May I suggest you put this at the top if the ipchains rules: ipchains -A input -p udp -s 192.168.5.2/32 -d 192.168.5.3 1614:1615 -j RETURN
Which says that if the backet is from the NAS, destined for the Radius server on the radius ports, to stop processing the rest of the firewall rules. Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 "It's the smell! If there is such a thing." Agent Smith - The Matrix ----- Original Message ----- From: "Dr. Muhammad Masroor Ali" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 08, 2002 1:06 AM Subject: Re: Freeradius not working under firewall > Can not thank the responder enough for the quick response. > DNS works in > the machine, as is evidenced by success of nslookup, host > commands and successful browsing. > > I am attaching the ipchain output. > > 192.168.5.2 is the NAS, 192.168.5.3 is the radius server. > > > Chain input (policy ACCEPT): > target prot opt source > destination ports > ACCEPT all ------ anywhere > anywhere n/a > ACCEPT tcp !y---- anywhere > 192.168.5.0/24 any -> any > DENY all ------ 10.0.0.0/8 > 192.168.5.0/24 n/a > DENY all ------ 127.0.0.0/8 > 192.168.5.0/24 n/a > DENY all ------ 172.16.0.0/12 > 192.168.5.0/24 n/a > DENY all ------ 192.168.0.0/16 > 192.168.5.0/24 n/a > DENY tcp ----l- anywhere > 192.168.5.0/24 any -> > 31337 > DENY udp ----l- anywhere > 192.168.5.0/24 any -> > 31337 > DENY tcp ----l- anywhere > 192.168.5.0/24 any -> > 12345:12346 > DENY udp ----l- anywhere > 192.168.5.0/24 any -> > 12345:12346 > DENY tcp ----l- anywhere > 192.168.5.0/24 any -> > ingreslock > DENY tcp ----l- anywhere > 192.168.5.0/24 any -> > 27665 > DENY udp ----l- anywhere > 192.168.5.0/24 any -> > 27444 > DENY udp ----l- anywhere > 192.168.5.0/24 any -> > 31335 > DENY all ------ BASE-ADDRESS.MCAST.NET/8 > anywhere n/a > DENY all ------ anywhere > BASE-ADDRESS.MCAST.NET/8 n/a > DENY all ------ 203.190.34.0/24 > anywhere n/a > DENY udp ------ anywhere > anywhere any -> > bootps:bootpc > ACCEPT tcp ------ 192.168.5.0/24 > 192.168.5.0/24 any -> http > REJECT tcp ------ anywhere > 192.168.5.0/24 any -> auth > REJECT udp ------ anywhere > 192.168.5.0/24 any -> auth > DENY tcp ------ anywhere > anywhere any -> > netbios-ns:netbios-ssn > DENY udp ------ anywhere > anywhere any -> > netbios-ns:netbios-ssn > REJECT udp ------ anywhere > anywhere any -> > router > DENY tcp ----l- anywhere > anywhere any -> nfs > DENY udp ----l- anywhere > anywhere any -> nfs > DENY tcp ------ anywhere > anywhere any -> > cvsup:6003 > DENY udp ------ anywhere > anywhere any -> > cvsup:6003 > ACCEPT tcp ------ 192.168.5.2 > anywhere any -> > radius > ACCEPT udp ------ 192.168.5.2 > anywhere any -> > radius > ACCEPT tcp ------ 192.168.5.2 > anywhere any -> > radius-acct > ACCEPT udp ------ 192.168.5.2 > anywhere any -> > radius-acct > ACCEPT icmp ------ anywhere > 192.168.5.0/24 any -> any > ACCEPT tcp ------ anywhere > 192.168.5.0/24 any -> > 1023:65535 > ACCEPT udp ------ anywhere > 192.168.5.0/24 any -> > 1023:65535 > DENY all ----l- anywhere > anywhere n/a > Chain forward (policy DENY): > Chain output (policy ACCEPT): > target prot opt source > destination ports > ACCEPT all ------ anywhere > anywhere n/a > ACCEPT icmp ------ 192.168.5.0/24 > anywhere any -> any > ACCEPT all ------ anywhere > anywhere n/a > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
