Hi Rich,
Thanks for your time. Below is the output from iptables command plus
pf.conf. Can you see anything wrong?
------------------------
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
input-internal-vlan-if all -- 0.0.0.0/0 192.168.2.1
input-internal-vlan-if all -- 0.0.0.0/0 255.255.255.255
input-internal-vlan-if all -- 0.0.0.0/0 192.168.3.1
input-internal-vlan-if all -- 0.0.0.0/0 255.255.255.255
input-internal-inline-if all -- 0.0.0.0/0 192.168.5.1
input-internal-inline-if all -- 0.0.0.0/0 255.255.255.255
input-management-if all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
forward-internal-inline-if all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain forward-internal-inline-if (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 4.2.2.2 udp dpt:53
ACCEPT udp -- 0.0.0.0/0 4.2.2.1 udp dpt:53
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match 0x1
Chain input-highavailability-if (0 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
dpt:22
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5405
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5407
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7788
Chain input-internal-inline-if (2 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
mark match 0x1
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
mark match 0x1
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
Chain input-internal-vlan-if (4 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
Chain input-management-if (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp
dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1812
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1812
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1813
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1813
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:162
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9392
------------------------------------------------------------------------
[alerting]
#
# alerting.emailaddr
#
# Email address to which notifications of rogue DHCP servers, violations
with an action of "email", or any other
# PacketFence-related message goes to.
[email protected]
[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence.
pass=****
[general]
domain=
#Put your External/Infra DNS servers here
dnsservers=4.2.2.2,4.2.2.1
dhcpservers=192.168.2.1,192.168.3.1,192.168.5.1
[trapping]
registration=enabled
detection=enabled
range=192.168.2.0/24,192.168.3.0/24,192.168.5.0/24
redirecturl=http://192.168.2.1/common/network-access-detection.gif
[registration]
auth=ldap
[interface eth0]
mask=255.255.255.0
type=management
gateway=192.168.1.13
ip=192.168.1.10
[interface eth0.2]
mask=255.255.255.0
type=internal
enforcement=vlan
gateway=192.168.2.1
ip=192.168.2.1
[interface eth0.3]
mask=255.255.255.0
type=internal
enforcement=vlan
gateway=192.168.3.1
ip=192.168.3.1
[interface eth0.5]
mask=255.255.255.0
type=internal
gateway=192.168.5.1
ip=192.168.5.1
[interface eth1]
mask=255.255.255.0
type=monitor
gateway=192.168.1.5
ip=192.168.1.1
[captive_portal]
network_detection_ip=192.168.2.1
---------------------------------------------------------------------------------------------
On Mon, Mar 19, 2012 at 5:39 PM, Rich Graves <[email protected]> wrote:
> iptables -nL shows the actual running rules, after expansion of the
> various pf macros. What does that say?
>
> You need an entry in pf.conf that defines the registration-facing
> interface as "internal."
>
> [interface eth1]
> ip=10.10.10.254
> mask=255.255.255.0
> type=internal
> enforcement=vlan
> gateway=10.10.10.254
>
>
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> Packetfence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
