Hi All, I have seen previous discussions about proxy port 1814 for previous versions 1x and 2x. With the latest 3 version the proxy seems to use ephemeral ports instead of 1814. In etc/raddb/sites-available/default I added a listen for proxy: listen { ippaddr = * port = 1814 type = proxy limit { } } But got an error about adding the proxy listen in a virtual server area. Can someone please direct on the appropriate file location to place the listen or set the proxy port? Thanks, Brad
On Sep 23, 2015, at 11:07 AM, Brad <bradzynda42@comcast.net> wrote:
I have seen previous discussions about proxy port 1814 for previous versions 1x and 2x. With the latest 3 version the proxy seems to use ephemeral ports instead of 1814. ... But got an error about adding the proxy listen in a virtual server area.
Can someone please direct on the appropriate file location to place the listen or set the proxy port?
Put it in radiusd.conf. But be aware that if the server proxies a lot of packets, it might still open up another proxy port, which will be random. Alan DeKok.
On 09/23/2015 11:37 AM, Alan DeKok wrote:
On Sep 23, 2015, at 11:07 AM, Brad <bradzynda42@comcast.net> wrote:
I have seen previous discussions about proxy port 1814 for previous versions 1x and 2x. With the latest 3 version the proxy seems to use ephemeral ports instead of 1814. ... But got an error about adding the proxy listen in a virtual server area.
Can someone please direct on the appropriate file location to place the listen or set the proxy port? Put it in radiusd.conf. But be aware that if the server proxies a lot of packets, it might still open up another proxy port, which will be random.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Alan, That worked and thanks for the quick reply. I do have a question about "a lot" of packets, what would this number be? In an environment where you have very strict fire-walling and port assignments a random port would not work. Thanks again, Brad
On Sep 23, 2015, at 11:52 AM, Brad <bradzynda42@comcast.net> wrote:
That worked and thanks for the quick reply. I do have a question about "a lot" of packets, what would this number be?
Thousands per second. It really depends on the environment.
In an environment where you have very strict fire-walling and port assignments a random port would not work.
Firewalling *source* ports in your network is generally a bad idea. Especially for something like a RADIUS server which *has to* open up new source ports under load. Alan DeKok.
participants (2)
-
Alan DeKok -
Brad