Failed to install socket filter
Gerald Combs
gerald at ethereal.com
Mon Nov 3 21:31:51 CST 2003
On Mon, 3 Nov 2003, Gerald Combs wrote:
> Which RADIUS server are you using? Does it have an option to bind to a
> specific IP address? Since RADIUS runs over UDP, it's possible for the
> server to open a new socket when sending replies. In your case, the reply
> socket is apparently binding to the first available IP address (.1).
> This is arguably a bug in the RADIUS server; it ought to bind to the
> inbound address. To get around this, you can set up the RADIUS server to
> support listening on a specific IP address.
I forgot -- you might be able to force the RADIUS server to use .2 as your
outgoing address by fooling with your routing table:
route add -host x.y.z.q gw 10.0.1.2
This will force traffic going to x.y.z.q (in your case this is the RADIUS
client address) to be sourced from 10.0.1.2 by default. This is a bit of
a hack, though, and you really should try to bind the RADIUS server to
10.0.1.2 explicitly.
More information about the Kclug
mailing list