Matthew Schumacher wrote:
Lewis Bergman wrote:
Matthew Schumacher wrote:
I'm getting accounting messages like these that seem to be coming from
the loopback interface, but `tcpdump -i lo` doesn't see them so they are
not coming from a local client. If they are not coming from a local
client then how can I figure out where they are coming from?
Thu Jan 12 07:19:58 2006
Acct-Status-Type = Stop
NAS-IP-Address = x.x.x.x (legit nas IP)
Acct-Delay-Time = 0
User-Name = "user"
NAS-Port = 536936515
Acct-Session-Id = "0A000067"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = x.x.x.x (legit Framed-IP-Address)
Acct-Session-Time = 0
Acct-Input-Octets = 0
Acct-Output-Octets = 0
Acct-Input-Packets = 0
Acct-Output-Packets = 0
Client-IP-Address = 127.0.0.1
Acct-Unique-Session-Id = "1cc41474b27ed376"
Timestamp = 1137082798
These appear to be from the loopback of the NAS, not the radius server.
Thanks for your reply, however it doesn't make sense to me. How can the
Client-IP-Address be 127.0.0.1 if the radius server records the source
address of the packet in the Client-IP-Address attribute? If the packet
came from the loopback of the nas then I would expect the NAS-IP-Address
to be 127.0.0.1 but the Client-IP-Address to be where the packet was
sourced from.
I assumed when you marked the NAS ip as legit, that the actual value in
that field is a legit IP that you have listed in your clients.conf file.
If that is the case, then that is where the packet originated from. My
NAS's report the client IP as the NAS address if I log in from the network.
Login-IP-Host = <ip of router>
Client-IP-Address = <IP of NAS IP>
I think I remember if I logged in from the console port that it reports
the Client address as the loopback.
--
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off. 325-691-1301
Cell 325-439-0533
fax 325-695-6841
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
