help:[freeradius+mysql]destination unreachable(hostadministratively prohibited)

Fajar A. Nugraha list at
Thu Jul 28 06:02:38 CEST 2011

On Thu, Jul 28, 2011 at 10:48 AM, gary <gary.yang at> wrote:
> After I remark "-A INPUT -j REJECT --reject-with icmp-host-prohibited" it
> work.
> But "iptables -nvL | grep 1812" command still output nothing.
> Now the iptables-save output.
> *******************************************************
> [root at gary sysconfig]# /sbin/iptables-save
> # Generated by iptables-save v1.4.5 on Thu Jul 28 11:41:12 2011
> *filter
> :INPUT ACCEPT [69:8978]
> :OUTPUT ACCEPT [17:3842]
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> # Completed on Thu Jul 28 11:41:12 2011
> ********************************************************

You REALLY should get help from a Linux sysadmin. That config
basically means "accept all input and output traffic", which is
probably not what you want. If you want to enable radius traffic you
should add a rule that allows needed port (e.g. udp port 1812 and
1813). If you don't care about firewall then it might be better to
turn it off altogether.


More information about the Freeradius-Users mailing list