I added this line and restarted the packetfence services. But with no luck.
Yes my management port is on eth0.
I did a service iptables stop and tested and the request still didn't come
through on eth0. Must be something else. Also I edited the iptables.conf in
the /usr/local/pf/conf/iptables.conf file. Is that the file that is being used
now. Do I need to do a iptables-save or anything for that to take affect?
--------------
By default we do not allow DHCP on the management interface. You will saw it in
tcpdump, but it won't reach the listener. I believe eth0 is your management
interface?
Chain input-management-if (1 references)
pkts bytes target prot opt in out source destination 3 192 ACCEPT tcp -- * *
0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 35 2240 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1443 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0
0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1812 0 0 ACCEPT udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:1812 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp
dpt:1813 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1813 3 534 ACCEPT
udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:162 0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
What you need to do is, in iptables.conf, add the following line at the end of
the managemetn chain:
-A input-management-if --protocol udp --match udp --dport 67 --jump ACCEPT
Restart httpd after (bin/pfcmd service httpd restart) to reload iptables.
Thanks
Dan Nelson
Nutraceutical Corporation
Network Administrator
801-334-3702
------------------------------------------------------------------------------
RSA® Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
