'Re: help:[freeradius+mysql]destinationunreachable(hostadministratively'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: help:[freeradius+mysql]destinationunreachable(hostadministratively
From:       "gary" <gary.yang () browan ! com>
Date:       2011-07-28 5:17:38
Message-ID: 009801cc4ce5$b4d0db30$cd15a8c0 () ggyy40fbc8fbae
[Download RAW message or body]

Hi Fajar
Sure. I am replying to say the root cause is firewall issue.
The firewall has to be optimized.
Thansk for your reply.

Best Regards
Gary

BROWAN COMMUNICATIONS INC.
Tel:886-3-600-6899 ext.4842
Fax:886-3-597-2970
e-mail:gary.yang@browan.com

----- Original Message ----- 
From: "Fajar A. Nugraha" <list@fajar.net>
To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
Sent: Thursday, July 28, 2011 12:02 PM
Subject: Re: 
help:[freeradius+mysql]destinationunreachable(hostadministratively 
prohibited)


> On Thu, Jul 28, 2011 at 10:48 AM, gary <gary.yang@browan.com> wrote:
>> After I remark "-A INPUT -j REJECT --reject-with icmp-host-prohibited" it
>> work.
>> But "iptables -nvL | grep 1812" command still output nothing.
>> Now the iptables-save output.
>> *******************************************************
>> [root@gary sysconfig]# /sbin/iptables-save
>> # Generated by iptables-save v1.4.5 on Thu Jul 28 11:41:12 2011
>> *filter
>> :INPUT ACCEPT [69:8978]
>> :FORWARD ACCEPT [0:0]
>> :OUTPUT ACCEPT [17:3842]
>> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>> -A INPUT -p icmp -j ACCEPT
>> -A INPUT -i lo -j ACCEPT
>> -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
>> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
>> COMMIT
>> # Completed on Thu Jul 28 11:41:12 2011
>> ********************************************************
>
> You REALLY should get help from a Linux sysadmin. That config
> basically means "accept all input and output traffic", which is
> probably not what you want. If you want to enable radius traffic you
> should add a rule that allows needed port (e.g. udp port 1812 and
> 1813). If you don't care about firewall then it might be better to
> turn it off altogether.
>
> -- 
> Fajar
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic