Hi!
We are using Linux ISG from sysoleg.
We are using NETMAP rules for Full Cone NAT (NAT 1:1) - based on authorization packets in ISG and if RADIUS Attribute has != 0.0.0.0
$cfg{cb_on_session_start} = sub {
my $pars = shift;
my $ipaddr = $pars->{"ipaddr"};
my $nat_ipaddr = $pars->{"nat_ipaddr"};
if ($nat_ipaddr != '0.0.0.0'){
iptables -t nat -A binat_dst -d $nat_ipaddr/32 -j NETMAP --to $ipaddr;
iptables -t nat -A binat_src -s $ipaddr/32 -j NETMAP --to $nat_ipaddr;
ipset add smtp_pass $ipaddr -exist;
}
do_log("info", "Adding $ipaddr to ipset table fwd_allow\n");
ipset add fwd_allow $ipaddr -exist;
};
So, subscriber address has 192.168.0.1 address and NAT IP-address 167.80.45.50
In this case local subscriber can initiate session from LAN (by User-Name = 192.168.0.1), but session not will be authorized if other public service send a request to NAT IP-address 167.80.45.50 (because its not authorize packet by NAT IP-address(Framed-IP-Address)).
How can we add to Linux ISG authorization by Framed-IP-Address?
Hi!
We are using Linux ISG from sysoleg.
We are using NETMAP rules for Full Cone NAT (NAT 1:1) - based on authorization packets in ISG and if RADIUS Attribute has != 0.0.0.0
$cfg{cb_on_session_start} = sub {
my $pars = shift;
my $ipaddr = $pars->{"ipaddr"};
my $nat_ipaddr = $pars->{"nat_ipaddr"};
if ($nat_ipaddr != '0.0.0.0'){
iptables -t nat -A binat_dst -d $nat_ipaddr/32 -j NETMAP --to $ipaddr;iptables -t nat -A binat_src -s $ipaddr/32 -j NETMAP --to $nat_ipaddr;ipset add smtp_pass $ipaddr -exist;}
do_log("info", "Adding $ipaddr to ipset table fwd_allow\n");
ipset add fwd_allow $ipaddr -exist;};
So, subscriber address has 192.168.0.1 address and NAT IP-address 167.80.45.50
In this case local subscriber can initiate session from LAN (by User-Name = 192.168.0.1), but session not will be authorized if other public service send a request to NAT IP-address 167.80.45.50 (because its not authorize packet by NAT IP-address(Framed-IP-Address)).
How can we add to Linux ISG authorization by Framed-IP-Address?