Hi Jake,
I don't think this will work either as even if I try to open
http://192.168.2.1 or https://192.168.2.1 (that's the PF server
registration interface) I get no response.
So as far as I can tell the only traffic this port responds to is DHCP .
On Mon, Mar 19, 2012 at 8:05 PM, Sallee, Stephen (Jake) <
[email protected]> wrote:
> > I tried configuring the external dns manually on the client but I
> don't think this will work as there is no routing between the registration
> vlan and the normal vlan****
>
> ** **
>
> Try editing the host file on your client to contain an entry that should
> direct you to your PF box. IE: <IP of PF Server> google.com****
>
> ** **
>
> ** **
>
> Jake Sallee****
>
> Godfather of Bandwidth****
>
> System Engineer****
>
> University of Mary Hardin-Baylor****
>
> 900 College St.****
>
> Belton TX. 76513****
>
> Fone: 254-295-4658****
>
> Phax: 254-295-4221****
>
> ** **
>
> *From:* Adrian Mulgrew [mailto:[email protected]]
> *Sent:* Monday, March 19, 2012 12:20 PM
>
> *To:* [email protected]
> *Subject:* Re: [Packetfence-users] Unable to access captive portal from
> registration vlan****
>
> ** **
>
> Hi,****
>
> ** **
>
> Wireshark on the client sees the DNS request packets going out but no
> reply. On the PF server I can see the requests coming in but no reply from
> the PF server. In fact pretty much the only traffic coming out of the PF
> server is DHCP and SNMP traffic.****
>
> ** **
>
> I tried configuring the external dns manually on the client but I don't
> think this will work as there is no routing between the registration vlan
> and the normal vlan****
>
> ** **
>
> Nslookup from the packetfence server works fine.****
>
> ** **
>
> Anything else I can check?****
>
> On Mon, Mar 19, 2012 at 4:07 PM, Sallee, Stephen (Jake) <
> [email protected]> wrote:****
>
> What does a wireshark capture on the client show? If you can capture the
> traffic on the server as well, that would help.****
>
> ****
>
> Also, try manually setting your DNS to one of your other DNS servers (NOT
> PF) and while on the registration vlan see if you can go anywhere.****
>
> ****
>
> You can also try doing a DNS lookup on the PF server using either dig or
> nslookup.****
>
> ****
>
> Jake Sallee****
>
> Godfather of Bandwidth****
>
> System Engineer****
>
> University of Mary Hardin-Baylor****
>
> 900 College St.****
>
> Belton TX. 76513****
>
> Fone: 254-295-4658****
>
> Phax: 254-295-4221****
>
> ****
>
> *From:* Adrian Mulgrew [mailto:[email protected]]
> *Sent:* Monday, March 19, 2012 10:58 AM
> *To:* [email protected]
> *Subject:* Re: [Packetfence-users] Unable to access captive portal from
> registration vlan****
>
> ****
>
> Hi Jake,****
>
> ****
>
> The only firewall is iptables but that's configured by PF so would expect
> it to allow DNS traffic?****
>
> ****
>
> I've checked and named is running and configured to run from the webui.***
> *
>
> ****
>
> Below is my iptables.conf if that's any help?****
>
> ****
>
> Thanks****
>
> ****
>
> Adrian****
>
> ****
>
> ****
>
> *filter****
>
> ****
>
> ### INPUT ###****
>
> :INPUT DROP [0:0]****
>
> # accept loopback stuff****
>
> -A INPUT --in-interface lo --jump ACCEPT****
>
> # accept anything related****
>
> -A INPUT --match state --state ESTABLISHED,RELATED --jump ACCEPT****
>
> # Accept Ping (easier troubleshooting)****
>
> -A INPUT --protocol icmp --icmp-type echo-request --jump ACCEPT****
>
> ****
>
> :input-management-if - [0:0]****
>
> # SSH****
>
> -A input-management-if --match state --state NEW --match tcp --protocol
> tcp --dport 22 --jump ACCEPT****
>
> # Web Admin****
>
> -A input-management-if --protocol tcp --match tcp --dport
> %%web_admin_port%% --jump ACCEPT****
>
> # HTTPS for email confirmation on the captive portal****
>
> -A input-management-if --protocol tcp --match tcp --dport 443 --jump ACCEPT
> ****
>
> # RADIUS****
>
> -A input-management-if --protocol tcp --match tcp --dport 1812 --jump
> ACCEPT****
>
> -A input-management-if --protocol udp --match udp --dport 1812 --jump
> ACCEPT****
>
> -A input-management-if --protocol tcp --match tcp --dport 1813 --jump
> ACCEPT****
>
> -A input-management-if --protocol udp --match udp --dport 1813 --jump
> ACCEPT****
>
> # SNMP Traps****
>
> -A input-management-if --protocol udp --match udp --dport 162 --jump
> ACCEPT****
>
> # DHCP (for IP Helpers to mgmt to track users' IP in production VLANs)****
>
> -A input-management-if --protocol udp --match udp --dport 67 --jump ACCEPT
> ****
>
> -A input-management-if --protocol tcp --match tcp --dport 67 --jump ACCEPT
> ****
>
> # OpenVAS Administration Interface****
>
> -A input-management-if --protocol tcp --match tcp --dport 9392 --jump
> ACCEPT****
>
> ****
>
> :input-internal-vlan-if - [0:0]****
>
> # DNS****
>
> -A input-internal-vlan-if --protocol udp --match udp --dport 53 --jump
> ACCEPT****
>
> # DHCP****
>
> -A input-internal-vlan-if --protocol udp --match udp --dport 67 --jump
> ACCEPT****
>
> -A input-internal-vlan-if --protocol tcp --match tcp --dport 67 --jump
> ACCEPT****
>
> # HTTP (captive-portal)****
>
> -A input-internal-vlan-if --protocol tcp --match tcp --dport 80 --jump
> ACCEPT****
>
> -A input-internal-vlan-if --protocol tcp --match tcp --dport 443 --jump
> ACCEPT****
>
> ****
>
> :input-internal-inline-if - [0:0]****
>
> # DHCP****
>
> -A input-internal-inline-if --protocol udp --match udp --dport 67 --jump
> ACCEPT****
>
> -A input-internal-inline-if --protocol tcp --match tcp --dport 67 --jump
> ACCEPT****
>
> # HTTP (captive-portal)****
>
> # prevent registered users from reaching it****
>
> -A input-internal-inline-if --protocol tcp --match tcp --dport 80 --match
> mark --mark 0x1 --jump DROP****
>
> -A input-internal-inline-if --protocol tcp --match tcp --dport 443 --match
> mark --mark 0x1 --jump DROP****
>
> # allow everyone else behind inline interface (not registered, isolated,
> etc.)****
>
> -A input-internal-inline-if --protocol tcp --match tcp --dport 80 --jump
> ACCEPT****
>
> -A input-internal-inline-if --protocol tcp --match tcp --dport 443 --jump
> ACCEPT****
>
> ****
>
> ****
>
> ****
>
> ****
>
> On Mon, Mar 19, 2012 at 1:23 PM, Sallee, Stephen (Jake) <
> [email protected]> wrote:****
>
> Sorry if it sounds silly, but have you made sure that:****
>
> 1) There are no firewalls blocking you and****
>
> 2) Named is running on the PF box****
>
> ****
>
> Also, make sure that the config is set to run DNS, it is in the config tab
> -> services in the webUI.****
>
> ****
>
> Jake Sallee****
>
> Godfather of Bandwidth****
>
> System Engineer****
>
> University of Mary Hardin-Baylor****
>
> 900 College St.****
>
> Belton TX. 76513****
>
> Fone: 254-295-4658****
>
> Phax: 254-295-4221****
>
> ****
>
> *From:* Adrian Mulgrew [mailto:[email protected]]
> *Sent:* Friday, March 16, 2012 11:42 AM
> *To:* [email protected]
> *Subject:* [Packetfence-users] Unable to access captive portal from
> registration vlan****
>
> ****
>
> Hi,****
>
> ****
>
> I am stuck in the registration vlan 2. When my client connects it gets
> moved to registration network and obtains a DHCP IP 192.168.2.10 with DNS
> server 192.168.2.1 (PF Server).****
>
> I then open a Chrome browser and type in www.google.com. As I understand
> it, PF should be running it's own DNS server on this VLAN which will
> intercept the request and redirect to a registration page. But for me, all
> that happens is the page times out saying unable to resolve the URL.****
>
> ****
>
> Does the PF installation automatically setup a DNS server or do I have to
> do this manually? Also what is the URL it should be redirecting clients to
> for the registration page?****
>
> ****
>
> Thanks****
>
> ****
>
> Adrian****
>
> ****
>
>
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> Packetfence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users****
>
> ****
>
>
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> Packetfence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users****
>
> ** **
>
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> Packetfence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
