[freeside] Billing and other questions
ivan
ivan at 420.am
Tue Jun 6 14:41:05 PDT 2000
On Tue, Jun 06, 2000 at 09:36:16AM -0500, Thomas Charron wrote:
> Quoting ivan <ivan at 420.am>:
> > > setting up a server for a small ISP. They want to run both Freeside and
> > > Radius on the same box.
> > I advise against doing this. Your Freeside machine should be behind a
> > firewall and inaccessable from outside, except for the employees who will
> > be using it.
> > Your RADIUS server, OTOH, needs to accept connections from your terminal
> > servers and is not typically behind a firewall.
>
> As an option, what we do is forward via NAT all radius requests to the
> internal box that runs our freeside database, which also runs our Cistron
> Radius server. In our case, it really *isn't* available from the outside. Not
> a nitpick, just an example of a situation where this could be a viable
> alternative.
In this situation, you're still allowing arbitrary packets from the
network onto the Freeside machine, and depending on the security of your
RADIUS server to protect you from both DoS and more serious attacks.
I'd advise against it.
--
meow
_ivan
More information about the freeside-users
mailing list