radius and natd
dmitry surovtsev
dsurovtsev at yahoo.com
Thu Jul 31 03:46:16 PDT 2003
try
ipfw add divert tcp from 10.0.0.4 to $addr_of_radius
via rl1
ipfw add divert tcp from $radius to $ip_of_rl1 via rl1
ipfw add allow tcp from $ip_of_rl1 to $radius out xmit
via rl1
ipfw add allow tcp from $radius to 10.0.0.4 in recv
via rl1
dmitry
Message: 1
Date: Tue, 29 Jul 2003 12:46:58 -0700
From: Sean Hafeez <sahafeez at edgefocus.com>
Subject: radius and natd
To: freebsd-ipfw at freebsd.org
Message-ID: <3F26CF32.2060307 at edgefocus.com>
Content-Type: text/plain; charset=us-ascii;
format=flowed
i have a network (10.0.0.x) that is nat'd to the
external interface of
the firewall. everything works great. the kernel was
compiled with the
leave everything open opition. the only rules are:
/sbin/natd -interface rl0
ipfw add divert natd all from any to any via rl0
ipfw add pipe 1 ip from any to any in recv rl1
ipfw add pipe 2 ip from any to any out xmit rl1
ipfw pipe 1 config mask src-ip 0xffffffff bw
1024kbits/s
ipfw pipe 2 config mask dst-ip 0xffffffff bw
1024kbits/s
rl0 is the external. rl1 is the internal 10.0.0.x
network.
i have a device on the internal network 10.0.0.4 that
needs to query an
radius server on the internet. i can see the request
come in from the
device on rl1 (tcpdump -i rl1) but i see nothing leave
and never see
the
packet hit the server. is nat the problem? is there
away around this?
i googled but did not find anything that worked.
remember this is a
wide
open box that is just being used for nat and shapping
with no rules.
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
More information about the freebsd-ipfw
mailing list