Re: How to accept RADIUS traffic on multiple interfaces?

2013-08-15 Thread Phil Mayers
On 08/14/2013 09:25 PM, McNutt, Justin M. wrote: One other thing with multiple interfaces: RHEL 6 comes with some anti-spoofing features in the kernel enabled by default. I'm afraid As I noted elsewhere in the thread, the terms to google for this are martians and rp filter, and you are

Re: How to accept RADIUS traffic on multiple interfaces?

2013-08-15 Thread Kurt Hillig
From: Phil Mayers p.may...@imperial.ac.uk If radiusd -X isn't reporting *anything*, then it's not reaching FreeRADIUS, which means some part of the network stack is dropping it. If you're sure your iptables are correct, google linux log martians and linux rp filter. RHEL6 has different

How to accept RADIUS traffic on multiple interfaces?

2013-08-14 Thread Kurt Hillig
We're running FreeRadius 2.2.0 on RHEL 6. The servers are working fine with a single active interface (eth0) on each one; but we need to activate a second interface (eth1) on each server - on a different IP subnet - to handle local traffic on that subnet. The interfaces look like this: eth0

Re: How to accept RADIUS traffic on multiple interfaces?

2013-08-14 Thread Alan DeKok
Kurt Hillig wrote: radiusd.conf includes these listen sections (omitting comments): listen { type = auth ipaddr = * port = 1812 interface = eth0 } Why not just bind it to the IP of the interface? And remove the interface line? Alan DeKok. - List

Re: How to accept RADIUS traffic on multiple interfaces?

2013-08-14 Thread Phil Mayers
On 14/08/13 15:07, Kurt Hillig wrote: But radiusd isn't seeing any of the inbound RADIUS traffic on eth1 - tcpdump shows it coming in, but radiusd -X shows no indication of this traffic (but is reporting all of the traffic on eth0). If radiusd -X isn't reporting *anything*, then it's not

Re: How to accept RADIUS traffic on multiple interfaces?

2013-08-14 Thread Matteo Vocale
Before running radius in debug mode, try iptables -F with root privileges, it disables iptables default rules Phil Mayers p.may...@imperial.ac.uk ha scritto: On 14/08/13 15:07, Kurt Hillig wrote: But radiusd isn't seeing any of the inbound RADIUS traffic on eth1 - tcpdump shows it coming in,

RE: How to accept RADIUS traffic on multiple interfaces?

2013-08-14 Thread McNutt, Justin M.
@lists.freeradius.org] On Behalf Of Matteo Vocale Sent: Wednesday, August 14, 2013 2:32 PM To: FreeRadius users mailing list Subject: Re: How to accept RADIUS traffic on multiple interfaces? Before running radius in debug mode, try iptables -F with root privileges, it disables iptables default rules Phil Mayers

RE: How to accept RADIUS traffic on multiple interfaces?

2013-08-14 Thread McNutt, Justin M.
: freeradius-users-bounces+mcnuttj=missouri@lists.freeradius.org [mailto:freeradius-users-bounces+mcnuttj=missouri@lists.freeradius.org] On Behalf Of Matteo Vocale Sent: Wednesday, August 14, 2013 2:32 PM To: FreeRadius users mailing list Subject: Re: How to accept RADIUS traffic