[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: free radius behind a load balancer?
From: Nathan Ward <lists+freeradius () daork ! net>
Date: 2021-01-14 21:27:12
Message-ID: 3D0796C7-BB36-4038-8C06-79A9BD522BDB () daork ! net
[Download RAW message or body]
> On 15/01/2021, at 5:25 AM, Coy Hile <coy.hile@coyhile.com> wrote:
>
> > On Jan 14, 2021, at 10:45 AM, Joseph Nordone via Freeradius-Users \
> > <freeradius-users@lists.freeradius.org> wrote:
> > Yes, free-radius works great behind load-balancers. We have multiple clusters \
> > behind f5 load balancers. I would look at setting up a two-arm load balancer so \
> > that the originating IP address of the client is presented to the radius server. \
> > Outside of that, it won't modify or change any attribute of the packet itself.
>
> How do you mean? What specific things did you have to do for that to happen? (What \
> I've seen is the NATed IP come through as the Packet-Src-IP-Address, rather than \
> the machine from whence I was testing.)
Packet-Src-IP-Address is the source IP of the packet as received by the RADIUS server \
- F5 (or other LB) doesn't insert that, it's not like X-Forwarded-For in HTTP land.
You can disable SNAT in the F5 config to avoid that - the F5 has to be in the IP \
return path for that traffic from the client though - usually that means it's the \
default gateway but of course there are more complicated environments where that's \
not the case :-)
--
Nathan Ward
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic