> Hi everybody, > I'm running Freeradius on my RedHat server. Which OUTPUT > ports sholud I > leave open for freeradius?
Your _NAS_ picks the *source* port number for the request from the NAS to the RADIUS server. There is no requirement that NAS's use 1812 as the *source* port for RADIUS requests. But, it should be easy to check your firewall logs to find out what port the NAS is using for a source port. Or talk to your NAS vendor. > For accounting i leave udp 1812-13 open in INPUT and OUTPUT, I receive > authentication requests but then my auth replies are blocked > by firewall. Exactly. The FW lets the request through because the destination port matches your 1812 rule, but the firewall blocks the response because the RADIUS server sends the response back to whatever port the NAS picked for the session, which is not 1812 or 1813. Again, since the NAS picks the source port for the request, you'll have to work that angle. -- ______________________________________________________ Mike Ockenga, CCNP [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
