Avoiding UDP port 1814

Brian Candler b.candler at pobox.com
Tue Aug 26 14:33:29 CEST 2014

[Using freeradius 2.1.12+dfsg-1.2ubuntu8 from ubuntu 14.04]

I notice that freeradius listens on UDP port 1814. The problem is that 
this conflicts with another application I'm using:
and I'd rather move freeradius than this one.

However I cannot see how to change which port freeradius uses. There is 
no entry for 1814 in /etc/services.

I see the following in freeradius -X output:

     Listening on proxy address * port 1814

but a grep -R of /etc/freeradius doesn't find 1814. Indeed, a grep -R of 
the entire source code doesn't find anything relevant for 1814.

So my questions are:

* why is FreeRADIUS using port 1814? Has it bound a socket to port 1814 
for sending *outbound* proxy requests (and is only "Listening" in the 
sense that it receives replies to the requests it has sent?)

* how can I bind this to a different port instead?

In ./src/include/radius.h I can see
#define PW_AUTH_UDP_PORT                1812
#define PW_ACCT_UDP_PORT                1813
but I'm stuck finding where 1814 is chosen.

Ah, maybe it's this:

                                 port = sock->port + 2; /* skip acct port */


                  *      Try to find a proxy port (value doesn't matter)
                 for (sock->port = port;
                      sock->port < 64000;
                      sock->port++) {
                         if (listen_bind(this) == 0) {
                                 *last = this;
                                 last = &(this->next); /* just in case */

which suggests that it's hard-coded to be the authentication port + 2, 
or the first available socket after that.

OK, to test this theory: stop both apps, restart the other app which 
binds to 1814, then restart freeradius.

# netstat -naup | grep freeradius
udp        0      0*                           
udp        0      0*                           
udp        0      0*                           
udp        0      0*                           
udp        0      0*                           

Yep, freeradius has moved to 1815. So I can make this work, but only if 
ganeti-confd starts *before* freeradius.

Is there any setting I've missed which would allow the freeradius port 
scan to start at a different place?



More information about the Freeradius-Users mailing list