Source IP address for proxy requests

Angel L. Mateo amateo at um.es
Mon Sep 25 17:08:52 CEST 2006


El lun, 25-09-2006 a las 14:46 +0200, Nicolas Baradakis escribió:
> Angel L. Mateo wrote:
> 
> > 	Freeradius is working fine with this configuration, except the proxy
> > module. The problema I have is that proxy requests are originated with
> > the IP address of the member, not the IP of the cluster. And I haven't
> > found any configuration option to configure this. Is there any way to do
> > it?
> 
> Why is this a problem?
> 
	This is a problem for the next reasons:

* I have to configure my firewall to accept radius conections to
different addresses, not just the clustered IP.

* The radius that receives the request has to define two different
clients (to accept my request) and also my clustered radius (to send
requests to me).

	I now it can be solved with configuration but I think this is not a
elegant solution to the problem. If I have configured freeradius to
listen in just one interface of the server, why it has to use another
different interface?

> I note RADIUS packets are using UDP, which means they're connectionless.
> I think you don't want a machine from the cluster send a proxy request,
> and a different machine get the proxy reply. This wouldn't work.
> 
	This is an impossible situation, because I have an active/standby
configuration of the cluster. Just one node is running the IP and the
server. The other node is just a backup one (in a normal environment).

-- 
Angel L. Mateo <amateo at um.es>




More information about the Freeradius-Users mailing list