No sir, no gateways specified. -----Original Message----- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 15, 2006 8:52 AM To: [email protected] Subject: RE: [pfSense Support] Curious radius problem
Did you specify gateways for other interfaces than WAN? If an interface has a gateway set it will be automatically natted as it is considered to be another WAN-kind interface. If you want to shut that down you can do so by either deleting the gateway and adding appropriate static routes or by enabling advanced outbound NAT at firewall>NAT, outbound and creating only the mappings you need. Holger > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 15, 2006 3:48 PM > To: [email protected] > Subject: [pfSense Support] Curious radius problem > > I have the following setup: > > LAN------PfSense------WAN > | | | > | | | > OPT1------- | -------OPT2 (WLAN) > (GOV) | > OPT3 (DMZ) > > The DMZ houses our exchange server, running IAS. When our wireless > access points (in WLAN) attempt to communicate with IAS, the IAS > server logs the radius request as coming from the OPT2 interface of > pfsense (in my case, 192.168.10.254), rather than from the IP of the > access point. I have the proper entries in IAS, and indeed this setup > was functional roughly until my upgrade to 1.0 (currently 1.0.1). > > All other traffic between the subnets can route correctly, and if I > move the access point to the same segment as the IAS server (and make > necessary IP adjustments on both the access point and the client entry > for radius auth), then all is well. To reiterate, everything is fine > unless pfsense is in the middle of the two devices, at which point IAS > doesn't see the request coming from the AP, rather from the gateway > interface on that segment (pfsense). Traffic rules between the two > segments are wide open. > > Any ideas as to where/what to proceed with? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] For additional > commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
