From owner-freebsd-questions@FreeBSD.ORG  Fri May  2 13:28:29 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 347AE37B401
	for <freebsd-questions@freebsd.org>;
	Fri,  2 May 2003 13:28:29 -0700 (PDT)
Received: from skywalker.rogness.net (skywalker.rogness.net [64.251.173.102])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5130043FAF
	for <freebsd-questions@freebsd.org>;
	Fri,  2 May 2003 13:28:28 -0700 (PDT)
	(envelope-from nick@rogness.net)
Received: from skywalker.rogness.net (localhost [127.0.0.1])
	by skywalker.rogness.net (8.12.5/8.12.5) with ESMTP id h42KWqb3016365;
	Fri, 2 May 2003 14:32:52 -0600 (MDT)
	(envelope-from nick@rogness.net)
Received: from localhost (nick@localhost)h42KWpli016362;
	Fri, 2 May 2003 14:32:51 -0600 (MDT)
X-Authentication-Warning: skywalker.rogness.net: nick owned process doing -bs
Date: Fri, 2 May 2003 14:32:49 -0600 (MDT)
From: Nick Rogness <nick@rogness.net>
To: Bill Moran <wmoran@potentialtech.com>
In-Reply-To: <3EB2AC67.5080200@potentialtech.com>
Message-ID: <20030502142402.T16303-100000@skywalker.rogness.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: Jonathan <jonathan@sirtis.org.uk>
cc: freebsd-questions@freebsd.org
Subject: Re: Transparent UDP redirection
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 02 May 2003 20:28:29 -0000

On Fri, 2 May 2003, Bill Moran wrote:

> Jonathan wrote:
> > Hi all,
> >
> > I'm trying to temporarily move a radius server from one box to another.
> > The only problem at the moment is that I tried using portfwd to divert
> > traffic between the boxes, but it doesn't support transparent proxies
> > under FreeBSD, so the source address isn't showing up correctly.
> >
> > Can anyone suggest a port/package that has this feature? I think
> > ipfw/ipfilter is overkill for this, but I've been wrong before :)
>
> Should be able to make natd use -redirect_port to accomplish this (in
> base system) Doesn't RADIUS have redirect functions built into the
> protocol that you could use?  (not sure, it's been a while)

	Most common radius servers support proxy forwarding to another
	radius server.  This is usually a better solution :-)

	If you want to forward on a lower layer, just use:

	# ipfw add divert natd ip from any to any via $INT
	# natd -redirect_port udp $NEW_IP:1645 $OLD_IP:1645 -redirect_port
	udp $NEW_IP:1646 $OLD_IP:1646 -n $INT

	Or the equivalent ipfilter map commands.


Nick Rogness <nick@rogness.net>
-
  How many people here have telekenetic powers? Raise my hand.
  				-Emo Philips