How to accept RADIUS traffic on multiple interfaces?

Kurt Hillig khillig at umich.edu
Thu Aug 15 14:42:37 CEST 2013


>> From: Phil Mayers <p.mayers at imperial.ac.uk>
>>
>> If "radiusd -X" isn't reporting *anything*, then it's not reaching FreeRADIUS, which means some part of the network stack is dropping it.
>>
>> If you're sure your iptables are correct, google "linux log martians" and "linux rp filter". RHEL6 has different defaults to previous RHEL versions in this regard.

Thanks for all the suggestions, Phil (et. al)!

The problem was indeed the rp_filter setting in /etc/sysctl.conf;
turning off the RPF check solved the problem.

On Wed, Aug 14, 2013 at 10:07 AM, Kurt Hillig <khillig at umich.edu> wrote:
> We're running FreeRadius 2.2.0 on RHEL 6.
>
> The servers are working fine with a single active interface (eth0) on
> each one; but we need to activate a second interface (eth1) on each
> server - on a different IP subnet - to handle local traffic on that subnet.
>
> <snip>
>
> But radiusd isn't seeing any of the inbound RADIUS traffic on eth1 -
> tcpdump shows it coming in, but "radiusd -X" shows no indication of
> this traffic (but is reporting all of the traffic on eth0).
>
> Anyone know what I'm missing here?

-- 
                           Dr. Kurt Hillig
  UMNet Administration    I always tell the  (734)647-8778 desk
 University of Michigan    absolute truth,   (734)323-2736 cell
Ann Arbor, MI  48105-3640   as I see it.   khillig(at)umich.edu

> Computers were invented to help people waste more time faster <


More information about the Freeradius-Users mailing list