Ok so still haven't made any progress.
My theory is that something on the PacketFence server is blocking the
traffic from my client or it's configured not to respond. I know this
because if I ping the PF server from my client on the 192.168.2.0 network
the request times out. But if I stop the packetfence service then I
immediately get ping replies from the server.
So I thought the most likely thing to be blocking would be ipables. So I
started packetfence service then did a 'sudo service iptables stop' but I
still don't get any ping responses from the server. So I guess it's
something other than iptables blocking. Anybody have some idea?
Thanks
On Tue, Mar 20, 2012 at 1:10 PM, Adrian Mulgrew <[email protected]>wrote:
> Hi Jake,
>
> I don't think this will work either as even if I try to open
> http://192.168.2.1 or https://192.168.2.1 (that's the PF server
> registration interface) I get no response.
> So as far as I can tell the only traffic this port responds to is DHCP .
>
>
>
> On Mon, Mar 19, 2012 at 8:05 PM, Sallee, Stephen (Jake) <
> [email protected]> wrote:
>
>> > I tried configuring the external dns manually on the client but I
>> don't think this will work as there is no routing between the registration
>> vlan and the normal vlan****
>>
>> ** **
>>
>> Try editing the host file on your client to contain an entry that should
>> direct you to your PF box. IE: <IP of PF Server> google.com****
>>
>> ** **
>>
>> ** **
>>
>> Jake Sallee****
>>
>> Godfather of Bandwidth****
>>
>> System Engineer****
>>
>> University of Mary Hardin-Baylor****
>>
>> 900 College St.****
>>
>> Belton TX. 76513****
>>
>> Fone: 254-295-4658****
>>
>> Phax: 254-295-4221****
>>
>> ** **
>>
>> *From:* Adrian Mulgrew [mailto:[email protected]]
>> *Sent:* Monday, March 19, 2012 12:20 PM
>>
>> *To:* [email protected]
>> *Subject:* Re: [Packetfence-users] Unable to access captive portal from
>> registration vlan****
>>
>> ** **
>>
>> Hi,****
>>
>> ** **
>>
>> Wireshark on the client sees the DNS request packets going out but no
>> reply. On the PF server I can see the requests coming in but no reply from
>> the PF server. In fact pretty much the only traffic coming out of the PF
>> server is DHCP and SNMP traffic.****
>>
>> ** **
>>
>> I tried configuring the external dns manually on the client but I don't
>> think this will work as there is no routing between the registration vlan
>> and the normal vlan****
>>
>> ** **
>>
>> Nslookup from the packetfence server works fine.****
>>
>> ** **
>>
>> Anything else I can check?****
>>
>> On Mon, Mar 19, 2012 at 4:07 PM, Sallee, Stephen (Jake) <
>> [email protected]> wrote:****
>>
>> What does a wireshark capture on the client show? If you can capture the
>> traffic on the server as well, that would help.****
>>
>> ****
>>
>> Also, try manually setting your DNS to one of your other DNS servers (NOT
>> PF) and while on the registration vlan see if you can go anywhere.****
>>
>> ****
>>
>> You can also try doing a DNS lookup on the PF server using either dig or
>> nslookup.****
>>
>> ****
>>
>> Jake Sallee****
>>
>> Godfather of Bandwidth****
>>
>> System Engineer****
>>
>> University of Mary Hardin-Baylor****
>>
>> 900 College St.****
>>
>> Belton TX. 76513****
>>
>> Fone: 254-295-4658****
>>
>> Phax: 254-295-4221****
>>
>> ****
>>
>> *From:* Adrian Mulgrew [mailto:[email protected]]
>> *Sent:* Monday, March 19, 2012 10:58 AM
>> *To:* [email protected]
>> *Subject:* Re: [Packetfence-users] Unable to access captive portal from
>> registration vlan****
>>
>> ****
>>
>> Hi Jake,****
>>
>> ****
>>
>> The only firewall is iptables but that's configured by PF so would expect
>> it to allow DNS traffic?****
>>
>> ****
>>
>> I've checked and named is running and configured to run from the webui.**
>> **
>>
>> ****
>>
>> Below is my iptables.conf if that's any help?****
>>
>> ****
>>
>> Thanks****
>>
>> ****
>>
>> Adrian****
>>
>> ****
>>
>> ****
>>
>> *filter****
>>
>> ****
>>
>> ### INPUT ###****
>>
>> :INPUT DROP [0:0]****
>>
>> # accept loopback stuff****
>>
>> -A INPUT --in-interface lo --jump ACCEPT****
>>
>> # accept anything related****
>>
>> -A INPUT --match state --state ESTABLISHED,RELATED --jump ACCEPT****
>>
>> # Accept Ping (easier troubleshooting)****
>>
>> -A INPUT --protocol icmp --icmp-type echo-request --jump ACCEPT****
>>
>> ****
>>
>> :input-management-if - [0:0]****
>>
>> # SSH****
>>
>> -A input-management-if --match state --state NEW --match tcp --protocol
>> tcp --dport 22 --jump ACCEPT****
>>
>> # Web Admin****
>>
>> -A input-management-if --protocol tcp --match tcp --dport
>> %%web_admin_port%% --jump ACCEPT****
>>
>> # HTTPS for email confirmation on the captive portal****
>>
>> -A input-management-if --protocol tcp --match tcp --dport 443 --jump
>> ACCEPT****
>>
>> # RADIUS****
>>
>> -A input-management-if --protocol tcp --match tcp --dport 1812 --jump
>> ACCEPT****
>>
>> -A input-management-if --protocol udp --match udp --dport 1812 --jump
>> ACCEPT****
>>
>> -A input-management-if --protocol tcp --match tcp --dport 1813 --jump
>> ACCEPT****
>>
>> -A input-management-if --protocol udp --match udp --dport 1813 --jump
>> ACCEPT****
>>
>> # SNMP Traps****
>>
>> -A input-management-if --protocol udp --match udp --dport 162 --jump
>> ACCEPT****
>>
>> # DHCP (for IP Helpers to mgmt to track users' IP in production VLANs)***
>> *
>>
>> -A input-management-if --protocol udp --match udp --dport 67 --jump
>> ACCEPT****
>>
>> -A input-management-if --protocol tcp --match tcp --dport 67 --jump
>> ACCEPT****
>>
>> # OpenVAS Administration Interface****
>>
>> -A input-management-if --protocol tcp --match tcp --dport 9392 --jump
>> ACCEPT****
>>
>> ****
>>
>> :input-internal-vlan-if - [0:0]****
>>
>> # DNS****
>>
>> -A input-internal-vlan-if --protocol udp --match udp --dport 53 --jump
>> ACCEPT****
>>
>> # DHCP****
>>
>> -A input-internal-vlan-if --protocol udp --match udp --dport 67 --jump
>> ACCEPT****
>>
>> -A input-internal-vlan-if --protocol tcp --match tcp --dport 67 --jump
>> ACCEPT****
>>
>> # HTTP (captive-portal)****
>>
>> -A input-internal-vlan-if --protocol tcp --match tcp --dport 80 --jump
>> ACCEPT****
>>
>> -A input-internal-vlan-if --protocol tcp --match tcp --dport 443 --jump
>> ACCEPT****
>>
>> ****
>>
>> :input-internal-inline-if - [0:0]****
>>
>> # DHCP****
>>
>> -A input-internal-inline-if --protocol udp --match udp --dport 67 --jump
>> ACCEPT****
>>
>> -A input-internal-inline-if --protocol tcp --match tcp --dport 67 --jump
>> ACCEPT****
>>
>> # HTTP (captive-portal)****
>>
>> # prevent registered users from reaching it****
>>
>> -A input-internal-inline-if --protocol tcp --match tcp --dport 80
>> --match mark --mark 0x1 --jump DROP****
>>
>> -A input-internal-inline-if --protocol tcp --match tcp --dport 443
>> --match mark --mark 0x1 --jump DROP****
>>
>> # allow everyone else behind inline interface (not registered, isolated,
>> etc.)****
>>
>> -A input-internal-inline-if --protocol tcp --match tcp --dport 80 --jump
>> ACCEPT****
>>
>> -A input-internal-inline-if --protocol tcp --match tcp --dport 443 --jump
>> ACCEPT****
>>
>> ****
>>
>> ****
>>
>> ****
>>
>> ****
>>
>> On Mon, Mar 19, 2012 at 1:23 PM, Sallee, Stephen (Jake) <
>> [email protected]> wrote:****
>>
>> Sorry if it sounds silly, but have you made sure that:****
>>
>> 1) There are no firewalls blocking you and****
>>
>> 2) Named is running on the PF box****
>>
>> ****
>>
>> Also, make sure that the config is set to run DNS, it is in the config
>> tab -> services in the webUI.****
>>
>> ****
>>
>> Jake Sallee****
>>
>> Godfather of Bandwidth****
>>
>> System Engineer****
>>
>> University of Mary Hardin-Baylor****
>>
>> 900 College St.****
>>
>> Belton TX. 76513****
>>
>> Fone: 254-295-4658****
>>
>> Phax: 254-295-4221****
>>
>> ****
>>
>> *From:* Adrian Mulgrew [mailto:[email protected]]
>> *Sent:* Friday, March 16, 2012 11:42 AM
>> *To:* [email protected]
>> *Subject:* [Packetfence-users] Unable to access captive portal from
>> registration vlan****
>>
>> ****
>>
>> Hi,****
>>
>> ****
>>
>> I am stuck in the registration vlan 2. When my client connects it gets
>> moved to registration network and obtains a DHCP IP 192.168.2.10 with DNS
>> server 192.168.2.1 (PF Server).****
>>
>> I then open a Chrome browser and type in www.google.com. As I understand
>> it, PF should be running it's own DNS server on this VLAN which will
>> intercept the request and redirect to a registration page. But for me, all
>> that happens is the page times out saying unable to resolve the URL.****
>>
>> ****
>>
>> Does the PF installation automatically setup a DNS server or do I have to
>> do this manually? Also what is the URL it should be redirecting clients to
>> for the registration page?****
>>
>> ****
>>
>> Thanks****
>>
>> ****
>>
>> Adrian****
>>
>> ****
>>
>>
>>
>> ------------------------------------------------------------------------------
>> This SF email is sponsosred by:
>> Try Windows Azure free for 90 days Click Here
>> http://p.sf.net/sfu/sfd2d-msazure
>> _______________________________________________
>> Packetfence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users****
>>
>> ****
>>
>>
>>
>> ------------------------------------------------------------------------------
>> This SF email is sponsosred by:
>> Try Windows Azure free for 90 days Click Here
>> http://p.sf.net/sfu/sfd2d-msazure
>> _______________________________________________
>> Packetfence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users****
>>
>> ** **
>>
>>
>> ------------------------------------------------------------------------------
>> This SF email is sponsosred by:
>> Try Windows Azure free for 90 days Click Here
>> http://p.sf.net/sfu/sfd2d-msazure
>> _______________________________________________
>> Packetfence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
