Re: URGENT**** (fwd)

Brian 'MegaZone' Bikowicz ((no email))
Wed, 1 Nov 1995 13:42:25 -0800 (PST)

Once upon a time Jeffrey C. Ollie shaped the electrons to say...
>SunOS and Solaris (I don't know which versions). The problem is that
>you have multiple interfaces on your RADIUS server. The PortMaster is
>probably expecting replies that contain the return address of the
>RADIUS server, which is probably set to the IP address of the ethernet
>interface of your Solaris box on the PM. Under certain conditions on
>multi-homed Sun boxes (which is essentially what you do for your
>virtual WWW domains) outgoing UDP datagrams can get the wrong IP
>address filled in. When the PortMaster sees these packets, it ignores
>them since they came from the wrong source. When you turned down the
>extra interfaces and restarted the RADIUS server, everything got back
>to normal.

No, you're right. Some multihomed hosts get their wires crossed and start
replying on a *different* interface. This is their bug, not ours, and there
is absolutely no work around we could do. It sounds like the host had it's
head on backwards and was using a different IP as it's primary. That IP
didn't have a route to the PM, hence telnet failed, along with everything
else. Even if the PM could get a packet to the host (it did, you could
open an *incoming* telnet) the return packets would have the wrong IP in
the header. And UDP isn't an open connection, it is one way. So I'll bet
the host was sending the packets back on the wrong interface and they never
even found the PM. And if they had, with the wrong IP in the header they'd
be ignored because of security.

-MZ

--
Livingston Enterprises Technical Support
Phone: 800-458-9966      FAX: 510-426-8951
support@livingston.com  <http://www.livingston.com/> 
6920 Koll Center Parkway  #220, Pleasanton, CA 94566