Re: How to accept RADIUS traffic on multiple interfaces?

2013-08-15 Thread Kurt Hillig
>> From: Phil Mayers >> >> If "radiusd -X" isn't reporting *anything*, then it's not reaching >> FreeRADIUS, which means some part of the network stack is dropping it. >> >> If you're sure your iptables are correct, google "linux log martians" and >> "linux rp filter". RHEL6 has different defaul

Re: How to accept RADIUS traffic on multiple interfaces?

2013-08-15 Thread Phil Mayers
On 08/14/2013 09:25 PM, McNutt, Justin M. wrote: One other thing with multiple interfaces: RHEL 6 comes with some anti-spoofing features in the kernel enabled by default. I'm afraid As I noted elsewhere in the thread, the terms to google for this are "martians" and "rp filter", and you are c

RE: How to accept RADIUS traffic on multiple interfaces?

2013-08-14 Thread McNutt, Justin M.
-J -Original Message- From: freeradius-users-bounces+mcnuttj=missouri@lists.freeradius.org [mailto:freeradius-users-bounces+mcnuttj=missouri@lists.freeradius.org] On Behalf Of Matteo Vocale Sent: Wednesday, August 14, 2013 2:32 PM To: FreeRadius users mailing list Subject: Re: How to

RE: How to accept RADIUS traffic on multiple interfaces?

2013-08-14 Thread McNutt, Justin M.
souri@lists.freeradius.org] On Behalf Of Matteo Vocale Sent: Wednesday, August 14, 2013 2:32 PM To: FreeRadius users mailing list Subject: Re: How to accept RADIUS traffic on multiple interfaces? Before running radius in debug mode, try iptables -F with root privileges, it disables iptables default rules Phil M

Re: How to accept RADIUS traffic on multiple interfaces?

2013-08-14 Thread Matteo Vocale
Before running radius in debug mode, try iptables -F with root privileges, it disables iptables default rules Phil Mayers ha scritto: >On 14/08/13 15:07, Kurt Hillig wrote: > >> But radiusd isn't seeing any of the inbound RADIUS traffic on eth1 - >> tcpdump shows it coming in, but "radiusd -X"

Re: How to accept RADIUS traffic on multiple interfaces?

2013-08-14 Thread Phil Mayers
On 14/08/13 15:07, Kurt Hillig wrote: But radiusd isn't seeing any of the inbound RADIUS traffic on eth1 - tcpdump shows it coming in, but "radiusd -X" shows no indication of this traffic (but is reporting all of the traffic on eth0). If "radiusd -X" isn't reporting *anything*, then it's not r

Re: How to accept RADIUS traffic on multiple interfaces?

2013-08-14 Thread Alan DeKok
Kurt Hillig wrote: > radiusd.conf includes these "listen" sections (omitting comments): > > listen { > type = auth > ipaddr = * > port = 1812 > interface = eth0 > } Why not just bind it to the IP of the interface? And remove the "interface" line? Alan DeKok.