help:[freeradius+mysql]destination unreachable(hostadministratively prohibited)
Fajar A. Nugraha
list at fajar.net
Thu Jul 28 06:02:38 CEST 2011
On Thu, Jul 28, 2011 at 10:48 AM, gary <gary.yang at browan.com> wrote:
> After I remark "-A INPUT -j REJECT --reject-with icmp-host-prohibited" it
> work.
> But "iptables -nvL | grep 1812" command still output nothing.
> Now the iptables-save output.
> *******************************************************
> [root at gary sysconfig]# /sbin/iptables-save
> # Generated by iptables-save v1.4.5 on Thu Jul 28 11:41:12 2011
> *filter
> :INPUT ACCEPT [69:8978]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [17:3842]
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> # Completed on Thu Jul 28 11:41:12 2011
> ********************************************************
You REALLY should get help from a Linux sysadmin. That config
basically means "accept all input and output traffic", which is
probably not what you want. If you want to enable radius traffic you
should add a rule that allows needed port (e.g. udp port 1812 and
1813). If you don't care about firewall then it might be better to
turn it off altogether.
--
Fajar
More information about the Freeradius-Users
mailing list