(RADIATOR) Radiator & IPTables integraton
Hugh Irvine
hugh at open.com.au
Wed Jul 23 05:31:13 CDT 2003
Hello Francisco -
The Handler that you show below, and the PostAuthHook within it will be
executed for the access request, the accounting start and the
accounting stop (and any other accounting requests like Alives, etc.)
that match the Handler condition.
Your hook code will need to check the request packet and take different
actions for the different types of request.
regards
Hugh
On Wednesday, Jul 23, 2003, at 20:00 Australia/Melbourne, fcontreiras
wrote:
> Hi Hugh,
>
>
>
> I kow how to run a hook code when a Radius request is made and an
> accounting start ocours,
>
>
>
> <Handler ....>
> <AuthBy ....>
> ....
> </AuthBy>
> PostAuthHook file:"perl_script"
> </Handler>
>
> but how can I run a hook code when a accounting stop ocours? the same
> script is executed?
>
>
>
> Thank's
>
> Francisco Contreiras
>
>
>
>
> -----------------------------------------------------------------------
> --------------
> Hello Francisco -
>
> Your hook code will run for every radius request matched by this
> Handler.
>
> Your code should check to see if it is an accounting start or an
> accounting stop. If the request is an accounting start, then add a rule
> to the NAT list using the Framed-IP-Address in the request. If the
> request is an accounting stop, then remove the rule from the NAT list
> again using the Framed-IP-Address in the request.
>
> regards
>
> Hugh
>
>
> On Thursday, Jul 17, 2003, at 20:31 Australia/Melbourne, Francisco
> Contreiras wrote:
>
>> I'm having some trouble finding out witch example in hooks.txt should
>> suit my needs:
>>
>> - After the Authentication, run a script (perl, ...) to add a rule in
>> IPTABLES adding the authenticated client IP to the NAT list;
>> As far as I understood I should use:
>> <Handler ....>
>> <AuthBy ....>
>> ....
>> </AuthBy>
>> PostAuthHook file:"perl_script"
>> </Handler>
>> - To know the witch client IP I need to use the <AddressAllocator
>> DHCP>
>> clause or can I stay witch my DHCPD service?
>> - When user disconnects form the network, how can I run another script
>> to remove him from the IPTABLES list?
>>
>> Best regards,
>>
>> Francisco Contreiras
>>
>>
>>
>>
>>
>> -----Original Message-----
>> From: Hugh Irvine [mailto:hugh at open.com.au]
>> Sent: quinta-feira, 17 de Julho de 2003 3:23
>> To: Francisco Contreiras
>> Cc: radiator at open.com.au
>> Subject: Re: (RADIATOR) Radiator & IPTables integraton
>>
>>
>> Hello Francisco -
>>
>> You can use a PostAuthHook to do whatever is required to add a dynamic
>> rule to iptables.
>>
>> There are some example hooks in the file "goodies/hooks.txt" in the
>> Radiator distribution.
>>
>> regards
>>
>> Hugh
>>
>>
>>>
>>>
>>> Is it possible to add a dynamic rule to Iptables allowing the
>>> authenticated user IP to be able to use NAT. How do I get the client
>>> information (IP assigned by DHCP or by Radiator) from Radiator.
>>>
>>> Thank's
>>> Francisco Contreiras
>>>
>>> -------------------------------------------------------
>>>
>>> --
>>> Mike McCauley mikem at open.com.au
>>> Open System Consultants Pty. Ltd Unix, Perl, Motif, C++,
>> WWW
>>> 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
>>> Phone +61 3 9598-0985 Fax +61 3 9598-0955
>>>
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
>> TLS,
>>> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list