how to fix proxy source address
Yusuke SAKAMOTO
yanny at hongo.wide.ad.jp
Sun Apr 24 14:11:12 CEST 2011
Hi all.
I'm using FreeRADIUS 2.1.10 on FreeBSD.
May I ask about the freeradius's socket creation behavior?
I set up the following environment, and I use FreeRADIUS as a
radius proxy server. The host has two IP addresses (X.X.X.X
and X.X.X.Y), but FreeRADIUS is running only on X.X.X.X
because I start it by "radiusd -i X.X.X.X".
+-------------------+ +-------------+
| client | ------------> X.X.X.X | |
+-------------------+ | | |
| | FreeRADIUS |
+--------+ | 2.1.10 |
+-----------------------+ | | |
| another RADIUS server | <-+ X.X.X.Y | |
+-----------------------+ +-------------+
In this environment, I expect the FreeRADIUS to use X.X.X.X as the
source IP address when proxying the request, and FreeRADIUS usually
works so.
I found, however, when clients sent a lots of requests and they
exhausted 256 IDs in proxied radius packet, FreeRADIUS created a new
socket on X.X.X.Y in spite of "-i X.X.X.X" option. The log message was
" ... adding new socket proxy address * port ZZZZZ".
# Of course, the port on X.X.X.X was not exhausted.
Could you tell me if I can fix the source address to X.X.X.X?
# I know the listen section in radiusd.conf is available, but I'm
# afraid that "-i" option overwrites it.
Regards,
--
Yusuke Sakamoto
More information about the Freeradius-Users
mailing list