I have a Domain Controller in a DMZ which is handling radius requests from
my access point. I'm having problems passing the radius information
successfully through pf. The pf box is a soekris running 4.1.
Mar 09 09:58:56.467664 rule 3/(match) block in on sis4: 172.30.30.5.1812
10.50.3.11.2055: Axs! id:1 [1477] [|radius] (frag 25868:[EMAIL PROTECTED])
Mar 09 09:58:56.467745 rule 3/(match) block in on sis4: 172.30.30.5
10.50.3.11: (frag 25868:[EMAIL PROTECTED])
# more /etc/pf.conf | grep pix_if
pix_if = sis4
pass quick log on $pix_if from any to 10.50.3.11
block in log on $pix_if
pass out on $pix_if
In this case, 172.30.30.5 is my radius server, and 10.50.3.11 is my access
point. Even though I am logging the pass rule, I do not seeing getting
hit through tcpdump. If I take out the block in log on $pix_if, radius
information flows ok.
Thanks,
runelind at runelind dot net