Hi All; I have set up a 3 leg environment for PF, with one management nic, one inline nic, and one nic directly into the firewall. The desired setup is that inline-client traffic would traverse PF, exit via the firewall nic, thus being forced to traverse the firewall before going anywhere else. Client traffic going via the management vlan is undesireable in our case, as we wish to apply firewall acls to inline client traffic in the future.
In this setup, the passive mode vlan configuration functions happily. Clients in the 'normalVLAN' get to the right place, recieve DHCP ok, and route as expected. However, it appears inline-clients only recieve return traffic when the return route on the firewall is set to return via the management nic. This is incorrect as the routes are divergent, but the PF default route (and my firewall traffic counters being lopsided) tells me that the traffic did leave via the pf-to-firewall nic. This says to me that iptables might need an extra instruction to allow return traffic on the 'firewall-vlan' nic. Is this possible, or have I done something else wrong? Any help (including iptables syntaxes!) would be really appreciated!! Best regards! Ian Manson ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
