[ previous ] [ next ] [ threads ]
 
 From:  "Clayton Cannon" <Clayton dot Cannon at neighbortofamily dot org>
 To:  "Jonathan De Graeve" <Jonathan dot DeGraeve at imelda dot be>, "SDamron" <sdamron at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Using a internet based RADIUS server and M0N0WALL
 Date:  Tue, 18 Jul 2006 09:34:31 -0400
Then the log that the m0n0wall is having doesn't make any sense to me.  It
states that it is blocking the communication even while I have the rule
setup to allow it.  Please have a look at these screenshots...

http://www.nauticalartist.com/myspace/radius_blocked.jpg

http://www.nauticalartist.com/myspace/radius_rule.jpg

Notice on the firewall log entries, the communication from 68.143.227.115 to
10.10.0.5 is the Radius communication.  It is of type UDP but has no port
information.  Very strange and sadly very blocked.

-----Original Message-----
From: Jonathan De Graeve [mailto:Jonathan dot DeGraeve at imelda dot be] 
Sent: Tuesday, July 18, 2006 9:15 AM
To: Clayton Cannon; SDamron; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Using a internet based RADIUS server and M0N0WALL

Radius protocol just runs over normal UDP and isn't different then a normal
UDP 'connection'

Kind Regards

J.

--
Jonathan De Graeve
Network/System Engineer
Imelda vzw
Informatica Dienst
+32 15/50.52.98
jonathan dot de dot graeve at imelda dot be

---------
Always read the manual for the correct way to do things because the number
of incorrect ways to do things is almost infinite
---------

> -----Oorspronkelijk bericht-----
> Van: Clayton Cannon [mailto:Clayton dot Cannon at neighbortofamily dot org]
> Verzonden: dinsdag 18 juli 2006 14:52
> Aan: SDamron; m0n0wall at lists dot m0n0 dot ch
> Onderwerp: RE: [m0n0wall] Using a internet based RADIUS server and 
> M0N0WALL
> 
> I've tried forwarding UDP, TCP and UDP/TCP port 1812 and 1813 to the
AP
> inside the LAN but the m0n0wall is blocking packets of non-udp type 
> (radius protocol type) coming from the Radius server.  They are not 
> marked as
UDP
> nor TCP and I know on a PIX you have to specify the Radius protocol
just
> as
> you have to do with GRE for PPTP tunnels.  I've even setup a sniffer
on
> the
> Radius server (Windows 2003 box with IAS) and have verified the use of
the
> Radius protocol.  Any ideas?  Thanks.
> 
> 
> -----Original Message-----
> From: SDamron [mailto:sdamron at gmail dot com]
> Sent: Monday, July 17, 2006 7:59 PM
> To: Clayton Cannon
> Subject: Re: [m0n0wall] Using a internet based RADIUS server and
M0N0WALL
> 
> Just allow port 1812 and 1813 upd and tcp.  That generally fixes it.
> 
> On 7/17/06, Clayton Cannon <Clayton dot Cannon at neighbortofamily dot org>
wrote:
> > The firewall is m0n0wall.  The clients attempting to authenticate
are
> WIFI
> clients using an AP which is on the network behind the firewall.  The 
> Radius server is on the Internet and the AP is to authenticate logins 
> to it.
> Problem is when the Radius server answers, m0n0wall blocks the 
> communication back to the AP.  I have attempted to make rules to allow 
> the
communication
> but I do not see an option for the Radius protocol to be allowed.
> >
> >
> >
> > ________________________________
> >
> > From: Jonathan De Graeve [mailto:Jonathan dot DeGraeve at imelda dot be]
> > Sent: Mon 7/17/2006 5:24 PM
> > To: Clayton Cannon; m0n0wall at lists dot m0n0 dot ch
> > Subject: RE: [m0n0wall] Using a internet based RADIUS server and 
> > M0N0WALL
> >
> >
> > Van: Clayton Cannon [mailto:Clayton dot Cannon at neighbortofamily dot org]
> > Verzonden: ma 17/07/2006 21:24
> > Aan: m0n0wall at lists dot m0n0 dot ch
> > Onderwerp: [m0n0wall] Using a internet based RADIUS server and 
> > M0N0WALL
> >
> > >I have setup a public Radius & CA server which I plan to use to 
> > >manage the wifi access of the enterprise I manage.  The problem I
am
> > >having is that the Radius packets keep getting blocked at the 
> > >firewall when the Radius server responds to a Radius authentication 
> > >attempt.  Has anyone had experience with authenticating LAN clients 
> > >with a internet based Radius server or even a central Radius server
> with
> WAN links provided by IpSEC tunnels?
> > >
> >
> > 1) which firewall, the m0n0wall one?
> > 2) can you make a 'image' of your setup?
> >
> > M0n0's CP handles internet radius systems without any problem by
> default.
> >
> > J.
> >
> >
> 
> 
> --
> -------------------------------
> "Nothing on earth can overcome an absolutely non-resistant person."
smime.p7s (5.0 KB, application/x-pkcs7-signature)