On Thu, Jul 28, 2011 at 10:48 AM, gary <gary.y...@browan.com> wrote: > After I remark "-A INPUT -j REJECT --reject-with icmp-host-prohibited" it > work. > But "iptables -nvL | grep 1812" command still output nothing. > Now the iptables-save output. > ******************************************************* > [root@gary sysconfig]# /sbin/iptables-save > # Generated by iptables-save v1.4.5 on Thu Jul 28 11:41:12 2011 > *filter > :INPUT ACCEPT [69:8978] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [17:3842] > -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > -A INPUT -p icmp -j ACCEPT > -A INPUT -i lo -j ACCEPT > -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT > -A FORWARD -j REJECT --reject-with icmp-host-prohibited > COMMIT > # Completed on Thu Jul 28 11:41:12 2011 > ********************************************************
You REALLY should get help from a Linux sysadmin. That config basically means "accept all input and output traffic", which is probably not what you want. If you want to enable radius traffic you should add a rule that allows needed port (e.g. udp port 1812 and 1813). If you don't care about firewall then it might be better to turn it off altogether. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
