Gary, You're looking for 'iptables -nvL | grep 3306' to produce something like this:
0 0 ACCEPT tcp -- * * 192.168.21.223 0.0.0.0/0 tcp dpt:3306 -sth sam hooker|s...@noiseplant.com|http://www.noiseplant.com "I have not failed, I've just found 10,000 ways that won't work." Thomas Edison ----- Original Message ----- > ping isn't the same as a open udp port. > > run the command: > /sbin/iptables-save > > and past the output. If it's not the firewall then it's probably ACLs > as > those are really the only two things that are going to return a > admin-prohib icmp packet. > > Cheers, > Harry > > On 07/27/2011 09:06 AM, gary wrote: > > Hi Harry > > radius server and nas ping no problem each other. > > checking firewall no problem. > > the OS is Fedora 12. > > > > Best Regards > > Gary > > > > BROWAN COMMUNICATIONS INC. > > Tel:886-3-600-6899 ext.4842 > > Fax:886-3-597-2970 > > e-mail:gary.y...@browan.com > > > > ----- Original Message ----- From: "Harry Hoffman" > > <hhoff...@ip-solutions.net> > > To: "gary" <gary.y...@browan.com>; > > <freeradius-users@lists.freeradius.org> > > Sent: Wednesday, July 27, 2011 7:19 PM > > Subject: Re: help:[freeradius+mysql]destination unreachable(host > > administratively prohibited) > > > > > >> Did you open your firewall? Redhat-like distros send dest-prohib by > >> default for ports blocked by iptables. > >> > >> Cheers, > >> Harry > >> > >> gary <gary.y...@browan.com> wrote: > >> > >>> Hi All > >>> I have trouble about freeradius+mysql. > >>> I configured freeradius(2.1.10) +mysql(5.5.14) and selftest by > >>> radtest everything is okay. > >>> But when I try external nas client it always returns "null > >>> response". > >>> the setup as below. > >>> PC(client)<===>wireless AP(nas,192.168.21.223)<===>radius > >>> server(192.168.21.30) > >>> my nas table: > >>> mysql> select * from nas; > >>> +----+--------------------+---------------------+-------+----------+--------------+----------+---------------+---------------------+ > >>> > >>> | id | nasname | shortname | type | ports > >>> | secret | server | community | description | > >>> +----+--------------------+---------------------+-------+----------+--------------+----------+---------------+---------------------+ > >>> > >>> | 1 | 192.168.21.223 | 192.168.21.223 | other | NULL | > >>> testing123 | NULL | NULL | RADIUS Client | > >>> | 3 | 127.0.0.1 | localhost | other | NULL > >>> | testing123 | NULL | NULL | RADIUS Client | > >>> +----+--------------------+---------------------+-------+----------+--------------+-----------+---------------+--------------------+ > >>> > >>> radcheck table: > >>> mysql> select * from radcheck; > >>> +----+--------------------+-------------------+----+--------+ > >>> | id | username | attribute | op | value | > >>> +----+--------------------+-------------------+----+--------+ > >>> | 1 | gary | User-Password | := | gary | > >>> | 2 | test | User-Password | := | test | > >>> | 3 | 001d09cb2715 | User-Password | := | test | > >>> +----+--------------------+-------------------+----+--------+ > >>> > >>> 192.168.21.223 is the wireless AP(nas) and my radius server is > >>> 192.168.21.30. > >>> I am using wireshark to capture the packets and it shows > >>> "destination > >>> unreachable(host administratively prohibited)". > >>> see screenshot as below. Can anyone help me? > >>> > >>> > >>> Best Regards > >>> Gary > >>> > >>> - > >>> List info/subscribe/unsubscribe? See > >>> http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html