iptables rules from freeradius...

classic Classic list List threaded Threaded
4 messages Options
| Threaded
Open this post in threaded view
|

iptables rules from freeradius...

tbsky
Hi:
   i am using freeradius as wireless authenticator.
   windows xp client is using wpa + peap.
   and authentication through wireless ap is ok.

   now i want to setup some iptables rules for authenticated users.
   i wonder if this can be done via freeradius.
   can i find out the mac address or ip address information for
   authenticated users?  can i run iptables scripts when a user
   authenticated successfully ? since ip address is offered by dhcp
   server after authenticated, i think it's difficult to get this info
   from freeradius. maybe there are better ways to implement what i want?

   thanks for reply !!!

Best Regards,
tbsky


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: iptables rules from freeradius...

Alan DeKok
[hidden email] wrote:
>    now i want to setup some iptables rules for authenticated users.
>    i wonder if this can be done via freeradius.

  The proper question is: Can the NAS do it?  If not, then no
configuration of FreeRADIUS will make the NAS do it.

>    can i find out the mac address or ip address information for
>    authenticated users?

  Look in the packets.

> can i run iptables scripts when a user authenticated successfully ?

  Ask the NAS.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: iptables rules from freeradius...

tbsky
Hi:
   sorry i did not describe my environment properly.
   my radius server is also wireless gateway & firewall.
   so the iptables rules is setting up at radius server,
   not at the NAS . is this possible?

Regards,
sky_li

> [hidden email] wrote:
>>    now i want to setup some iptables rules for authenticated users.
>>    i wonder if this can be done via freeradius.
>
>   The proper question is: Can the NAS do it?  If not, then no
> configuration of FreeRADIUS will make the NAS do it.
>
>>    can i find out the mac address or ip address information for
>>    authenticated users?
>
>   Look in the packets.
>
>> can i run iptables scripts when a user authenticated successfully ?
>
>   Ask the NAS.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: iptables rules from freeradius...

Alan DeKok
[hidden email] wrote:
>    my radius server is also wireless gateway & firewall.
>    so the iptables rules is setting up at radius server,
>    not at the NAS . is this possible?

  Yes.  Run a shell script.  See "Exec-Program"

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html