help:[freeradius+mysql]destination unreachable(host administratively prohibited)

gary gary.yang at browan.com
Wed Jul 27 15:06:04 CEST 2011 

Hi Harry
radius server and nas ping no problem each other.
checking firewall no problem.
the OS is Fedora 12.

Best Regards
Gary

BROWAN COMMUNICATIONS INC.
Tel:886-3-600-6899 ext.4842
Fax:886-3-597-2970
e-mail:gary.yang at browan.com

----- Original Message ----- 
From: "Harry Hoffman" <hhoffman at ip-solutions.net>
To: "gary" <gary.yang at browan.com>; <freeradius-users at lists.freeradius.org>
Sent: Wednesday, July 27, 2011 7:19 PM
Subject: Re: help:[freeradius+mysql]destination unreachable(host 
administratively prohibited)


> Did you open your firewall?  Redhat-like distros send dest-prohib by 
> default for ports blocked by iptables.
>
> Cheers,
> Harry
>
> gary <gary.yang at browan.com> wrote:
>
>>Hi All
>>I have trouble about freeradius+mysql.
>>I configured freeradius(2.1.10) +mysql(5.5.14) and selftest by radtest 
>>everything is okay.
>>But when I try external nas client it always returns "null response".
>>the setup as below.
>>PC(client)<===>wireless AP(nas,192.168.21.223)<===>radius 
>>server(192.168.21.30)
>>my nas table:
>>mysql> select * from nas;
>>+----+--------------------+---------------------+-------+----------+--------------+----------+---------------+---------------------+
>>| id | nasname              | shortname           | type  | ports     | 
>>secret         | server    | community | description         |
>>+----+--------------------+---------------------+-------+----------+--------------+----------+---------------+---------------------+
>>|  1 | 192.168.21.223   | 192.168.21.223  | other |  NULL | testing123 | 
>>NULL   | NULL        | RADIUS Client |
>>|  3 | 127.0.0.1             | localhost             | other |  NULL | 
>>testing123 | NULL   | NULL        | RADIUS Client |
>>+----+--------------------+---------------------+-------+----------+--------------+-----------+---------------+--------------------+
>>radcheck table:
>>mysql> select * from radcheck;
>>+----+--------------------+-------------------+----+--------+
>>| id   | username           | attribute            | op | value  |
>>+----+--------------------+-------------------+----+--------+
>>|  1   | gary                  | User-Password | := | gary     |
>>|  2   | test                    | User-Password | := | test      |
>>|  3   | 001d09cb2715  | User-Password | := | test      |
>>+----+--------------------+-------------------+----+--------+
>>
>>192.168.21.223 is the wireless AP(nas) and my radius server is 
>>192.168.21.30.
>>I am using wireshark to capture the packets and it shows "destination 
>>unreachable(host administratively prohibited)".
>>see screenshot as below. Can anyone help me?
>>
>>
>>Best Regards
>>Gary
>>
>>-
>>List info/subscribe/unsubscribe? See 
>>http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list