RADIUS ports 1812 and 1813 proxing issue

dg1 · December 13, 2020, 11:17am

Hi all!
Can you please gave some tips to configure proxy access to my site on 1812 and 1813 RADIUS ports. Our project need client get us on this ports.
Use Pro plan on CloudFlare.
Thank you in advance.
Dmitry.

sandro · December 13, 2020, 11:19am

You’d need an Enterprise plan and Spectrum to proxy that, otherwise that won’t work and your records need to be unproxied.

dg1 · December 13, 2020, 11:45am

Thanks for quick reply!
Is there any way of workflow so that the web ports are proxied, but the RADIUS ports are not? Now our clients get access to the server’s web pages, but all requests for ports 1812 and 1813 are deleted. Is it possible to bypass them somehow? Processing them (1812 and 1813) by Cloudflare systems is not required.

sandro · December 13, 2020, 11:47am

You can have different hostnames. One for everything HTTP based, another one for these ports.

dg1 · December 13, 2020, 12:10pm

This is an interesting solution. The domain names of the RADIUS server and the webserver are currently registered on the clients’ equipment and they match. We can change the address of the RADIUS server, though we have to do a lot of manual work on a LOT of equipment. But in the end, if the bad guys do not recognize our RADIUS server hostname, then they will not be able to send spam and carry out DDoS attacks. Cloudflare perfectly protects against this in terms of server addresses, but will bad guys be able to get the real address of our RADIUS server in any way. What do you think?

sandro · December 13, 2020, 12:16pm

Well, considering that these hostnames will be unproxied, a simple DNS resolution will certainly show the origin addresses. Of course you can choose names which are not that easily guessable, but that would be still a bit security-through-obscurity.

Do you actually need these servers on DNS? Otherwise you could leave them out altogether and only use them via their IP addresses.

dg1 · December 13, 2020, 12:26pm

Moving away from domain names and leaving only IP addresses is a great idea. True, it may not be as flexible as a solution with a domain name, but from an “unofficial” domain. If there is a need to reconfigure server addresses, this domain name can help. Thus, if we exclude the possibility of data sniffing in subnets with our equipment, then it will be unrealistic for them to find out the address of the RADIUS server.
Thanks a lot for the tip! You helped a lot.
Best wishes!

system · December 18, 2020, 12:26pm

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
CloudFlare 80/443 Proxying - Not Other Ports DNS & Network	4	4680	December 20, 2021
DNS api.urlname.com ---> xxx.xxx.xxx.xxx:port Registrar	4	3895	June 18, 2021
Is my site protected by cloudflare rn? DNS & Network	22	2692	January 15, 2021
How do I set up a domain to point to a specific IP address plus port without exposing the IP? Security	2	3519	June 18, 2019
Getting subdomains to go to certain ports on 1 IP DNS & Network	3	1001	February 7, 2023

RADIUS ports 1812 and 1813 proxing issue

Related topics