Re: something wrong with debian reply packets

Mon, 15 Oct 2001 06:28:13 -0700 

Mervyn Jack <[EMAIL PROTECTED]> wrote:
> You'll notice the first line of tcpdump, shows the request coming in
> on port 1645 and a return port of 1812. (I assume that's a return
> port. Here is that first line..
> 
> 14:23:22.959993 203.194.56.120.1812 > 203.16.135.45.1645:
> rad-access-req 271 [id 95] Attr[ NAS_ipaddr{203.220.246.49}
> NAS_port_type{#30} Called_station{142330358 016426} [|radius] (DF)

  This is the access request packet.  It looks fine.
 
> Here's what my radiusd server sends back to the proxy server... the
> next line, this doesn't look like the reply packet, could it be the
> SNMP connection, but why on port 1645?

  No, look at it again.  It says the protocol is ICMP, not UDP.
 
> 14:23:22.960038 203.16.135.45 > 203.194.56.120: icmp: 203.16.135.45 udp port 1645
> unreachable [tos 0xc0]

  Read that line again:  It says that at the IP address 203.16.135.45,
nothing is listening on port 1645.
 
> At the bottom of this message I will paste the output from radiusd -X,
> you will see the request come in, our reply go out and that is all.
> 
> Here is what happens when logging packets with ipchains, this is what
> leaves our server..
> 
> Packet log: output ACCEPT eth0 PROTO=17 203.16.135.45:1645 203.194.56.120:1812
> L=228 S=0x00 I=9982 F=0x0000 T=64 (#2)

  So the server IS listening on port 1645, and is sending an output
access accept packet.


 From 'radius -X'

> Listening on IP address 203.16.135.45, ports 1645/udp and 1646/udp, with proxy on 
>1647/udp.

  OK, your server is listening on port 1645.  The problem is that the
ICMP message says that for IP '203.16.135.45', nothing is listening on
port 1645.

  Something's disagreeing here.  If the server is listening on port
1645, then the MUST NOT be an ICMP message saying it isn't.

> rad_recv: Access-Request packet from host 203.194.56.120:1812, id=182, length=271

  And it's receiving a packet from the NAS from port 1812.  That's
fine.

> Sending Access-Accept of id 182 to 203.194.56.120:1812

  And it's replying.  That's fine, too.


  I'd say that something is weird in your system.  That ICMP message
is screwing things up.  Either your system is broken, or your
'tcpdump' logs were collected at a time when the RADIUS server was NOT
running.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to