[RADIATOR] AddressAllocator DHCP question

Heikki Vatiainen hvn at open.com.au
Wed Feb 6 16:12:35 CST 2013


On 02/06/2013 11:42 PM, Hugh Irvine wrote:

> If the target DHCP server is replying to port 67 there is nothing that Radiator can do.
> 
> This is the issue I saw when the module was written.

I agree that the DHCP server must be willing to reply to the source port
for this to work.

There might be one way to do it, though. If you are using Linux, use NAT
to change the destination port to e.g. 2067. Something like this may work:

% sudo iptables -t nat -A PREROUTING -i eth0 -p udp --dport 67 -j
REDIRECT --to-port 2067

And then make sure that firewall accepts traffic to port 2067:

% sudo iptables -I INPUT -i eth0 -p udp --dport 2067 -j ACCEPT

You could add source IP address and possible other restrictions to the
above rules but the idea is the same: apply NAT to the requests from the
root restricted destination port to the port you want.

I have not actually used this kind of trickery with DHCP, so please
consider this as an experimental idea.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list