IPTABLES - continued

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Sat Jul 23 13:13:00 CEST 2005


Hi,

> I would like to have this FreeRadius box on the Internet so a few of my
> NAS devices can access it no matter where they are.  I understand port
> 1812 and 1813 udp must be opened.  I am looking for some example
> IPTABLES (fedora core) entries that would enable UDP access to
> FreeRadius.

I would really recommend that you simply read the iptables documentation
before throwing rules around....but anyway, are your NAS's in static address
locations? if so, you could throw something like this into your
/etc/sysconfig/iptables file:

-A INPUT -p udp -s xxx.xxx.xxx.xxx --dport 1812 -i eth0 -j ACCEPT
-A INPUT -p udp -s xxx.xxx.xxx.xxx --dport 1813 -i eth0 -j ACCEPT
-A INPUT -p udp -s xxx.xxx.xxx.xxx --dport 1814 -i eth0 -j ACCEPT

..then, at the end, have the catch-all

-A INPUT -i eth0 -j REJECT

assuming that eth0 is your world facing interface...

1812/1813 and 1814 covers control, auth, proxying and accounting.

alan



More information about the Freeradius-Users mailing list