial.ac.uk
Thu Oct 20 20:35:15 CEST 2011
On 10/20/2011 05:52 PM, Fred wrote:
> Hello Phil,
> Your solution is usable for very small number of NAS ; I will have
> many hundreds of nas ....
> It's why I talked about having some variable like virtual_server in
You didn't say that in your original email.
> clients.conf (or a custom attr like my-realm defined in dictionnary,
> configured in clients.conf and used with unlang %{client:my-realm} or
> something like that.
>
> so :
> if ( "%{client:my-realm}" ) {
I can't remember the syntax off the top of my head but I'm sure
something very similar to that does work.
>
>
> But in fact, I don't know how specifying a virtual server in
> clients.conf could do a part of the job ...
Sure. Just do:
client foo {
ipaddr = x.x.x.x
virtual_server = doproxy
}
client foo {
ipaddr = x.x.x.x
virtual_server = noproxy
}
server doproxy {
authorize {
update control {
Proxy-To-Realm := OTHER
}
}
}
server noproxy {
authorize {
...
normal stuff here
}
}
More information about the Freeradius-Users
mailing list