3.0.10 and auth+acct type under the listen section

Matthew Newton mcn4 at leicester.ac.uk
Mon Dec 21 01:47:25 CET 2015


On Mon, Dec 21, 2015 at 09:38:14AM +1300, Peter Lambrechtsen wrote:
> It's sending Auth & Acct messages on 1646.
> 
> I tried setting the type to auth+acct in the sites-enabled/default listen
> section:

That means use the specified port from auth, and port+1 for acct.

> Listening on auth+acct address * port 1646 bound to server default
> Ready to process requests
> Receive - Invalid packet code 4 sent to authentication port from client

See src/main/listen.c auth_socket_recv/acct_socket_recv. This
isn't something you can override in the config.

> Any ideas on how to sort this?

Get a new NAS, from the sound of it...

Maybe there's some other software out there that will take
something broken like this and proxy it through in a sane way?
Or iptables u32 match on the packet code and redirect to the
correct port...

  iptables -t nat -A PREROUTING \
      -p udp --dport 1812 \
      -m u32 --u32 "25&0xff=0x4" \
      -j REDIRECT --to-ports 1813

I can't believe I just did that; eugh. This is completely not
recommended. Fix the NAS.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list