Upstream NAS flooding my radius
Nathan M
locu.lists at gmail.com
Tue Dec 20 19:50:01 CET 2011
On Fri, Dec 16, 2011 at 9:17 PM, Alan DeKok <aland at deployingradius.com> wrote:
> That is distinctly anti-social behavior from whoever owns the NAS.
Agreed.
>
> Another solution is to use RADIUS. :)
>
> Set up a proxy for ONLY that NAS. Call it "A". Have it proxy ALL
> packets to the local proxy you're already running, "B". This
> configuration should be very, very, small. You can strip out 99% of the
> normal server configuration.
>
> In the configuration for "A", set "max_outstanding" to a low value,
> like 100 or 200. See raddb/proxy.conf for details.
>
> Then, in the "post-proxy type Fail" section, set "do_not_respond".
>
> This configuration limits the proxy load to no more than the upstream
> can handle. It also throws away packets when it receives too many.
>
> It's a bit more work than iptables, but it's cross-platform, and
> guaranteed to work.
>
> Alan DeKok.
> -
Bingo! That's what I was looking for. Thanks Alan.
- N
More information about the Freeradius-Users
mailing list