Avoiding UDP port 1814

Brian Candler b.candler at pobox.com
Tue Aug 26 14:33:29 CEST 2014


[Using freeradius 2.1.12+dfsg-1.2ubuntu8 from ubuntu 14.04]

I notice that freeradius listens on UDP port 1814. The problem is that 
this conflicts with another application I'm using:
http://docs.ganeti.org/ganeti/master/man/ganeti-confd.html
and I'd rather move freeradius than this one.

However I cannot see how to change which port freeradius uses. There is 
no entry for 1814 in /etc/services.

I see the following in freeradius -X output:

     Listening on proxy address * port 1814

but a grep -R of /etc/freeradius doesn't find 1814. Indeed, a grep -R of 
the entire source code doesn't find anything relevant for 1814.

So my questions are:

* why is FreeRADIUS using port 1814? Has it bound a socket to port 1814 
for sending *outbound* proxy requests (and is only "Listening" in the 
sense that it receives replies to the requests it has sent?)

* how can I bind this to a different port instead?

In ./src/include/radius.h I can see
#define PW_AUTH_UDP_PORT                1812
#define PW_ACCT_UDP_PORT                1813
but I'm stuck finding where 1814 is chosen.

Ah, maybe it's this:

                                 port = sock->port + 2; /* skip acct port */

...

                 /*
                  *      Try to find a proxy port (value doesn't matter)
                  */
                 for (sock->port = port;
                      sock->port < 64000;
                      sock->port++) {
                         if (listen_bind(this) == 0) {
                                 *last = this;
                                 last = &(this->next); /* just in case */
                                 break;
                         }
                 }

which suggests that it's hard-coded to be the authentication port + 2, 
or the first available socket after that.

OK, to test this theory: stop both apps, restart the other app which 
binds to 1814, then restart freeradius.

# netstat -naup | grep freeradius
udp        0      0 0.0.0.0:42388 0.0.0.0:*                           
23378/freeradius
udp        0      0 127.0.0.1:18120 0.0.0.0:*                           
23378/freeradius
udp        0      0 0.0.0.0:1812 0.0.0.0:*                           
23378/freeradius
udp        0      0 0.0.0.0:1813 0.0.0.0:*                           
23378/freeradius
udp        0      0 0.0.0.0:1815 0.0.0.0:*                           
23378/freeradius

Yep, freeradius has moved to 1815. So I can make this work, but only if 
ganeti-confd starts *before* freeradius.

Is there any setting I've missed which would allow the freeradius port 
scan to start at a different place?

Thanks,

Brian.



More information about the Freeradius-Users mailing list