Source IP address for proxy requests

Peter Nixon listuser at peternixon.net
Mon Sep 25 21:54:45 CEST 2006


On Mon 25 Sep 2006 19:05, Nicolas Baradakis wrote:
> Angel L. Mateo wrote:
> > El lun, 25-09-2006 a las 14:46 +0200, Nicolas Baradakis escribió:
> > > Angel L. Mateo wrote:
> > > > 	Freeradius is working fine with this configuration, except the proxy
> > > > module. The problema I have is that proxy requests are originated
> > > > with the IP address of the member, not the IP of the cluster. And I
> > > > haven't found any configuration option to configure this. Is there
> > > > any way to do it?
> > >
> > > Why is this a problem?
> >
> > 	This is a problem for the next reasons:
> >
> > * I have to configure my firewall to accept radius conections to
> > different addresses, not just the clustered IP.
>
> You could accept a small IP range like 192.168.1.0/30 on the firewall.
>
> > * The radius that receives the request has to define two different
> > clients (to accept my request) and also my clustered radius (to send
> > requests to me).
>
> I think a realm server would reply to the same IP which it received
> the packet from.
>
> > 	I now it can be solved with configuration but I think this is not a
> > elegant solution to the problem. If I have configured freeradius to
> > listen in just one interface of the server, why it has to use another
> > different interface?
>
> That has nothing to do with FreeRADIUS. The source address of an
> outgoing UDP packet is chosen by the kernel according to the local
> network configuration.

I had this problem previously with FreeRADIUS where radius had to reply from 
the inside interface of a multihomed server else the packets would not match 
the IPSec tunnel ACLs bound to the external interface (A common config) I 
solved it by telling freeradius to only bind to one IP. Does this config no 
longer work??

Cheers

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060925/8819a879/attachment.pgp>


More information about the Freeradius-Users mailing list