(RADIATOR) Radiator & IPTables integraton
Hugh Irvine
hugh at open.com.au
Thu Jul 17 06:00:28 CDT 2003
Hello Francisco -
Your hook code will run for every radius request matched by this
Handler.
Your code should check to see if it is an accounting start or an
accounting stop. If the request is an accounting start, then add a rule
to the NAT list using the Framed-IP-Address in the request. If the
request is an accounting stop, then remove the rule from the NAT list
again using the Framed-IP-Address in the request.
regards
Hugh
On Thursday, Jul 17, 2003, at 20:31 Australia/Melbourne, Francisco
Contreiras wrote:
> I'm having some trouble finding out witch example in hooks.txt should
> suit my needs:
>
> - After the Authentication, run a script (perl, ...) to add a rule in
> IPTABLES adding the authenticated client IP to the NAT list;
> As far as I understood I should use:
> <Handler ....>
> <AuthBy ....>
> ....
> </AuthBy>
> PostAuthHook file:"perl_script"
> </Handler>
> - To know the witch client IP I need to use the <AddressAllocator DHCP>
> clause or can I stay witch my DHCPD service?
> - When user disconnects form the network, how can I run another script
> to remove him from the IPTABLES list?
>
> Best regards,
>
> Francisco Contreiras
>
>
>
>
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: quinta-feira, 17 de Julho de 2003 3:23
> To: Francisco Contreiras
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Radiator & IPTables integraton
>
>
> Hello Francisco -
>
> You can use a PostAuthHook to do whatever is required to add a dynamic
> rule to iptables.
>
> There are some example hooks in the file "goodies/hooks.txt" in the
> Radiator distribution.
>
> regards
>
> Hugh
>
>
>>
>>
>> Is it possible to add a dynamic rule to Iptables allowing the
>> authenticated user IP to be able to use NAT. How do I get the client
>> information (IP assigned by DHCP or by Radiator) from Radiator.
>>
>> Thank's
>> Francisco Contreiras
>>
>> -------------------------------------------------------
>>
>> --
>> Mike McCauley mikem at open.com.au
>> Open System Consultants Pty. Ltd Unix, Perl, Motif, C++,
> WWW
>> 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
>> Phone +61 3 9598-0985 Fax +61 3 9598-0955
>>
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
> TLS,
>> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list