I wish it was that easy Mark, but it's not. You'll notice the first line of tcpdump, shows the request coming in on port 1645 and a return port of 1812. (I assume that's a return port. Here is that first line..
14:23:22.959993 203.194.56.120.1812 > 203.16.135.45.1645: rad-access-req 271 [id 95] Attr[ NAS_ipaddr{203.220.246.49} NAS_port_type{#30} Called_station{142330358 016426} [|radius] (DF) Here's what my radiusd server sends back to the proxy server... the next line, this doesn't look like the reply packet, could it be the SNMP connection, but why on port 1645? 14:23:22.960038 203.16.135.45 > 203.194.56.120: icmp: 203.16.135.45 udp port 1645 unreachable [tos 0xc0] At the bottom of this message I will paste the output from radiusd -X, you will see the request come in, our reply go out and that is all. Here is what happens when logging packets with ipchains, this is what leaves our server.. Packet log: output ACCEPT eth0 PROTO=17 203.16.135.45:1645 203.194.56.120:1812 L=228 S=0x00 I=9982 F=0x0000 T=64 (#2) regards Mervyn Mark Constable wrote: > On Mon, 15 Oct 2001 14:53, Mervyn Jack wrote: > > > The request from the proxy client comes in on 1645, with a return port of > > 1812, but radiusd seems to try and ping ? port 1645 on the proxy server end > > and it fails. Which it will as their proxy server is listening for the > > reply on 1812. Please excuse my tcp/udp lack of knowledge, perhaps the > > grep rad /etc/services > > radius 1812/tcp # Radius > radius 1812/udp # Radius > radacct 1813/tcp # Radius Accounting > radacct 1813/udp # Radius Accounting > > if it's not like above then there is your problem. You can also use -p > to force freeradius to listen on another port. > > --markc > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html porky:/usr/local/var/log/radius# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading clients read_config_files: reading realms read_config_files: reading naslist main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd.pid" main: bind_address = 203.16.135.45 IP address [203.16.135.45] main: user = "root" main: group = "root" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: dead_time = 120 main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded System unix: cache = no unix: passwd = "/etc/passwd" unix: shadow = "(null)" unix: group = "/etc/group" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail" detail: detailperm = 384 detail: dirperm = 493 Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) main: smux_password = "" main: snmp_write_access = no SMUX connect try 1 Can't connect to SNMP agent with SMUX: Connection refused Listening on IP address 203.16.135.45, ports 1645/udp and 1646/udp, with proxy on 1647/udp. Ready to process requests. rad_recv: Access-Request packet from host 203.194.56.120:1812, id=182, length=271 NAS-IP-Address = 203.220.246.49 NAS-Port-Type = Async Called-Station-Id = "142330358016426" Calling-Station-Id = "358711419" Service-Type = Framed-User Framed-Protocol = PPP Password = "\261\364\236\271*\222k\304>\260\255\341P\257'\224" User-Name = "steve" Proxy-State = 0x42535032696d7330312d7379642f413532443036463741393839414145413343323338413232413938394538323644374534314544393843374132303430394344433339323 3384234364445323845433245394635303733383544464441353730304346364438443242433630413133443136304633384336383235323541444146344433334544374638453546414231464543373845 333143313936444342394234413238454533304133 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "suffix" returns ok users: Matched steve at 54 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied Password matches local Password Login OK: [steve] (from nas kbs port 0 cli 358711419) Sending Access-Accept of id 182 to 203.194.56.120:1812 Framed-IP-Netmask = 255.255.255.255 Proxy-State = 0x42535032696d7330312d7379642f413532443036463741393839414145413343323338413232413938394538323644374534314544393843374132303430394344433339323 3384234364445323845433245394635303733383544464441353730304346364438443242433630413133443136304633384336383235323541444146344433334544374638453546414231464543373845 333143313936444342394234413238454533304133 Finished request 0 Going to the next request SMUX connect try 2 Can't connect to SNMP agent with SMUX: Connection refused --- Walking the entire request list --- Waking up in 6 seconds... SMUX connect try 3 Can't connect to SNMP agent with SMUX: Connection refused --- Walking the entire request list --- Cleaning up request 0 ID 182 with timestamp 3bca81e4 Nothing to do. Sleeping until we see a request. -- Mervyn Jack, Technical Director, Country Netlink Pty Ltd. PO Box 529, Cobram, Vic. Australia, 3644 Ph +61 3 5871 1000 Fax +61 3 5871 1874 Mobile 0409 960 520 mailto:[EMAIL PROTECTED] http://www.cnl.com.au ICQ 354419 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html