[SOLVED] FreeRADIUS + LVS problem

Sam Schultz segfault90 at hushmail.com
Tue Feb 27 19:06:53 CET 2007

Brief Review:
I had a working FreeRADIUS configuration doing EAP-TTLS wireless 
authentication that broke when put behind a 1:1 NAT/LVS. No faults
were found in the FreeRADIUS configuration, so the NAT configuration
was suspect. It likewise was found to have no faults (it's just a 
single SNAT & a single DNAT rule). After tcpdumping from the 
server, I
discovered that FR was receiving requests via the correct 
but trying to send them out of a different (virtual) interface/IP. 

Obviously, this won't work, NAT or otherwise. The original test box
was multi-homed, but the interfaces were bonded, so it didn't suffer
from the same problem. The NAT just added an extra layer of

The solution was to specifically bind to the correct interface/IP,
just as you would with most daemons on a multi-homed box. This 
would seem to further prove that often the solution is simpler than 
think :)

Click to learn how to become a world famous writer or poet

More information about the Freeradius-Users mailing list