On Tue 26 Sep 2006 16:26, Nicolas Baradakis wrote: > Peter Nixon wrote: > > On Tue 26 Sep 2006 11:55, Nicolas Baradakis wrote: > > > However, a proxy request is different, because it's a new outgoing > > > packet. In this case, we don't force the source IP in FreeRADIUS and > > > we shouldn't do so because the NAS and the realm server are possibly > > > on a different network. (it depends on the local network configuration) > > > > > > The network configuration of the host is outside the scope of > > > FreeRADIUS. The correct way to solve the problem is to fix the > > > network routes on the host, so the outgoing requests have the > > > desired source IP. > > > > Yes you are correct. Abviously I didn't read the thread in enough > > depth. It does bring up the issue that we maybe should have an optional > > proxy_source_ip config option.. > > I don't think it's a good idea, because all the realm servers may not be > on the same network. IMHO FreeRADIUS doesn't have to cope with the network > configuration of the host: it only has to set the destination IP, and the > rest is handled by the kernel.
It is not a critical option (for me) at present, but it is usefull and it should default to * of course. If someone doesn't have all their realm servers on the same "side" of the server then they should know that. A more flexible option of course would be to have an internal attribute like "Proxy-Source-IP". The it could be specified per request for people who wish to.. Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
pgp1jxy936Snv.pgp
Description: PGP signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html