help:[freeradius+mysql]destination unreachable(host administratively prohibited)

Sam Hooker sth at noiseplant.com
Wed Jul 27 16:11:58 CEST 2011


Sorry, I meant 'iptables -nvL | grep 1812' should yield something like THIS:

    0     0 ACCEPT     udp  --  *      *       192.168.21.223         0.0.0.0/0           udp dpt:1812


-sth

> You're looking for 'iptables -nvL | grep 3306' to produce something
> like this:
> 
> 0 0 ACCEPT tcp -- * * 192.168.21.223 0.0.0.0/0 tcp dpt:3306
> 
> 
> -sth
> 
> sam hooker|sth at noiseplant.com|http://www.noiseplant.com
> 
> "I have not failed, I've just found 10,000 ways that won't work."
> Thomas Edison
> 
> ----- Original Message -----
> > ping isn't the same as a open udp port.
> >
> > run the command:
> > /sbin/iptables-save
> >
> > and past the output. If it's not the firewall then it's probably
> > ACLs
> > as
> > those are really the only two things that are going to return a
> > admin-prohib icmp packet.
> >
> > Cheers,
> > Harry
> >
> > On 07/27/2011 09:06 AM, gary wrote:
> > > Hi Harry
> > > radius server and nas ping no problem each other.
> > > checking firewall no problem.
> > > the OS is Fedora 12.
> > >
> > > Best Regards
> > > Gary
> > >
> > > BROWAN COMMUNICATIONS INC.
> > > Tel:886-3-600-6899 ext.4842
> > > Fax:886-3-597-2970
> > > e-mail:gary.yang at browan.com
> > >
> > > ----- Original Message ----- From: "Harry Hoffman"
> > > <hhoffman at ip-solutions.net>
> > > To: "gary" <gary.yang at browan.com>;
> > > <freeradius-users at lists.freeradius.org>
> > > Sent: Wednesday, July 27, 2011 7:19 PM
> > > Subject: Re: help:[freeradius+mysql]destination unreachable(host
> > > administratively prohibited)
> > >
> > >
> > >> Did you open your firewall? Redhat-like distros send dest-prohib
> > >> by
> > >> default for ports blocked by iptables.
> > >>
> > >> Cheers,
> > >> Harry
> > >>
> > >> gary <gary.yang at browan.com> wrote:
> > >>
> > >>> Hi All
> > >>> I have trouble about freeradius+mysql.
> > >>> I configured freeradius(2.1.10) +mysql(5.5.14) and selftest by
> > >>> radtest everything is okay.
> > >>> But when I try external nas client it always returns "null
> > >>> response".
> > >>> the setup as below.
> > >>> PC(client)<===>wireless AP(nas,192.168.21.223)<===>radius
> > >>> server(192.168.21.30)
> > >>> my nas table:
> > >>> mysql> select * from nas;
> > >>> +----+--------------------+---------------------+-------+----------+--------------+----------+---------------+---------------------+
> > >>>
> > >>> | id | nasname | shortname | type | ports
> > >>> | secret | server | community | description |
> > >>> +----+--------------------+---------------------+-------+----------+--------------+----------+---------------+---------------------+
> > >>>
> > >>> |  1 | 192.168.21.223 | 192.168.21.223 | other | NULL |
> > >>> testing123 | NULL | NULL | RADIUS Client |
> > >>> |  3 | 127.0.0.1 | localhost | other | NULL
> > >>> | testing123 | NULL | NULL | RADIUS Client |
> > >>> +----+--------------------+---------------------+-------+----------+--------------+-----------+---------------+--------------------+
> > >>>
> > >>> radcheck table:
> > >>> mysql> select * from radcheck;
> > >>> +----+--------------------+-------------------+----+--------+
> > >>> | id | username | attribute | op | value |
> > >>> +----+--------------------+-------------------+----+--------+
> > >>> |  1 | gary | User-Password | := | gary |
> > >>> |  2 | test | User-Password | := | test |
> > >>> |  3 | 001d09cb2715 | User-Password | := | test |
> > >>> +----+--------------------+-------------------+----+--------+
> > >>>
> > >>> 192.168.21.223 is the wireless AP(nas) and my radius server is
> > >>> 192.168.21.30.
> > >>> I am using wireshark to capture the packets and it shows
> > >>> "destination
> > >>> unreachable(host administratively prohibited)".
> > >>> see screenshot as below. Can anyone help me?
> > >>>
> > >>>
> > >>> Best Regards
> > >>> Gary
> > >>>
> > >>> -
> > >>> List info/subscribe/unsubscribe? See
> > >>> http://www.freeradius.org/list/users.html
> > >
> > >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list