Listening on proxy address * XXXXXX

classic Classic list List threaded Threaded
5 messages Options
| Threaded
Open this post in threaded view
|

Listening on proxy address * XXXXXX

Sezer BAGLAN
Hi all,

When I run freeradius with basic configuration in debug mode I see that
freeradius server listens an arbitrary port other than 1812 and 18120.
Necessary debug prints are as given below:

--------

Listening on auth address 10.0.2.15 port 1812 bound to server default

Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel

*Listening on proxy address * port* *35629*

*--------*


Why freeradius server listens such an arbitrary port? Is it possible to
configure it?


Kind regards,

Sezer
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Listening on proxy address * XXXXXX

Matthew Newton-3
On Wed, 2020-02-12 at 09:28 +0300, Sezer BAGLAN wrote:
> Why freeradius server listens such an arbitrary port?

It is the port that proxied requests are sent from, and proxy replies
received to.

> Is it possible to configure it?

You need to add a listen{} section, outside of a virtual server, e.g.
something like this at the very top of sites-enabled/default, or in
proxy.conf:

listen {
  ipaddr = *
  port = 1814
  type = proxy
}

See the notes in sites-enabled/default in the listen{} section there.

--
Matthew


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Listening on proxy address * XXXXXX

Sezer BAGLAN
Hi Matthew,

Thank your very much for your help.

Does it make sense to set ipaddr as 127.0.0.1 other than 0.0.0.0 for proxy
situation? Is there any difference from security point view that you may
point out?

Thanks in advance,
Sezer

On Wed, Feb 12, 2020 at 1:13 PM Matthew Newton <[hidden email]> wrote:

> On Wed, 2020-02-12 at 09:28 +0300, Sezer BAGLAN wrote:
> > Why freeradius server listens such an arbitrary port?
>
> It is the port that proxied requests are sent from, and proxy replies
> received to.
>
> > Is it possible to configure it?
>
> You need to add a listen{} section, outside of a virtual server, e.g.
> something like this at the very top of sites-enabled/default, or in
> proxy.conf:
>
> listen {
>   ipaddr = *
>   port = 1814
>   type = proxy
> }
>
> See the notes in sites-enabled/default in the listen{} section there.
>
> --
> Matthew
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Listening on proxy address * XXXXXX

Alan DeKok-2
On Feb 13, 2020, at 7:03 AM, Sezer BAGLAN <[hidden email]> wrote:
> Does it make sense to set ipaddr as 127.0.0.1 other than 0.0.0.0 for proxy
> situation? Is there any difference from security point view that you may
> point out?

  This is networking 101.

  Are you proxying only to 127.0.0.1?  If so, the outgoing proxy socket can listen on 127.0.0.1

  If you're proxying out to rest of the network, you can't use 127.0.0.1

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Listening on proxy address * XXXXXX

Sezer BAGLAN
Hi Alan,

Thanks for your kind reply.

Sezer

On Thu, Feb 13, 2020 at 3:41 PM Alan DeKok <[hidden email]>
wrote:

> On Feb 13, 2020, at 7:03 AM, Sezer BAGLAN <[hidden email]> wrote:
> > Does it make sense to set ipaddr as 127.0.0.1 other than 0.0.0.0 for
> proxy
> > situation? Is there any difference from security point view that you may
> > point out?
>
>   This is networking 101.
>
>   Are you proxying only to 127.0.0.1?  If so, the outgoing proxy socket
> can listen on 127.0.0.1
>
>   If you're proxying out to rest of the network, you can't use 127.0.0.1
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html