Avoiding UDP port 1814
Brian Candler
b.candler at pobox.com
Tue Aug 26 14:33:29 CEST 2014
[Using freeradius 2.1.12+dfsg-1.2ubuntu8 from ubuntu 14.04]
I notice that freeradius listens on UDP port 1814. The problem is that
this conflicts with another application I'm using:
http://docs.ganeti.org/ganeti/master/man/ganeti-confd.html
and I'd rather move freeradius than this one.
However I cannot see how to change which port freeradius uses. There is
no entry for 1814 in /etc/services.
I see the following in freeradius -X output:
Listening on proxy address * port 1814
but a grep -R of /etc/freeradius doesn't find 1814. Indeed, a grep -R of
the entire source code doesn't find anything relevant for 1814.
So my questions are:
* why is FreeRADIUS using port 1814? Has it bound a socket to port 1814
for sending *outbound* proxy requests (and is only "Listening" in the
sense that it receives replies to the requests it has sent?)
* how can I bind this to a different port instead?
In ./src/include/radius.h I can see
#define PW_AUTH_UDP_PORT 1812
#define PW_ACCT_UDP_PORT 1813
but I'm stuck finding where 1814 is chosen.
Ah, maybe it's this:
port = sock->port + 2; /* skip acct port */
...
/*
* Try to find a proxy port (value doesn't matter)
*/
for (sock->port = port;
sock->port < 64000;
sock->port++) {
if (listen_bind(this) == 0) {
*last = this;
last = &(this->next); /* just in case */
break;
}
}
which suggests that it's hard-coded to be the authentication port + 2,
or the first available socket after that.
OK, to test this theory: stop both apps, restart the other app which
binds to 1814, then restart freeradius.
# netstat -naup | grep freeradius
udp 0 0 0.0.0.0:42388 0.0.0.0:*
23378/freeradius
udp 0 0 127.0.0.1:18120 0.0.0.0:*
23378/freeradius
udp 0 0 0.0.0.0:1812 0.0.0.0:*
23378/freeradius
udp 0 0 0.0.0.0:1813 0.0.0.0:*
23378/freeradius
udp 0 0 0.0.0.0:1815 0.0.0.0:*
23378/freeradius
Yep, freeradius has moved to 1815. So I can make this work, but only if
ganeti-confd starts *before* freeradius.
Is there any setting I've missed which would allow the freeradius port
scan to start at a different place?
Thanks,
Brian.
More information about the Freeradius-Users
mailing list