How to accept RADIUS traffic on multiple interfaces?
Kurt Hillig
khillig at umich.edu
Wed Aug 14 16:07:17 CEST 2013
We're running FreeRadius 2.2.0 on RHEL 6.
The servers are working fine with a single active interface (eth0) on
each one; but we need to activate a second interface (eth1) on each
server - on a different IP subnet - to handle local traffic on that subnet.
The interfaces look like this:
eth0 Link encap:Ethernet HWaddr 18:03:73:EE:76:96
inet addr:10.10.0.189 Bcast:10.10.0.191 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth1 Link encap:Ethernet HWaddr 18:03:73:EE:76:98
inet addr:10.10.95.62 Bcast:10.10.95.127 Mask:255.255.255.128
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
and the routing is correct:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.10.0.184 0.0.0.0 255.255.255.248 U 0 0 0 eth0
10.10.95.0 0.0.0.0 255.255.255.128 U 0 0 0 eth1
0.0.0.0 10.10.0.185 0.0.0.0 UG 0 0 0 eth0
Iptables is set up to accept incoming traffic from anywhere on UDP
ports 1812 and 1813.
radiusd.conf includes these "listen" sections (omitting comments):
listen {
type = auth
ipaddr = *
port = 1812
interface = eth0
}
listen {
type = auth
ipaddr = *
port = 1812
interface = eth1
}
listen {
type = acct
ipaddr = *
port = 1813
interface = eth0
}
listen {
type = acct
ipaddr = *
port = 1813
interface = eth1
}
But radiusd isn't seeing any of the inbound RADIUS traffic on eth1 -
tcpdump shows it coming in, but "radiusd -X" shows no indication of
this traffic (but is reporting all of the traffic on eth0).
Anyone know what I'm missing here?
--
Dr. Kurt Hillig
UMNet Administration I always tell the (734)647-8778 desk
University of Michigan absolute truth, (734)323-2736 cell
Ann Arbor, MI 48105-3640 as I see it. khillig(at)umich.edu
> Computers were invented to help people waste more time faster <
More information about the Freeradius-Users
mailing list