I removed the [38.xx.xxx.152] stanzas from both the networks.conf and the pf.conf
I fixed my default route to use the 38.xxx.xxx.152 network. My device can connect to the 10.0.0.0 network but when it attempts to browse the web it fails to load a page. I'm expecting it to load the captive portal. I'm expecting to see a masquerade statement someone in iptables to enable the natting, but I don't see it when I do an iptables -L. I've included some information below =====routes======= Destination Gateway Genmask Flags Metric Ref Use Iface 38.x.x.152 * 255.255.255.254 U 0 0 0 eth2 128.x.x.0 * 255.255.254.0 U 0 0 0 eth0 128.x.0.0 128.x.x.254 255.255.0.0 UG 0 0 0 eth0 10.0.0.0 * 255.255.0.0 U 0 0 0 eth1 default 38.x.x.152 0.0.0.0 UG 0 0 0 eth2 ========packetfence.log ======== ========starting and connecting one host======== Feb 28 10:49:44 pfcmd.pl(3178) INFO: Executing pfcmd service pf start (main::service) Feb 28 10:49:46 pfcmd.pl(3178) INFO: /usr/sbin/named status (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: pidof -x named returned 0 (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: /usr/sbin/dhcpd status (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: pidof -x dhcpd returned 0 (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: /usr/sbin/snort status (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: pidof -x snort returned 0 (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: /usr/bin/suricata status (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: pidof -x suricata returned 0 (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: /usr/sbin/freeradius status (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: pidof -x freeradius returned 0 (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: /usr/sbin/apache2 status (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: pidof -x apache2 returned 0 (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: /usr/sbin/snmptrapd status (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: pidof -x snmptrapd returned 0 (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: /usr/local/pf/sbin/pfdetect status (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: pidof -x pfdetect returned 0 (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: /usr/local/pf/sbin/pfredirect status (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: pidof -x pfredirect returned 0 (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: /usr/local/pf/sbin/pfsetvlan status (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: pidof -x pfsetvlan returned 0 (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: pfdhcplistener pids eth1 => , eth0 => (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: /usr/local/pf/sbin/pfmon status (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: pidof -x pfmon returned 0 (pf::services::service_ctl) Feb 28 10:49:46 pfcmd.pl(3178) INFO: saving current iptables to var/iptables.bak (main::service) Feb 28 10:49:46 pfcmd.pl(3178) INFO: Instantiate a new iptables modification method. pf::ipset (pf::inline::get_technique) Feb 28 10:49:46 pfcmd.pl(3178) INFO: saving existing iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save) Feb 28 10:49:52 pfcmd.pl(3178) INFO: Instantiate a new iptables modification method. pf::ipset (pf::inline::get_technique) Feb 28 10:49:52 pfcmd.pl(3178) WARN: We are using IPSET (pf::ipset::iptables_generate) Feb 28 10:49:52 pfcmd.pl(3178) INFO: flushing iptables (pf::ipset::iptables_flush_mangle) Feb 28 10:49:52 pfcmd.pl(3178) INFO: Adding DNS DNAT rules for unregistered and isolated inline clients. (pf::iptables::generate_inline_rules) Feb 28 10:49:52 pfcmd.pl(3178) INFO: Adding NAT Masquarade statement (PAT) (pf::iptables::generate_inline_rules) Feb 28 10:49:52 pfcmd.pl(3178) INFO: Addind ROUTED statement (pf::iptables::generate_inline_rules) Feb 28 10:49:52 pfcmd.pl(3178) INFO: building firewall to accept registered users through inline interface (pf::iptables::generate_inline_rules) Feb 28 10:49:52 pfcmd.pl(3178) INFO: restoring iptables from /usr/local/pf/var/conf/iptables.conf (pf::iptables::iptables_restore) Feb 28 10:49:52 pfcmd.pl(3178) INFO: /usr/sbin/named start (pf::services::service_ctl) Feb 28 10:49:52 pfcmd.pl(3178) INFO: Generating configuration file for named (generate_named_conf) (pf::services::service_ctl) Feb 28 10:49:52 pfcmd.pl(3178) INFO: Starting named with '/usr/sbin/named -u pf -c /usr/local/pf/var/conf/named.conf' (pf::services::service_ctl) Feb 28 10:49:53 pfcmd.pl(3178) INFO: Daemon named took 0.056 seconds to start. (pf::services::service_ctl) Feb 28 10:49:53 pfcmd.pl(3178) INFO: /usr/sbin/dhcpd start (pf::services::service_ctl) Feb 28 10:49:53 pfcmd.pl(3178) INFO: Generating configuration file for dhcpd (generate_dhcpd_conf) (pf::services::service_ctl) Feb 28 10:49:53 pfcmd.pl(3178) INFO: Starting dhcpd with '/usr/sbin/dhcpd -lf /usr/local/pf/var/dhcpd/dhcpd.leases -cf /usr/local/pf/var/conf/dhcpd.conf eth1' (pf::services::service_ctl) Feb 28 10:49:53 pfcmd.pl(3178) INFO: Daemon dhcpd took 0.127 seconds to start. (pf::services::service_ctl) Feb 28 10:49:53 pfcmd.pl(3178) INFO: /usr/sbin/freeradius start (pf::services::service_ctl) Feb 28 10:49:53 pfcmd.pl(3178) INFO: Generating configuration file for freeradius (generate_radiusd_conf) (pf::services::service_ctl) Feb 28 10:49:53 pfcmd.pl(3178) INFO: Starting radiusd with 'LD_PRELOAD=/usr/lib/libperl.so.5.10 /usr/sbin/freeradius -d /usr/local/pf/raddb/' (pf::services::service_ctl) Feb 28 10:49:53 pfcmd.pl(3178) INFO: Daemon radiusd took 0.615 seconds to start. (pf::services::service_ctl) Feb 28 10:49:53 pfcmd.pl(3178) INFO: /usr/sbin/apache2 start (pf::services::service_ctl) Feb 28 10:49:53 pfcmd.pl(3178) INFO: Generating configuration file for apache2 (generate_httpd_conf) (pf::services::service_ctl) Feb 28 10:49:53 pfcmd.pl(3178) INFO: generating /usr/local/pf/var/conf/httpd.conf (pf::services::apache::generate_httpd_conf) Feb 28 10:49:53 pfcmd.pl(3178) INFO: generating /usr/local/pf/var/conf/ssl-certificates.conf (pf::services::apache::generate_httpd_conf) Feb 28 10:49:53 pfcmd.pl(3178) INFO: generating /usr/local/pf/var/conf/block-unwanted.conf (pf::services::apache::generate_httpd_conf) Feb 28 10:49:53 pfcmd.pl(3178) INFO: generating /usr/local/pf/var/conf/captive-portal-common.conf (pf::services::apache::generate_httpd_conf) Feb 28 10:49:53 pfcmd.pl(3178) INFO: generating /usr/local/pf/var/conf/captive-portal-cleanurls.conf (pf::services::apache::generate_httpd_conf) Feb 28 10:49:53 pfcmd.pl(3178) INFO: generating /usr/local/pf/var/conf/ocsp-crl.conf (pf::services::apache::generate_httpd_conf) Feb 28 10:49:53 pfcmd.pl(3178) INFO: Starting httpd with '/usr/sbin/apache2 -f /usr/local/pf/var/conf/httpd.conf' (pf::services::service_ctl) Feb 28 10:49:55 pfcmd.pl(3178) INFO: Daemon httpd took 1.421 seconds to start. (pf::services::service_ctl) Feb 28 10:49:55 pfcmd.pl(3178) INFO: /usr/sbin/snmptrapd start (pf::services::service_ctl) Feb 28 10:49:55 pfcmd.pl(3178) INFO: Generating configuration file for snmptrapd (generate_snmptrapd_conf) (pf::services::service_ctl) Feb 28 10:49:55 pfcmd.pl(3178) INFO: generating /usr/local/pf/var/conf/snmptrapd.conf (pf::services::snmptrapd::generate_snmptrapd_conf) Feb 28 10:49:55 pfcmd.pl(3178) INFO: Starting snmptrapd with '/usr/sbin/snmptrapd -n -c /usr/local/pf/var/conf/snmptrapd.conf -C -A -Lf /usr/local/pf/logs/snmptrapd.log -p /usr/local/pf/var/run/snmptrapd.pid -On' (pf::services::service_ctl) Feb 28 10:49:55 pfcmd.pl(3178) INFO: Daemon snmptrapd took 0.024 seconds to start. (pf::services::service_ctl) Feb 28 10:49:55 pfcmd.pl(3178) INFO: /usr/local/pf/sbin/pfsetvlan start (pf::services::service_ctl) Feb 28 10:49:55 pfcmd.pl(3178) INFO: Starting pfsetvlan with '/usr/local/pf/sbin/pfsetvlan -d &' (pf::services::service_ctl) Feb 28 10:49:55 pfcmd.pl(3178) INFO: Daemon pfsetvlan took 0.006 seconds to start. (pf::services::service_ctl) Feb 28 10:49:55 pfcmd.pl(3178) INFO: /usr/local/pf/sbin/pfdhcplistener start (pf::services::service_ctl) Feb 28 10:49:55 pfcmd.pl(3178) INFO: Starting pfdhcplistener with '/usr/local/pf/sbin/pfdhcplistener -i eth1 -d &' (pf::services::service_ctl) Feb 28 10:49:55 pfcmd.pl(3178) INFO: Daemon pfdhcplistener took 0.006 seconds to start. (pf::services::service_ctl) Feb 28 10:49:55 pfcmd.pl(3178) INFO: Starting pfdhcplistener with '/usr/local/pf/sbin/pfdhcplistener -i eth0 -d &' (pf::services::service_ctl) Feb 28 10:49:55 pfcmd.pl(3178) INFO: Daemon pfdhcplistener took 0.008 seconds to start. (pf::services::service_ctl) Feb 28 10:49:55 pfcmd.pl(3178) INFO: /usr/local/pf/sbin/pfmon start (pf::services::service_ctl) Feb 28 10:49:55 pfcmd.pl(3178) INFO: Starting pfmon with '/usr/local/pf/sbin/pfmon -d &' (pf::services::service_ctl) Feb 28 10:49:55 pfcmd.pl(3178) INFO: Daemon pfmon took 0.020 seconds to start. (pf::services::service_ctl) Feb 28 10:49:56 pfdhcplistener(3254) INFO: pfdhcplistener_eth1 starting and writing 3270 to /usr/local/pf/var/run/pfdhcplistener_eth1.pid (pf::util::createpid) Feb 28 10:49:56 pfdhcplistener(3270) INFO: Instantiate a new iptables modification method. pf::ipset (pf::inline::get_technique) Feb 28 10:49:56 pfdhcplistener(3270) WARN: Unable to open VLAN proc description for eth1: No such file or directory (pf::util::get_vlan_from_int) Feb 28 10:49:56 pfdhcplistener(3270) INFO: DHCP detector on eth1 enabled (main::) Feb 28 10:49:56 pfdhcplistener(3256) INFO: pfdhcplistener_eth0 starting and writing 3271 to /usr/local/pf/var/run/pfdhcplistener_eth0.pid (pf::util::createpid) Feb 28 10:49:56 pfdhcplistener(3271) WARN: Unable to open VLAN proc description for eth0: No such file or directory (pf::util::get_vlan_from_int) Feb 28 10:49:56 pfdhcplistener(3271) INFO: DHCP detector on eth0 enabled (main::) Feb 28 10:49:57 pfmon(0) INFO: pfmon starting and writing 3272 to /usr/local/pf/var/run/pfmon.pid (pf::util::createpid) Feb 28 10:49:57 pfsetvlan(0) INFO: pfsetvlan starting and writing 3273 to /usr/local/pf/var/run/pfsetvlan.pid (pf::util::createpid) Feb 28 10:49:57 pfsetvlan(0) INFO: Process started (main::) Feb 28 10:49:57 pfmon(1) INFO: Starting cleanup thread (main::cleanup) Feb 28 10:50:21 pfdhcplistener(3270) INFO: DHCPREQUEST from 60:c5:47:53:40:96 (10.0.128.106) with lease of 7776000 seconds (main::parse_dhcp_request) Feb 28 10:50:21 pfdhcplistener(3270) INFO: 60:c5:47:53:40:96 requested an IP. DHCP Fingerprint: OS::1102 (Apple iPod, iPhone or iPad). Modified node with last_dhcp = 2013-02-28 10:50:21,computername = broccoli,dhcp_fingerprint = 1,3,6,15,119,252 (main::listen_dhcp) Feb 28 10:50:21 pfdhcplistener(3270) INFO: DHCPACK from 10.0.0.1 (00:14:5e:30:58:45) to host 60:c5:47:53:40:96 (10.0.128.106) for 86400 seconds (main::parse_dhcp_ack) On 02/27/2013 05:53 PM, Fabrice DURAND wrote: > Hi , > what is ? > > [38.xxx.xxx.152] > dns=128.xxx.xxx.9 > gateway=38.1xxx.xxx.153 > named=enabled > dhcp_max_lease_time=86400 > dhcpd=disabled > type=inline > netmask=255.255.255.254 > dhcp_default_lease_time=86400 > domain-name=inline.cc.lan > > remove: > > > [interface eth2] > enforcement=inline > ip=38.xxx.xxx.153 > type=internal > mask=255.255.255.254 > > and check your default route. > > Regards > Fabrice > > Le 2013-02-27 09:56, Munroe Sollog a écrit : >> Packet fence starts without errors, and a wireless device gets an IP >> from the 10. range, but it can't load any page. >> >> On 02/27/2013 09:47 AM, Derek Wuelfrath wrote: >>> Awesome. Thanks for sharing. >>> >>> But is there any question related to this stuff ? ;) >>> Without a question, we can't help you... >>> >>> Derek >>> >>> On 2013-02-26 1:34 PM, Munroe Sollog wrote: >>>> I'm working on getting an inline captive portal configured. This is how >>>> I'd like it to work: >>>> >>>> >>>> 10.0.0.0/16--------nat---------38.xxx.xxx.153-------internet >>>> >>>> 128.xxx.xxx.146 - management interface >>>> >>>> =====conf files below====== >>>> >>>> ==networks.conf== >>>> [10.0.0.0] >>>> dns=128.xxx.xxx.9 >>>> dhcp_start=10.0.0.10 >>>> gateway=10.0.0.1 >>>> named=enabled >>>> dhcp_max_lease_time=86400 >>>> dhcpd=enabled >>>> type=inline >>>> netmask=255.255.0.0 >>>> dhcp_end=10.0.254.246 >>>> dhcp_default_lease_time=86400 >>>> domain-name=inline.cc.lan >>>> >>>> [38.xxx.xxx.152] >>>> dns=128.xxx.xxx.9 >>>> gateway=38.1xxx.xxx.153 >>>> named=enabled >>>> dhcp_max_lease_time=86400 >>>> dhcpd=disabled >>>> type=inline >>>> netmask=255.255.255.254 >>>> dhcp_default_lease_time=86400 >>>> domain-name=inline.cc.lan >>>> >>>> ==pf.conf== >>>> [interface eth2] >>>> enforcement=inline >>>> ip=38.xxx.xxx.153 >>>> type=internal >>>> mask=255.255.255.254 >>>> >>>> [interface eth1] >>>> enforcement=inline >>>> ip=10.0.0.1 >>>> type=internal >>>> mask=255.255.0.0 >>>> >>>> [interface eth0] >>>> ip=128.xxx.xxx.146 >>>> type=management >>>> mask=255.255.254.0 >>>> >>>> [database] >>>> pass=************** >>>> >>>> [general] >>>> domain=guest.cc.lan >>>> hostname=pf >>>> >>>> [alerting] >>>> >>>> [inline] >>>> interfaceSNAT= eth2 >>>> >>>> ------------------------------------------------------------------------------ >>>> Everyone hates slow websites. So do we. >>>> Make your web apps faster with AppDynamics >>>> Download AppDynamics Lite for free today: >>>> http://p.sf.net/sfu/appdyn_d2d_feb >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> ------------------------------------------------------------------------------ >> Everyone hates slow websites. So do we. >> Make your web apps faster with AppDynamics >> Download AppDynamics Lite for free today: >> http://p.sf.net/sfu/appdyn_d2d_feb >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- Munroe Sollog LTS - Network Analyst x85002 ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
