> -----Original Message-----
> From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> Sent: Monday, September 25, 2000 12:17 PM
> To: Andrew Pollock; [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) Radiator proxying and NAT
>
>
>
> Hello Andrew -
>
> On Mon, 25 Sep 2000, Andrew Pollock wrote:
> > Hi,
> >
> > I'm currently troubleshooting a curious problem with Radiator
> proxying to a
> > second Radiator server that is behind a firewall and is having address
> > translation performed on it.
> >
> > The Radiator server doing the proxying is on the Internet, and
> the Radiator
> > server being proxied to has a private IP address and a fixed
> public address
> > is translated to that private IP address.
> >
> > Translation is occuring some of the time, but not consistently, and it's
> > naturally causing all sorts of problems. The problem is going
> have to be the
> > firewall, but I'm wondering if anything Radiator is doing isn't helping
> > either. One thing I noticed is Radiator is proxying on the
> packets with a
> > high source port (not 1645). I'm pretty sure that previously I've seen
> > RADIUS servers do all the talking in all directions on port
> 1645, is this
> > the case?
> >
>
> As far as I know, radius clients (which is what Radiator is when
> acting as a
> proxy) use high source port numbers when sending requests. The
> only time we
> have seen something different (ie. broken) is with some versions
> of GRIC on NT,
> which don't reply to the source port as sent in the request.
>
> Someone else on the list may have other comments.
Hi again,
I've done a little bit more research and noticed the following:
NAS (outside firewall) talking to RADIUS (Radiator) server (inside firewall)
The NAS will change it's source port (the high port) with each new request.
Retransmitted requests all use the same source port as the original request.
Everything works fine with the firewall and the NATing.
Radiator server (outside firewall) talking to Radiator server (inside
firewall)
The Radiator server outside the firewall changes it's source port every
minute or so. Multiple different requests are sent to the other Radiator
server on the same source port. The first request is NATed correctly, the
subsequent requests are not. Once the Radiator server outside the firewall
changes it's source port again, that first request is also NATed
successfully, the rest are not.
How hard is it going to be to change Radiator to use a new source port for
each request that it proxies?
Andrew
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
