Config Examples
Alex Bahoor
alexbahoor at sbcglobal.net
Sun Dec 6 03:39:58 CET 2009
Tim,
I did not mean to insult any one, I just sensed a sarcastic response, that I
did not deserve.
Sorry!
Alex
-----Original Message-----
From: freeradius-users-bounces+alexbahoor=sbcglobal.net at lists.freeradius.org
[mailto:freeradius-users-bounces+alexbahoor=sbcglobal.net at lists.freeradius.o
rg] On Behalf Of Tim Sylvester
Sent: Saturday, December 05, 2009 4:00 PM
To: 'FreeRadius users mailing list'
Subject: RE: Config Examples
Alex,
You are insulting people that are trying to help you, for FREE. Chill out!
When you did netstat -a, you probably did something like this:
[root at springy html]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 *:ldap *:*
LISTEN
tcp 0 0 *:mysql *:*
LISTEN
tcp 0 0 *:sunrpc *:*
LISTEN
tcp 0 0 *:ftp *:*
LISTEN
tcp 0 0 springy.smartcow.com:ipp *:*
LISTEN
tcp 0 0 springy.smartcow.com:smtp *:*
LISTEN
tcp 0 0 *:rndc *:*
LISTEN
tcp 0 0 *:ldap *:*
LISTEN
tcp 0 0 *:http *:*
LISTEN
tcp 0 0 *:ssh *:*
LISTEN
tcp 0 0 *:https *:*
LISTEN
tcp 0 132 springy.smartcow.com:ssh sporky.smartcow.com:55457
ESTABLISHED
tcp 0 0 springy.smartcow.com:ssh sporky.smartcow.com:64928
ESTABLISHED
tcp 0 0 springy.smartcow.com:ssh sporky.smartcow.c:ddi-tcp-5
ESTABLISHED
tcp 0 0 springy.smartcow.com:ssh sporky.smartcow.com:64026
ESTABLISHED
udp 0 0 *:radius *:*
udp 0 0 *:radius-acct *:*
If you look carefully at the headings, you will see that *:* is the in
"Foreign Address" column. Reading the man page for netstat shows that the
Local Address and Foreign address column are:
Local Address
Address and port number of the local end of the socket. Unless the
--numeric (-n) option
is specified, the socket address is resolved to its canonical host
name (FQDN), and the
port number is translated into the corresponding service name.
Foreign Address
Address and port number of the remote end of the socket. Analogous
to "Local Address."
Since RADIUS uses UDP and is connectionless, the concept of the remote end
of the socket doesn't mean much. If you READ the man page, you can use the
netstat -an, which will show port numbers and IP address numbers. You will
see something like:
[root at springy html]# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 0.0.0.0:389 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:953 0.0.0.0:*
LISTEN
tcp 0 0 :::389 :::*
LISTEN
tcp 0 0 :::80 :::*
LISTEN
tcp 0 0 :::22 :::*
LISTEN
tcp 0 0 :::443 :::*
LISTEN
tcp 0 0 ::ffff:10.0.0.91:22 ::ffff:10.0.0.242:55457
ESTABLISHED
tcp 0 0 ::ffff:10.0.0.91:22 ::ffff:10.0.0.242:64928
ESTABLISHED
tcp 0 0 ::ffff:10.0.0.91:22 ::ffff:10.0.0.242:8892
ESTABLISHED
tcp 0 0 ::ffff:10.0.0.91:22 ::ffff:10.0.0.242:64026
ESTABLISHED
udp 0 0 0.0.0.0:1812 0.0.0.0:*
udp 0 0 0.0.0.0:1813 0.0.0.0:*
The last two lines are the entries for the RADIUS server listening on port
1812 for authentication requests and on port 1813 for accounting requests.
*:* has nothing to do with dynamic ports.
Go back and read the information in the configuration files, man pages, web
site, and mailing lists. Then if you have some other questions, send you
questions to the mailing list in a respectful, grateful manner.
Tim
Since radius uses UDP the "F
> -----Original Message-----
> From: freeradius-users-
> bounces+tim.sylvester=networkradius.com at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+tim.sylvester=networkradius.com at lists.freeradius.org] On Behalf
> Of Alex Bahoor
> Sent: Saturday, December 05, 2009 2:43 PM
> To: 'FreeRadius users mailing list'
> Subject: RE: Config Examples
>
>
> You're missing the point. This is how networking works.
>
> Alex
>
> -----Original Message-----
> From: freeradius-users-
> bounces+alexbahoor=sbcglobal.net at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+alexbahoor=sbcglobal.net at lists.freeradius.o
> rg] On Behalf Of tnt at kalik.net
> Sent: Saturday, December 05, 2009 2:26 PM
> To: FreeRadius users mailing list
> Subject: RE: Config Examples
>
> > This is a fact--the internet would not work if DNS uses dynamic port
> to
> > listen to? You must understand, all these known port numbers are used
> to
> > start up client connections
>
> Ok, let's say you want to use port 1645 for radius authentication. What
> do
> you do? Go round the shops and see if they have a device with that one?
> Or
> should you have flexibility ot use 1645 or 1812 as you please? Or
> should
> 1645 now be banned for use with radius because it confuses you?
>
> Ivan Kalik
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature
> database 4663 (20091205) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature
> database 4663 (20091205) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4663 (20091205) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4663 (20091205) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
More information about the Freeradius-Users
mailing list