Source IP address for proxy requests
Angel L. Mateo
amateo at um.es
Mon Sep 25 17:08:52 CEST 2006
El lun, 25-09-2006 a las 14:46 +0200, Nicolas Baradakis escribió:
> Angel L. Mateo wrote:
>
> > Freeradius is working fine with this configuration, except the proxy
> > module. The problema I have is that proxy requests are originated with
> > the IP address of the member, not the IP of the cluster. And I haven't
> > found any configuration option to configure this. Is there any way to do
> > it?
>
> Why is this a problem?
>
This is a problem for the next reasons:
* I have to configure my firewall to accept radius conections to
different addresses, not just the clustered IP.
* The radius that receives the request has to define two different
clients (to accept my request) and also my clustered radius (to send
requests to me).
I now it can be solved with configuration but I think this is not a
elegant solution to the problem. If I have configured freeradius to
listen in just one interface of the server, why it has to use another
different interface?
> I note RADIUS packets are using UDP, which means they're connectionless.
> I think you don't want a machine from the cluster send a proxy request,
> and a different machine get the proxy reply. This wouldn't work.
>
This is an impossible situation, because I have an active/standby
configuration of the cluster. Just one node is running the IP and the
server. The other node is just a backup one (in a normal environment).
--
Angel L. Mateo <amateo at um.es>
More information about the Freeradius-Users
mailing list