Hi Harry, Sam
The problem solved.Thank you very much.
Here is the output of iptables-save. (iptables -nvL | grep 1812 output
nothing)
*******************************************************
[root@gary sysconfig]# /sbin/iptables-save
# Generated by iptables-save v1.4.5 on Thu Jul 28 11:36:40 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [15:2804]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Jul 28 11:36:40 2011
*******************************************************
After I remark "-A INPUT -j REJECT --reject-with icmp-host-prohibited" it
work.
But "iptables -nvL | grep 1812" command still output nothing.
Now the iptables-save output.
*******************************************************
[root@gary sysconfig]# /sbin/iptables-save
# Generated by iptables-save v1.4.5 on Thu Jul 28 11:41:12 2011
*filter
:INPUT ACCEPT [69:8978]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [17:3842]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Jul 28 11:41:12 2011
********************************************************
Best Regards
Gary
BROWAN COMMUNICATIONS INC.
Tel:886-3-600-6899 ext.4842
Fax:886-3-597-2970
e-mail:[email protected]
----- Original Message -----
From: "Sam Hooker" <[email protected]>
To: "FreeRadius users mailing list" <[email protected]>
Sent: Wednesday, July 27, 2011 10:11 PM
Subject: Re: help:[freeradius+mysql]destination
unreachable(hostadministratively prohibited)
Sorry, I meant 'iptables -nvL | grep 1812' should yield something like
THIS:
0 0 ACCEPT udp -- * * 192.168.21.223
0.0.0.0/0 udp dpt:1812
-sth
You're looking for 'iptables -nvL | grep 3306' to produce something
like this:
0 0 ACCEPT tcp -- * * 192.168.21.223 0.0.0.0/0 tcp dpt:3306
-sth
sam hooker|[email protected]|http://www.noiseplant.com
"I have not failed, I've just found 10,000 ways that won't work."
Thomas Edison
----- Original Message -----
> ping isn't the same as a open udp port.
>
> run the command:
> /sbin/iptables-save
>
> and past the output. If it's not the firewall then it's probably
> ACLs
> as
> those are really the only two things that are going to return a
> admin-prohib icmp packet.
>
> Cheers,
> Harry
>
> On 07/27/2011 09:06 AM, gary wrote:
> > Hi Harry
> > radius server and nas ping no problem each other.
> > checking firewall no problem.
> > the OS is Fedora 12.
> >
> > Best Regards
> > Gary
> >
> > BROWAN COMMUNICATIONS INC.
> > Tel:886-3-600-6899 ext.4842
> > Fax:886-3-597-2970
> > e-mail:[email protected]
> >
> > ----- Original Message ----- From: "Harry Hoffman"
> > <[email protected]>
> > To: "gary" <[email protected]>;
> > <[email protected]>
> > Sent: Wednesday, July 27, 2011 7:19 PM
> > Subject: Re: help:[freeradius+mysql]destination unreachable(host
> > administratively prohibited)
> >
> >
> >> Did you open your firewall? Redhat-like distros send dest-prohib
> >> by
> >> default for ports blocked by iptables.
> >>
> >> Cheers,
> >> Harry
> >>
> >> gary <[email protected]> wrote:
> >>
> >>> Hi All
> >>> I have trouble about freeradius+mysql.
> >>> I configured freeradius(2.1.10) +mysql(5.5.14) and selftest by
> >>> radtest everything is okay.
> >>> But when I try external nas client it always returns "null
> >>> response".
> >>> the setup as below.
> >>> PC(client)<===>wireless AP(nas,192.168.21.223)<===>radius
> >>> server(192.168.21.30)
> >>> my nas table:
> >>> mysql> select * from nas;
> >>>
+----+--------------------+---------------------+-------+----------+--------------+----------+---------------+---------------------+
> >>>
> >>> | id | nasname | shortname | type | ports
> >>> | secret | server | community | description |
> >>>
+----+--------------------+---------------------+-------+----------+--------------+----------+---------------+---------------------+
> >>>
> >>> | 1 | 192.168.21.223 | 192.168.21.223 | other | NULL |
> >>> testing123 | NULL | NULL | RADIUS Client |
> >>> | 3 | 127.0.0.1 | localhost | other | NULL
> >>> | testing123 | NULL | NULL | RADIUS Client |
> >>>
+----+--------------------+---------------------+-------+----------+--------------+-----------+---------------+--------------------+
> >>>
> >>> radcheck table:
> >>> mysql> select * from radcheck;
> >>> +----+--------------------+-------------------+----+--------+
> >>> | id | username | attribute | op | value |
> >>> +----+--------------------+-------------------+----+--------+
> >>> | 1 | gary | User-Password | := | gary |
> >>> | 2 | test | User-Password | := | test |
> >>> | 3 | 001d09cb2715 | User-Password | := | test |
> >>> +----+--------------------+-------------------+----+--------+
> >>>
> >>> 192.168.21.223 is the wireless AP(nas) and my radius server is
> >>> 192.168.21.30.
> >>> I am using wireshark to capture the packets and it shows
> >>> "destination
> >>> unreachable(host administratively prohibited)".
> >>> see screenshot as below. Can anyone help me?
> >>>
> >>>
> >>> Best Regards
> >>> Gary
> >>>
> >>> -
> >>> List info/subscribe/unsubscribe? See
> >>> http://www.freeradius.org/list/users.html
> >
> >
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
