Thanks for your response. I am not looking for an architect to my particular issue just perhaps a pointer or two. I have moved on to a different solution that I am not completely happy with and would still be interested if someone could point me in the direction of controlling iptables via packetfence for an inline configuration. I thought I had read that this was possible before I started to test it.
On Tue, Dec 20, 2011 at 10:02, Sallee, Stephen (Jake) <[email protected]> wrote: >> I have tried to research this a bit myself and seem to have come to > the conclusion that packet fence is best suited for a hotel wifi > system and that there is really no control over iptables. > > Sir/ma`am, if this were true then universities such as ours would not be > using it. > > >From reading your first email I see that you are trying to set up access to > >your internal network from your wireless network. There are HUNDREDS of ways > >you can do this, many COULD involve PF (or any other NAC) and many do not. > >The people on this list can speak for themselves but I do not have time to > >architect a entire solution for your situation. Please ask specific > >questions, if you are having a problem post it here and we will attempt to > >help, IF we have time. If you want support at your finger tips you will need > >to pay for it, I highly suggest employing the skills of the technicians at > >Inverse. They can and will happily architect a solution that fits your needs. > > PF is working perfectly well in our collegiate environment using VLan > enforcement with almost 10k devices. > > ***Please forgive the curt nature of the language in this email, I could not > find any other way to adequately express my point. No offense is meant*** > > > Jake Sallee > Godfather of Bandwidth > Network Engineer > University of Mary Hardin-Baylor > > 900 College St. > Belton, Texas > 76513 > > Fone: 254-295-4658 > Phax: 254-295-4221 > > ________________________________________ > From: exim [[email protected]] > Sent: Monday, December 19, 2011 2:38 PM > To: [email protected] > Subject: Re: [Packetfence-users] inline enforcement > > I have tried to research this a bit myself and seem to have come to > the conclusion that packet fence is best suited for a hotel wifi > system and that there is really no control over iptables. I was hoping > for a solution that incorporated a bit of internal access control, > host and user inventory. > > On Thu, Dec 15, 2011 at 11:15, exim <[email protected]> wrote: >> I am a very new user and tying to get inline enforcement working on a >> test network. The only feature I need is to be able to control >> traffic from my internal wireless network (10.1.11.0) to my internal >> production network (10.1.10.0). Basically I need to have any user >> able to connect to the wireless and surf the web but I need to control >> who has access to the 10.1.10.0 network. Is packet fence able to >> handle this? Am I missing something simple? >> >> [interface eth0] >> ip=10.1.11.172 >> mask=255.255.255.0 >> gateway=10.1.11.1 >> type=internal >> enforcement=inline >> >> >> [interface eth1] >> ip=10.1.11.173 >> mask=255.255.255.0 >> gateway=10.1.11.1 >> type=management >> enforcement=inline >> >> At present I have the packet fence server acting as a gateway but I >> cannot find a way to re > > ------------------------------------------------------------------------------ > Learn Windows Azure Live! Tuesday, Dec 13, 2011 > Microsoft is holding a special Learn Windows Azure training event for > developers. It will provide a great way to learn Windows Azure and what it > provides. You can attend the event by watching it streamed LIVE online. > Learn more at http://p.sf.net/sfu/ms-windowsazure > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ > Write once. Port to many. > Get the SDK and tools to simplify cross-platform app development. Create > new or port existing apps to sell to consumers worldwide. Explore the > Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join > http://p.sf.net/sfu/intel-appdev > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
