On 02/06/2013 11:42 PM, Hugh Irvine wrote: > If the target DHCP server is replying to port 67 there is nothing that > Radiator can do. > > This is the issue I saw when the module was written.
I agree that the DHCP server must be willing to reply to the source port for this to work. There might be one way to do it, though. If you are using Linux, use NAT to change the destination port to e.g. 2067. Something like this may work: % sudo iptables -t nat -A PREROUTING -i eth0 -p udp --dport 67 -j REDIRECT --to-port 2067 And then make sure that firewall accepts traffic to port 2067: % sudo iptables -I INPUT -i eth0 -p udp --dport 2067 -j ACCEPT You could add source IP address and possible other restrictions to the above rules but the idea is the same: apply NAT to the requests from the root restricted destination port to the port you want. I have not actually used this kind of trickery with DHCP, so please consider this as an experimental idea. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
