Re: IPTABLES - continued

[A . L . M . Buxey]

Hi,

 I would like to have this FreeRadius box on the Internet so a few of my
 NAS devices can access it no matter where they are.  I understand port
 1812 and 1813 udp must be opened.  I am looking for some example
 IPTABLES (fedora core) entries that would enable UDP access to
 FreeRadius.

I would really recommend that you simply read the iptables documentation
before throwing rules aroundbut anyway, are your NAS's in static address
locations? if so, you could throw something like this into your
/etc/sysconfig/iptables file:

-A INPUT -p udp -s xxx.xxx.xxx.xxx --dport 1812 -i eth0 -j ACCEPT
-A INPUT -p udp -s xxx.xxx.xxx.xxx --dport 1813 -i eth0 -j ACCEPT
-A INPUT -p udp -s xxx.xxx.xxx.xxx --dport 1814 -i eth0 -j ACCEPT

..then, at the end, have the catch-all

-A INPUT -i eth0 -j REJECT

assuming that eth0 is your world facing interface...

1812/1813 and 1814 covers control, auth, proxying and accounting.

alan
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IPTABLES - continued

[Thor Spruyt]

Shaun Rossi wrote:
 After posting, I realized I should have elaborated more.
 
 I would like to have this FreeRadius box on the Internet so a few of
 my 
 NAS devices can access it no matter where they are.  I understand port
 1812 and 1813 udp must be opened.  I am looking for some example
 IPTABLES (fedora core) entries that would enable UDP access to
 FreeRadius.

http://www.google.be/search?hl=nlq=iptables+samplemeta=

-- 
Groeten, Regards, Salutations,

Thor Spruyt
M: +32 (0)475 67 22 65
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com

www.salesguide.be
www.telenethotspot.be

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html