Freeradius-Users Digest, Vol 49, Issue 95

Ivan Kalik tnt at kalik.net
Thu May 21 15:27:51 CEST 2009


> 3. RE: Freeradius-Users Digest, Vol 49, Issue 93 (Ivan Kalik)
>
> ____________________________________________________________________________
>
>> Radius Client    -->  Radius Proxy
>
>> 192.168.1.2      192.168.1.3  192.168.14.3  --> IPS1(192.168.14.4)
>
>>                               192.168.24.3  --> IPS2(192.168.24.4)
>
> ____________________________________________________________________________
>
> You say:
>
>>>Yes. Proxy server will change NAS-IP-Address from the original NAS
>>> >>address into it's own. That is OK.
>
>
>
> It not works. In my scenario I have two different NAS-IP-Address(a
> NAS-IP-Address for ISP1 and a NAS-IP-Address for ISP2).
>

That's because that can't work:

  # Note: "type = proxy" lets you control the source IP used for
  # proxying packets, with some limitations:
  #
  # * Only ONE proxy listener can be defined.
  # * A proxy listener CANNOT be used in a virtual server section.
  # * You should probably set "port = 0".
  # * Any "clients" configuration will be ignored.

You can't define two IPs on which to proxy. You need two proxy servers for
that:

proxy1 gets requests from NAS -> if it's for isp1 proxy to 192.168.14.4
from 192.168.14.3

if it's for isp2, proxy to proxy2 (also from 192.168.14.3)

proxy2 will have 192.168.24.3 configured as proxy port and proxy to
192.168.24.4 (isp2)

You can even have proxy1 and proxy2 on the same machine, one listening on
1812+ ports and other on 1645+ ports. They just can't be the same radiusd
process.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list