Sorry, can you let me know how to switch logging to debug.
On Wed, Mar 21, 2012 at 1:50 PM, Adrian Mulgrew <[email protected]>wrote:
> Yes I believe all is fine as I can ping from the client (192.168.2.10) to
> the PacketFence server registration interface (192.168.2.1) when the
> packetfence service is *stopped* but as soon as I start the service I can
> no longer ping.
>
>
> On Wed, Mar 21, 2012 at 1:24 PM, Francois Gaudreault <
> [email protected]> wrote:
>
>> Hi Andrew,
>>
>> Are you sure the networking side is fine? VLANs are created on the
>> switch, trunks are OK, etc.
>>
>> On 12-03-21 7:21 AM, Adrian Mulgrew wrote:
>> > Ok so still haven't made any progress.
>> > My theory is that something on the PacketFence server is blocking the
>> > traffic from my client or it's configured not to respond. I know this
>> > because if I ping the PF server from my client on the 192.168.2.0
>> > network the request times out. But if I stop the packetfence service
>> > then I immediately get ping replies from the server.
>> > So I thought the most likely thing to be blocking would be ipables. So I
>> > started packetfence service then did a 'sudo service iptables stop' but
>> > I still don't get any ping responses from the server. So I guess it's
>> > something other than iptables blocking. Anybody have some idea?
>> >
>> > Thanks
>> >
>> >
>> >
>> > On Tue, Mar 20, 2012 at 1:10 PM, Adrian Mulgrew
>> > <[email protected] <mailto:[email protected]>> wrote:
>> >
>> > Hi Jake,
>> >
>> > I don't think this will work either as even if I try to open
>> > http://192.168.2.1 or https://192.168.2.1 (that's the PF server
>> > registration interface) I get no response.
>> > So as far as I can tell the only traffic this port responds to is
>> DHCP .
>> >
>> >
>> >
>> > On Mon, Mar 19, 2012 at 8:05 PM, Sallee, Stephen (Jake)
>> > <[email protected] <mailto:[email protected]>> wrote:
>> >
>> > > I tried configuring the external dns manually on the client
>> > but I don't think this will work as there is no routing between
>> > the registration vlan and the normal vlan____
>> >
>> > __ __
>> >
>> > Try editing the host file on your client to contain an entry
>> > that should direct you to your PF box. IE: <IP of PF Server>
>> > google.com <http://google.com>____
>> >
>> > __ __
>> >
>> > __ __
>> >
>> > Jake Sallee____
>> >
>> > Godfather of Bandwidth____
>> >
>> > System Engineer____
>> >
>> > University of Mary Hardin-Baylor____
>> >
>> > 900 College St.____
>> >
>> > Belton TX. 76513____
>> >
>> > Fone: 254-295-4658 <tel:254-295-4658>____
>> >
>> > Phax: 254-295-4221 <tel:254-295-4221>____
>> >
>> > __ __
>> >
>> > *From:*Adrian Mulgrew [mailto:[email protected]
>> > <mailto:[email protected]>]
>> > *Sent:* Monday, March 19, 2012 12:20 PM
>> >
>> >
>> > *To:* [email protected]
>> > <mailto:[email protected]>
>> > *Subject:* Re: [Packetfence-users] Unable to access captive
>> > portal from registration vlan____
>> >
>> > __ __
>> >
>> > Hi,____
>> >
>> > __ __
>> >
>> > Wireshark on the client sees the DNS request packets going out
>> > but no reply. On the PF server I can see the requests coming in
>> > but no reply from the PF server. In fact pretty much the only
>> > traffic coming out of the PF server is DHCP and SNMP
>> traffic.____
>> >
>> > __ __
>> >
>> > I tried configuring the external dns manually on the client but
>> > I don't think this will work as there is no routing between the
>> > registration vlan and the normal vlan____
>> >
>> > __ __
>> >
>> > Nslookup from the packetfence server works fine.____
>> >
>> > __ __
>> >
>> > Anything else I can check?____
>> >
>> > On Mon, Mar 19, 2012 at 4:07 PM, Sallee, Stephen (Jake)
>> > <[email protected] <mailto:[email protected]>> wrote:____
>> >
>> > What does a wireshark capture on the client show? If you can
>> > capture the traffic on the server as well, that would help.____
>> >
>> > ____
>> >
>> > Also, try manually setting your DNS to one of your other DNS
>> > servers (NOT PF) and while on the registration vlan see if you
>> > can go anywhere.____
>> >
>> > ____
>> >
>> > You can also try doing a DNS lookup on the PF server using
>> > either dig or nslookup.____
>> >
>> > ____
>> >
>> > Jake Sallee____
>> >
>> > Godfather of Bandwidth____
>> >
>> > System Engineer____
>> >
>> > University of Mary Hardin-Baylor____
>> >
>> > 900 College St.____
>> >
>> > Belton TX. 76513____
>> >
>> > Fone: 254-295-4658 <tel:254-295-4658>____
>> >
>> > Phax: 254-295-4221 <tel:254-295-4221>____
>> >
>> > ____
>> >
>> > *From:*Adrian Mulgrew [mailto:[email protected]
>> > <mailto:[email protected]>]
>> > *Sent:* Monday, March 19, 2012 10:58 AM
>> > *To:* [email protected]
>> > <mailto:[email protected]>
>> > *Subject:* Re: [Packetfence-users] Unable to access captive
>> > portal from registration vlan____
>> >
>> > ____
>> >
>> > Hi Jake,____
>> >
>> > ____
>> >
>> > The only firewall is iptables but that's configured by PF so
>> > would expect it to allow DNS traffic?____
>> >
>> > ____
>> >
>> > I've checked and named is running and configured to run from the
>> > webui.____
>> >
>> > ____
>> >
>> > Below is my iptables.conf if that's any help?____
>> >
>> > ____
>> >
>> > Thanks____
>> >
>> > ____
>> >
>> > Adrian____
>> >
>> > ____
>> >
>> > ____
>> >
>> > *filter____
>> >
>> > ____
>> >
>> > ### INPUT ###____
>> >
>> > :INPUT DROP [0:0]____
>> >
>> > # accept loopback stuff____
>> >
>> > -A INPUT --in-interface lo --jump ACCEPT____
>> >
>> > # accept anything related____
>> >
>> > -A INPUT --match state --state ESTABLISHED,RELATED --jump
>> ACCEPT____
>> >
>> > # Accept Ping (easier troubleshooting)____
>> >
>> > -A INPUT --protocol icmp --icmp-type echo-request --jump
>> ACCEPT____
>> >
>> > ____
>> >
>> > :input-management-if - [0:0]____
>> >
>> > # SSH____
>> >
>> > -A input-management-if --match state --state NEW --match tcp
>> > --protocol tcp --dport 22 --jump ACCEPT____
>> >
>> > # Web Admin____
>> >
>> > -A input-management-if --protocol tcp --match tcp --dport
>> > %%web_admin_port%% --jump ACCEPT____
>> >
>> > # HTTPS for email confirmation on the captive portal____
>> >
>> > -A input-management-if --protocol tcp --match tcp --dport 443
>> > --jump ACCEPT____
>> >
>> > # RADIUS____
>> >
>> > -A input-management-if --protocol tcp --match tcp --dport 1812
>> > --jump ACCEPT____
>> >
>> > -A input-management-if --protocol udp --match udp --dport 1812
>> > --jump ACCEPT____
>> >
>> > -A input-management-if --protocol tcp --match tcp --dport 1813
>> > --jump ACCEPT____
>> >
>> > -A input-management-if --protocol udp --match udp --dport 1813
>> > --jump ACCEPT____
>> >
>> > # SNMP Traps____
>> >
>> > -A input-management-if --protocol udp --match udp --dport 162
>> > --jump ACCEPT____
>> >
>> > # DHCP (for IP Helpers to mgmt to track users' IP in production
>> > VLANs)____
>> >
>> > -A input-management-if --protocol udp --match udp --dport 67
>> > --jump ACCEPT____
>> >
>> > -A input-management-if --protocol tcp --match tcp --dport 67
>> > --jump ACCEPT____
>> >
>> > # OpenVAS Administration Interface____
>> >
>> > -A input-management-if --protocol tcp --match tcp --dport 9392
>> > --jump ACCEPT____
>> >
>> > ____
>> >
>> > :input-internal-vlan-if - [0:0]____
>> >
>> > # DNS____
>> >
>> > -A input-internal-vlan-if --protocol udp --match udp --dport 53
>> > --jump ACCEPT____
>> >
>> > # DHCP____
>> >
>> > -A input-internal-vlan-if --protocol udp --match udp --dport 67
>> > --jump ACCEPT____
>> >
>> > -A input-internal-vlan-if --protocol tcp --match tcp --dport 67
>> > --jump ACCEPT____
>> >
>> > # HTTP (captive-portal)____
>> >
>> > -A input-internal-vlan-if --protocol tcp --match tcp --dport 80
>> > --jump ACCEPT____
>> >
>> > -A input-internal-vlan-if --protocol tcp --match tcp --dport 443
>> > --jump ACCEPT____
>> >
>> > ____
>> >
>> > :input-internal-inline-if - [0:0]____
>> >
>> > # DHCP____
>> >
>> > -A input-internal-inline-if --protocol udp --match udp --dport
>> > 67 --jump ACCEPT____
>> >
>> > -A input-internal-inline-if --protocol tcp --match tcp --dport
>> > 67 --jump ACCEPT____
>> >
>> > # HTTP (captive-portal)____
>> >
>> > # prevent registered users from reaching it____
>> >
>> > -A input-internal-inline-if --protocol tcp --match tcp --dport
>> > 80 --match mark --mark 0x1 --jump DROP____
>> >
>> > -A input-internal-inline-if --protocol tcp --match tcp --dport
>> > 443 --match mark --mark 0x1 --jump DROP____
>> >
>> > # allow everyone else behind inline interface (not registered,
>> > isolated, etc.)____
>> >
>> > -A input-internal-inline-if --protocol tcp --match tcp --dport
>> > 80 --jump ACCEPT____
>> >
>> > -A input-internal-inline-if --protocol tcp --match tcp --dport
>> > 443 --jump ACCEPT____
>> >
>> > ____
>> >
>> > ____
>> >
>> > ____
>> >
>> > ____
>> >
>> > On Mon, Mar 19, 2012 at 1:23 PM, Sallee, Stephen (Jake)
>> > <[email protected] <mailto:[email protected]>> wrote:____
>> >
>> > Sorry if it sounds silly, but have you made sure that:____
>> >
>> > 1)There are no firewalls blocking you and____
>> >
>> > 2)Named is running on the PF box____
>> >
>> > ____
>> >
>> > Also, make sure that the config is set to run DNS, it is in the
>> > config tab -> services in the webUI.____
>> >
>> > ____
>> >
>> > Jake Sallee____
>> >
>> > Godfather of Bandwidth____
>> >
>> > System Engineer____
>> >
>> > University of Mary Hardin-Baylor____
>> >
>> > 900 College St.____
>> >
>> > Belton TX. 76513____
>> >
>> > Fone: 254-295-4658 <tel:254-295-4658>____
>> >
>> > Phax: 254-295-4221 <tel:254-295-4221>____
>> >
>> > ____
>> >
>> > *From:*Adrian Mulgrew [mailto:[email protected]
>> > <mailto:[email protected]>]
>> > *Sent:* Friday, March 16, 2012 11:42 AM
>> > *To:* [email protected]
>> > <mailto:[email protected]>
>> > *Subject:* [Packetfence-users] Unable to access captive portal
>> > from registration vlan____
>> >
>> > ____
>> >
>> > Hi,____
>> >
>> > ____
>> >
>> > I am stuck in the registration vlan 2. When my client connects
>> > it gets moved to registration network and obtains a DHCP IP
>> > 192.168.2.10 with DNS server 192.168.2.1 (PF Server).____
>> >
>> > I then open a Chrome browser and type in www.google.com
>> > <http://www.google.com>. As I understand it, PF should be
>> > running it's own DNS server on this VLAN which will intercept
>> > the request and redirect to a registration page. But for me, all
>> > that happens is the page times out saying unable to resolve the
>> > URL.____
>> >
>> > ____
>> >
>> > Does the PF installation automatically setup a DNS server or do
>> > I have to do this manually? Also what is the URL it should be
>> > redirecting clients to for the registration page?____
>> >
>> > ____
>> >
>> > Thanks____
>> >
>> > ____
>> >
>> > Adrian____
>> >
>> > ____
>> >
>> >
>> >
>> ------------------------------------------------------------------------------
>> > This SF email is sponsosred by:
>> > Try Windows Azure free for 90 days Click Here
>> > http://p.sf.net/sfu/sfd2d-msazure
>> > _______________________________________________
>> > Packetfence-users mailing list
>> > [email protected]
>> > <mailto:[email protected]>
>> >
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users____
>> >
>> > ____
>> >
>> >
>> >
>> ------------------------------------------------------------------------------
>> > This SF email is sponsosred by:
>> > Try Windows Azure free for 90 days Click Here
>> > http://p.sf.net/sfu/sfd2d-msazure
>> > _______________________________________________
>> > Packetfence-users mailing list
>> > [email protected]
>> > <mailto:[email protected]>
>> >
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users____
>> >
>> > __ __
>> >
>> >
>> >
>> ------------------------------------------------------------------------------
>> > This SF email is sponsosred by:
>> > Try Windows Azure free for 90 days Click Here
>> > http://p.sf.net/sfu/sfd2d-msazure
>> > _______________________________________________
>> > Packetfence-users mailing list
>> > [email protected]
>> > <mailto:[email protected]>
>> > https://lists.sourceforge.net/lists/listinfo/packetfence-users
>> >
>> >
>> >
>> >
>> >
>> >
>> ------------------------------------------------------------------------------
>> > This SF email is sponsosred by:
>> > Try Windows Azure free for 90 days Click Here
>> > http://p.sf.net/sfu/sfd2d-msazure
>> >
>> >
>> >
>> > _______________________________________________
>> > Packetfence-users mailing list
>> > [email protected]
>> > https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>> --
>> Francois Gaudreault, ing. jr
>> [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
>> (www.packetfence.org)
>>
>>
>> ------------------------------------------------------------------------------
>> This SF email is sponsosred by:
>> Try Windows Azure free for 90 days Click Here
>> http://p.sf.net/sfu/sfd2d-msazure
>> _______________________________________________
>> Packetfence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>
>
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
