FreeRADIUS sends proxy packets out the proper interface, but with the wrong source IP (simple udpfromto problem?)

[Adam Bultman]

On 10/18/2011 10:02 PM, Alan DeKok wrote:
> Adam Bultman wrote:
>> Problem: The detail reader, when sending the accounting packets, sends
>> them out the *correct* interface, but with the *wrong* source IP
>> address. (It will send out eth2, but have the source IP of eth0.)
> 
>   You're running Linux, right?  And both interfaces are on the same network?
> 
>   It's a Linux bug.  The Linux people think it isn't a bug, so it hasn't
> been fixed for 10+ years.
> 

Yeah, I'm running linux, but all my networks are on distinct interfaces,
and none are duplicated.  eth0 = 10.x.x.x, eth1 = public IP, eth2 =
192.168.x.x .


>   As a hint, FreeRADIUS uses the standard socket calls to send/recv
> packets.  There's no magic "send packets out the wrong interface" code
> in it.  All of the routing is handled by the kernel.  So... blame the
> kernel for routng problems.
> 

I did just about everything I could think of to make sure that any
packets had the correct source IP via routing - 'ip route 192.168.x.x/24
via 192.168.x.1 dev eth2 src 192.168.x.155', but it made no difference.
 I didn't think there was any specific code to send things out the wrong
interface, but I did wonder perhaps there was something like 'whatever
IP I'm told to listen on first, that will be my source IP' type thing.


>>  I
>> proxy to other hosts as well, so I cannot simply force a single proxy ip
>> address, since that will break other things. (As far as I can tell.) All
>> my routing is good, no firewalls are in the way, etc.
> 
>   You can set "src_ipaddr" for each home server.  See raddb/proxy.conf.
>  This is documented.
> 

This isn't in the copy of the proxy.conf file on my RADIUS servers,
which explains why I've had trouble at all.  If my version (2.1.10)
doesn't support src_ipaddr, then I'll upgrade.

Thanks for your help, Alan.  It is much appreciated.



-- 
Adam