help:[freeradius+mysql]destination unreachable(host administratively prohibited)

Harry Hoffman hhoffman at ip-solutions.net
Wed Jul 27 15:28:28 CEST 2011 

ping isn't the same as a open udp port.

run the command:
/sbin/iptables-save

and past the output. If it's not the firewall then it's probably ACLs as
those are really the only two things that are going to return a
admin-prohib icmp packet.

Cheers,
Harry

On 07/27/2011 09:06 AM, gary wrote:
> Hi Harry
> radius server and nas ping no problem each other.
> checking firewall no problem.
> the OS is Fedora 12.
> 
> Best Regards
> Gary
> 
> BROWAN COMMUNICATIONS INC.
> Tel:886-3-600-6899 ext.4842
> Fax:886-3-597-2970
> e-mail:gary.yang at browan.com
> 
> ----- Original Message ----- From: "Harry Hoffman"
> <hhoffman at ip-solutions.net>
> To: "gary" <gary.yang at browan.com>; <freeradius-users at lists.freeradius.org>
> Sent: Wednesday, July 27, 2011 7:19 PM
> Subject: Re: help:[freeradius+mysql]destination unreachable(host
> administratively prohibited)
> 
> 
>> Did you open your firewall?  Redhat-like distros send dest-prohib by
>> default for ports blocked by iptables.
>>
>> Cheers,
>> Harry
>>
>> gary <gary.yang at browan.com> wrote:
>>
>>> Hi All
>>> I have trouble about freeradius+mysql.
>>> I configured freeradius(2.1.10) +mysql(5.5.14) and selftest by
>>> radtest everything is okay.
>>> But when I try external nas client it always returns "null response".
>>> the setup as below.
>>> PC(client)<===>wireless AP(nas,192.168.21.223)<===>radius
>>> server(192.168.21.30)
>>> my nas table:
>>> mysql> select * from nas;
>>> +----+--------------------+---------------------+-------+----------+--------------+----------+---------------+---------------------+
>>>
>>> | id | nasname              | shortname           | type  | ports    
>>> | secret         | server    | community | description         |
>>> +----+--------------------+---------------------+-------+----------+--------------+----------+---------------+---------------------+
>>>
>>> |  1 | 192.168.21.223   | 192.168.21.223  | other |  NULL |
>>> testing123 | NULL   | NULL        | RADIUS Client |
>>> |  3 | 127.0.0.1             | localhost             | other |  NULL
>>> | testing123 | NULL   | NULL        | RADIUS Client |
>>> +----+--------------------+---------------------+-------+----------+--------------+-----------+---------------+--------------------+
>>>
>>> radcheck table:
>>> mysql> select * from radcheck;
>>> +----+--------------------+-------------------+----+--------+
>>> | id   | username           | attribute            | op | value  |
>>> +----+--------------------+-------------------+----+--------+
>>> |  1   | gary                  | User-Password | := | gary     |
>>> |  2   | test                    | User-Password | := | test      |
>>> |  3   | 001d09cb2715  | User-Password | := | test      |
>>> +----+--------------------+-------------------+----+--------+
>>>
>>> 192.168.21.223 is the wireless AP(nas) and my radius server is
>>> 192.168.21.30.
>>> I am using wireshark to capture the packets and it shows "destination
>>> unreachable(host administratively prohibited)".
>>> see screenshot as below. Can anyone help me?
>>>
>>>
>>> Best Regards
>>> Gary
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html 
> 
>

More information about the Freeradius-Users mailing list