Nicolas Baradakis wrote:
Yes you are correct. Abviously I didn't read the thread in enough
depth. It does bring up the issue that we maybe should have an optional
proxy_source_ip config option..
All IP protocol servers should offer each type of socket a configurable
bind address (or list of such). That is quite aside from the specifics
of this issue - that is, it solves other, much much harder to solve
problems than just this issue, and is required for absolutely
deterministic behaviour.
I don't think it's a good idea, because all the realm servers may not be
on the same network. IMHO FreeRADIUS doesn't have to cope with the network
configuration of the host: it only has to set the destination IP, and the
rest is handled by the kernel.
This is not a convincing argument to my ear.
There are legitimate reasons to want to bind to a *specific* IP for
sockets sinking and sourcing datagrams (and in fact for stream
protocols, though these tend to be less of an issue). Bind, a venerable
(if crufty) and EXTREMELY widely deployed datagram protocol
client/server, has found this out repeatedly (see transfer-source,
query-source, notify-source - those options weren't added for giggles).
I'm currently running into a problem with ISC dhcpd related to it's
failure to offer IP-specific bind options and offering service to
overlapping address space on a single server, which is impossible for
the want of this micro-option.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
