CODEWITHSUNDEEP
network-programmingfreeradius
odo
odo

Reputation: 91

Freeradius extra open port

I have server with available many subnets, I would like to my Freeradius only listen on specific IP addresses. I use freeradius configuration from Arch package freeradius-3.0.19-3. The only changes are:

  1. removed IPv6 listen sections
  2. in IPv4 listen section I configured listening address to ipaddr="192.168.1.1"

In my configuration I have also listening on 127.0.0.1:18120, but when I check open ports I got:

ss -nlp|grep radiusd
udp   UNCONN 0       0                                      0.0.0.0:40012                                           0.0.0.0:*                                    users:(("radiusd",pid=22199,fd=9))
udp   UNCONN 0       0                                    127.0.0.1:18120                                           0.0.0.0:*                                    users:(("radiusd",pid=22199,fd=7))
udp   UNCONN 0       0                                  192.168.1.1:1812                                            0.0.0.0:*                                    users:(("radiusd",pid=22199,fd=8))

This port 40012 is dynamic allocated after freeradius service restart the number is different. 

ss -nlp|grep radiusd
udp   UNCONN 0       0                                      0.0.0.0:42447                                           0.0.0.0:*                                    users:(("radiusd",pid=26490,fd=9))
udp   UNCONN 0       0                                    127.0.0.1:18120                                           0.0.0.0:*                                    users:(("radiusd",pid=26490,fd=7))
udp   UNCONN 0       0                                  192.168.1.1:1812                                            0.0.0.0:*                                    users:(("radiusd",pid=26490,fd=8))

How to get rid of this port? What is a function of it?

Upvotes: 0

Views: 1097

Answers (1)

Matthew Newton
Matthew Newton

Reputation: 655

This extra port is used for sending and receiving proxy packets. If you are not using proxying you can disable it in radiusd.conf, look for

proxy_requests = yes
$INCLUDE proxy.conf

change it to "no", and comment out the INCLUDE line.

If you want to change the address and/or port that is used, look at the listen sections in e.g. raddb/sites-enabled/default. You can add a new section with type = proxy to specifically set the address and port that is used.

Upvotes: 2

Related Questions