Hello, I'm new to PacketFence and am trying it out in a tiny sandbox
environment. Right now I have a proxy (gateway) server, my PF/DHCP server, and
then a laptop connected to a little 8-port ethernet switch. Right now, both
servers have two NICs each (one of which is connected to the sandbox
environment, the other connected to a router which gives each Internet access).
The goal is to get it so that when the laptop tries to get an IP Address, it
has to be registered, and then allowed access to the Internet.
The problem I'm having is that if I try to setup a Monitor, Registration, and
Isolation network on my PF server, DHCP won't start complaining that "Interface
eth0 matches multiple shared networks". I tried combining them into just eth0,
but then the laptop either has Internet access with or without being registered
or it never gets Internet access.
Yes, I did run the configurator.pl, but that left me with the DHCP error.
Since, I've been reading forums, etc, and editing the various files manually to
no avail. Unfortuantely, I've tried enough things that there might be some
"glaring" problems right now, but any help would be immensely appreciated.
I'm running CentOS 5.7 (I initially install CentOS 5.3, but apparently amidst
all the updates it went to 5.7... at least /etc/redhat-release says I'm on 5.7
now).
Below are my various conf files, but first here's what I get when trying to
start PF (note, Snort always fails to start and take pfdetect down with it...
but I can then start pfdetect again and it will stay up as long as I leave
snort down. Not sure how much of my problem is related to that.
Starting PacketFence...Checking configuration sanity...
service|command
config files|start
iptables|start
named|start
Internet Systems Consortium DHCP Server V3.0.5-RedHat
Copyright 2004-2006 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/
Wrote 0 leases to leases file.
Interface eth0 matches multiple shared networks
If you did not get this software from ftp.isc.org, please
get the latest from ftp.isc.org and install that before
requesting help.
If you did get this software from ftp.isc.org and have not
yet read the README, please read it before requesting help.
If you intend to request help from the [email protected]
mailing list, please read the section on the README about
submitting bug reports and requests for help.
Please do not under any circumstances send requests for
help directly to the authors of this software - please
send them to the appropriate mailing list as described in
the README file.
exiting.
dhcpd|start
radiusd|start
httpd|start
snmptrapd|start
pfdetect|start
pfsetvlan|start
pfdhcplistener|start
pfmon|start
snort|start
Here are my conf files...
/usr/local/pf/conf/pf.conf:
[general]
domain=bfa
hostname=alexander
dnsservers=194.25.0.60
[trapping]
range=172.25.0.0/16,172.25.20.0/16
detection=enabled
registration=enabled
[alerting]
emailaddr=[my email address]
[scan]
pass=[valid password]
registration=enabled
[database]
pass=packetfence
db=pf
user=pf
port=3306
host=localhost
[interface eth0]
type=monitor
[interface eth0:1]
ip=172.25.10.1
mask=255.255.255.0
gateway=172.25.10.1
type=internal
enforcement=vlan
[interface eth0:2]
ip=172.25.20.1
mask=255.255.255.0
gateway=172.25.20.1
type=internal
enforcement=vlan
[interface eth1]
ip=10.0.220.42
mask=255.0.0.0
gateway=10.0.220.3
type=management
/usr/local/pf/conf/networks.conf:
[172.25.10.0]
type=vlan-registration
netmask=255.255.255.0
gateway=172.25.0.1
named=enabled
dns=172.25.10.1
domain-name=registration.bfa
dhcpd=enabled
dhcp_start=172.25.10.10
dhcp_end=172.25.10.250
dhcp_default_lease_time=300
dhcp_max_lease_time=300
[172.25.20.0]
type=vlan-isolation
netmask=255.255.255.0
gateway=172.25.0.1
named=enabled
dns=172.25.20.1
domain-name=isolation.bfa
dhcpd=enabled
dhcp_start=172.25.20.10
dhcp_end=172.25.20.250
dhcp_default_lease_time=300
dhcp_max_lease_time=300
And here are my ifcfg files for the NIC (for whatever reason, mine had colons
instead of dots in the script name)...
/etc/sysconfig/ifcfg-eth0:
DEVICE=eth0
BOOTPROTO=none
BROADCAST=172.25.255.255
HWADDR=00:1B:21:6E:A3:21
IPADDR=172.25.0.2
IPV6INIT=no
IPV6_AUTOCONF=yes
NETMASK=255.255.0.0
NETWORK=172.25.0.0
ONBOOT=yes
TYPE=Ethernet
PEERDNS=yes
USERCTL=no
/etc/sysconfig/ifcfg-eth0:1
GATEWAY=172.25.0.1
TYPE=Ethernet
DEVICE=eth0:1
BOOTPROTO=static
NETMASK=255.255.255.0
IPADDR=172.25.10.1
USERCTL=no
IPV6INIT=no
ONPARENT=yes
PEERDNS=yes
ONBOOT=yes
VLAN=yes
/etc/sysconfig/ifcfg-eth0:2
GATEWAY=172.25.0.1
TYPE=Ethernet
DEVICE=eth0:2
BOOTPROTO=static
NETMASK=255.255.255.0
IPADDR=172.25.20.1
USERCTL=no
IPV6INIT=no
ONPARENT=yes
PEERDNS=yes
ONBOOT=yes
VLAN=yes
Thanks!!!
Josh
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
