help:[freeradius+mysql]destination unreachable(host administratively prohibited)

Harry Hoffman hhoffman at ip-solutions.net
Wed Jul 27 13:19:20 CEST 2011 

Did you open your firewall?  Redhat-like distros send dest-prohib by default for ports blocked by iptables.

Cheers,
Harry

gary <gary.yang at browan.com> wrote:

>Hi All
>I have trouble about freeradius+mysql.
>I configured freeradius(2.1.10) +mysql(5.5.14) and selftest by radtest everything is okay.
>But when I try external nas client it always returns "null response".
>the setup as below.
>PC(client)<===>wireless AP(nas,192.168.21.223)<===>radius server(192.168.21.30)
>my nas table:
>mysql> select * from nas;
>+----+--------------------+---------------------+-------+----------+--------------+----------+---------------+---------------------+
>| id | nasname              | shortname           | type  | ports     | secret         | server    | community | description         |
>+----+--------------------+---------------------+-------+----------+--------------+----------+---------------+---------------------+
>|  1 | 192.168.21.223   | 192.168.21.223  | other |  NULL | testing123 | NULL   | NULL        | RADIUS Client |
>|  3 | 127.0.0.1             | localhost             | other |  NULL | testing123 | NULL   | NULL        | RADIUS Client |
>+----+--------------------+---------------------+-------+----------+--------------+-----------+---------------+--------------------+
>radcheck table:
>mysql> select * from radcheck;
>+----+--------------------+-------------------+----+--------+
>| id   | username           | attribute            | op | value  |
>+----+--------------------+-------------------+----+--------+
>|  1   | gary                  | User-Password | := | gary     |
>|  2   | test                    | User-Password | := | test      |
>|  3   | 001d09cb2715  | User-Password | := | test      |
>+----+--------------------+-------------------+----+--------+
>
>192.168.21.223 is the wireless AP(nas) and my radius server is 192.168.21.30.
>I am using wireshark to capture the packets and it shows "destination unreachable(host administratively prohibited)".
>see screenshot as below. Can anyone help me?
>
>
>Best Regards
>Gary
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list