Hello, Sorry in advance about my english level :)
I'm actually testing packetfence 3.5 in inline mode with captive portal. I've a specific problem during the registration process. I will try to explain all the process. - 1 - I start a new guest machine on the Inline network. I see the machine retrieving an IP address by DHCP : *********************************************************************************************************************** Aug 21 12:42:34 pfdhcplistener(4895) INFO: Unseen before node added: 00:0c:29:62:3c:38 (main::listen_dhcp) Aug 21 12:42:34 pfdhcplistener(4895) INFO: DHCPREQUEST from 00:0c:29:62:3c:38 (192.168.249.80) (main::parse_dhcp_request) Aug 21 12:42:34 pfdhcplistener(4895) WARN: unable to resolve 00:0c:29:62:3c:38 to ip (pf::iplog::mac2ip) Aug 21 12:42:35 pfdhcplistener(4895) INFO: 00:0c:29:62:3c:38 requested an IP. DHCP Fingerprint: OS::100 (Microsoft Windows XP). Modified node with last_dhcp = 2012-08-21 12:42:35,computername = test-bck-w2k3,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,249,43 (main::listen_dhcp) Aug 21 12:42:36 pfdhcplistener(4895) INFO: DHCPOFFER from 192.168.249.1 (00:0c:29:30:4c:fb) to host 00:0c:29:62:3c:38 (192.168.249.81) (main::parse_dhcp_offer) Aug 21 12:42:36 pfdhcplistener(4895) INFO: DHCPREQUEST from 00:0c:29:62:3c:38 (192.168.249.81) (main::parse_dhcp_request) Aug 21 12:42:36 pfdhcplistener(4895) INFO: could not resolve 192.168.249.81 to mac in ARP table (pf::iplog::ip2macinarp) Aug 21 12:42:36 pfdhcplistener(4895) INFO: resolved 192.168.249.81 to mac (00:0c:29:62:3c:38) in ARP table (pf::iplog::ip2macinarp) Aug 21 12:42:36 pfdhcplistener(4895) INFO: 00:0c:29:62:3c:38 requested an IP. DHCP Fingerprint: OS::100 (Microsoft Windows XP). Modified node with last_dhcp = 2012-08-21 12:42:36,computername = test-bck-w2k3,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,249,43 (main::listen_dhcp) Aug 21 12:42:36 pfdhcplistener(4895) INFO: DHCPACK from 192.168.249.1 (00:0c:29:30:4c:fb) to host 00:0c:29:62:3c:38 (192.168.249.81) for 86400 seconds (main::parse_dhcp_ack) *********************************************************************************************************************** - 2 - I try to use a browser. I'm redirected to the captive portal. *********************************************************************************************************************** Aug 21 12:45:24 redir.cgi(0) INFO: 00:0c:29:62:3c:38 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Aug 21 12:45:24 redir.cgi(0) INFO: Updating node 00:0c:29:62:3c:38 user_agent with useragent: 'Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.79 Safari/537.1' (pf::web::web_node_record_user_agent) Aug 21 12:45:25 redir.cgi(0) INFO: Static User-Agent lookup data initialized (pf::useragent::_init) Aug 21 12:45:25 redir.cgi(0) INFO: 00:0c:29:62:3c:38 redirected to authentication page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) *********************************************************************************************************************** - 3 - On PacketFence, I create a preregistered guest user with a limited access duration *********************************************************************************************************************** Aug 21 12:44:53 guest-management.cgi(0) INFO: duration: 43200 (pf::web::guest::validate_registration) Aug 21 12:44:53 guest-management.cgi(0) INFO: person [email protected] added (pf::person::person_add) Aug 21 12:44:53 guest-management.cgi(0) WARN: modify of non-existent person [email protected] attempted - person added (pf::person::person_modify) Aug 21 12:44:53 guest-management.cgi(0) INFO: Adding guest person [email protected] (pf::web::guest::preregister) Aug 21 12:44:54 guest-management.cgi(0) INFO: new temporary account successfully generated (pf::temporary_password::generate) *********************************************************************************************************************** - 4 - On the guest machine, I open a session with the preregistered guest account *********************************************************************************************************************** Aug 21 12:46:25 register.cgi(0) INFO: 192.168.249.81 - 00:0c:29:62:3c:38 on registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler) Aug 21 12:46:25 register.cgi(0) INFO: performing node registration MAC: 00:0c:29:62:3c:38 pid: [email protected] (pf::web::_sanitize_and_register) Aug 21 12:46:25 register.cgi(0) INFO: re-evaluating access for node 00:0c:29:62:3c:38 (manage_register called) (pf::enforcement::reevaluate_access) Aug 21 12:46:25 register.cgi(0) INFO: 192.168.249.81 - 00:0c:29:62:3c:38 on registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler) Aug 21 12:46:28 pfsetvlan(21) INFO: local (127.0.0.1) trap for switch 127.0.0.1 (main::parseTrap) Aug 21 12:46:28 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Aug 21 12:46:28 pfsetvlan(1) INFO: firewallRequest trap received for inline client: 00:0c:29:62:3c:38. Modifying firewall. (main::handleTrap) Aug 21 12:46:28 pfsetvlan(1) INFO: MAC: 00:0c:29:62:3c:38 stated changed, adapting firewall rules for proper enforcement (pf::inline::performInlineEnforcement) Aug 21 12:46:28 pfsetvlan(1) INFO: [Function] init() libiptc handle (InitTime:[0.001s]) (IPTables::Interface::new) Aug 21 12:46:28 pfsetvlan(1) INFO: finished (main::cleanupAfterThread) *********************************************************************************************************************** I see the "Modifying firewall" line in the "packetfence.log" log file. In the iptable config, I see the config change : *********************************************************************************************************************** iptables -t mangle -L ..... Chain prerouting-int-inline-if (1 references) target prot opt source destination MARK all -- anywhere anywhere MARK set 0x3 MARK all -- anywhere anywhere MAC 00:0C:29:62:3C:38 MARK set 0x1 *********************************************************************************************************************** - 5 - After the guest access expiration, I see the node config change : *********************************************************************************************************************** Aug 21 13:14:40 pfmon(1) INFO: running expire check (main::cleanup) Aug 21 13:14:40 pfmon(1) INFO: checking registered nodes for expiration (main::cleanup) Aug 21 13:14:41 pfcmd(5238) INFO: re-evaluating access for node 00:0c:29:62:3c:38 (manage_deregister called) (pf::enforcement::reevaluate_access) Aug 21 13:14:41 pfmon(1) INFO: modified 00:0c:29:62:3c:38 from status 'reg' to 'unreg' based on unregdate colum (pf::node::nodes_maintenance) Aug 21 13:14:41 pfmon(1) INFO: checking violations for expiration (main::cleanup) Aug 21 13:14:41 pfmon(1) INFO: checking accounting data for potential bandwidth abuse (main::cleanup) Aug 21 13:14:41 pfmon(1) INFO: getting violations triggers for accounting cleanup (pf::accounting::acct_maintenance) Aug 21 13:14:41 pfmon(1) INFO: Calling node acct maintenance total with monthly and 1 for 21474836480 (pf::accounting::acct_maintenance) Aug 21 13:14:44 pfsetvlan(22) INFO: local (127.0.0.1) trap for switch 127.0.0.1 (main::parseTrap) Aug 21 13:14:45 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Aug 21 13:14:45 pfsetvlan(3) INFO: firewallRequest trap received for inline client: 00:0c:29:62:3c:38. Modifying firewall. (main::handleTrap) Aug 21 13:14:45 pfsetvlan(3) INFO: MAC: 00:0c:29:62:3c:38 stated changed, adapting firewall rules for proper enforcement (pf::inline::performInlineEnforcement) Aug 21 13:14:45 pfsetvlan(3) INFO: [Function] init() libiptc handle (InitTime:[0.000s]) (IPTables::Interface::new) Aug 21 13:14:45 pfsetvlan(3) INFO: finished (main::cleanupAfterThread) *********************************************************************************************************************** Again, I see the "Modifying firewall" line in the "packetfence.log" log file. In the iptable config, again I see the config change : *********************************************************************************************************************** iptables -t mangle -L ..... Chain prerouting-int-inline-if (1 references) target prot opt source destination MARK all -- anywhere anywhere MARK set 0x3 *********************************************************************************************************************** Up to this point, all works perfectly. - 6 - Now, I create a NEW preregistered guest user with a limited access duration : *********************************************************************************************************************** Aug 21 14:07:52 guest-management.cgi(0) INFO: duration: 3600 (pf::web::guest::validate_registration) Aug 21 14:07:52 guest-management.cgi(0) INFO: person [email protected] added (pf::person::person_add) Aug 21 14:07:52 guest-management.cgi(0) WARN: modify of non-existent person [email protected] attempted - person added (pf::person::person_modify) Aug 21 14:07:52 guest-management.cgi(0) INFO: Adding guest person [email protected] (pf::web::guest::preregister) Aug 21 14:07:53 guest-management.cgi(0) INFO: new temporary account successfully generated (pf::temporary_password::generate) *********************************************************************************************************************** - 7 - Again, I try to open an URL on the same guest machine and I'm redirect to the captive portal. I open a session with the new preregistered guest account, but after, I can't view any URL. All ping test of external url address respond with the packetfence IP address. If I open the "packetfence.log" log file, I don't see the "Modifying firewall" line : *********************************************************************************************************************** Aug 21 14:09:10 register.cgi(0) INFO: 192.168.249.81 - 00:0c:29:62:3c:38 on registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler) Aug 21 14:09:10 register.cgi(0) INFO: performing node registration MAC: 00:0c:29:62:3c:38 pid: [email protected] (pf::web::_sanitize_and_register) Aug 21 14:09:10 register.cgi(0) INFO: re-evaluating access for node 00:0c:29:62:3c:38 (manage_register called) (pf::enforcement::reevaluate_access) Aug 21 14:09:11 register.cgi(0) INFO: 192.168.249.81 - 00:0c:29:62:3c:38 on registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler) Aug 21 14:09:16 redir.cgi(0) INFO: 00:0c:29:62:3c:38 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Aug 21 14:09:16 redir.cgi(0) INFO: Updating node 00:0c:29:62:3c:38 user_agent with useragent: 'Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.79 Safari/537.1' (pf::web::web_node_record_user_agent) Aug 21 14:09:16 redir.cgi(0) INFO: Static User-Agent lookup data initialized (pf::useragent::_init) Aug 21 14:09:16 redir.cgi(0) INFO: MAC 00:0c:29:62:3c:38 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Aug 21 14:09:16 redir.cgi(0) INFO: re-evaluating access for node 00:0c:29:62:3c:38 (redir.cgi called) (pf::enforcement::reevaluate_access) *********************************************************************************************************************** In the iptable config, this time, I DON'T see the config change : *********************************************************************************************************************** iptables -t mangle -L ..... Chain prerouting-int-inline-if (1 references) target prot opt source destination MARK all -- anywhere anywhere MARK set 0x3 *********************************************************************************************************************** - 8 - I restart packetfence with the command "service packetfence restart". *********************************************************************************************************************** Aug 21 14:10:59 pfcmd(5594) INFO: Executing pfcmd service pf restart (main::service) Aug 21 14:10:59 pfcmd(5594) INFO: packetfence restart ... executing stop followed by start (main::service) Aug 21 14:10:59 pfcmd(5594) INFO: Executing pfcmd service pf stop (main::service) Aug 21 14:10:59 pfcmd(5594) INFO: /usr/sbin/named stop (pf::services::service_ctl) Aug 21 14:10:59 pfcmd(5594) INFO: Stopping named with '/usr/bin/pkill named' (pf::services::service_ctl) Aug 21 14:10:59 pfcmd(5594) INFO: /usr/sbin/named status (pf::services::service_ctl) Aug 21 14:10:59 pfcmd(5594) INFO: pidof -x named returned 0 (pf::services::service_ctl) Aug 21 14:10:59 pfcmd(5594) INFO: /usr/sbin/dhcpd stop (pf::services::service_ctl) Aug 21 14:10:59 pfcmd(5594) INFO: Stopping dhcpd with '/usr/bin/pkill dhcpd' (pf::services::service_ctl) Aug 21 14:10:59 pfcmd(5594) INFO: /usr/sbin/dhcpd status (pf::services::service_ctl) Aug 21 14:10:59 pfcmd(5594) INFO: pidof -x dhcpd returned 0 (pf::services::service_ctl) Aug 21 14:10:59 pfcmd(5594) INFO: /usr/sbin/httpd stop (pf::services::service_ctl) Aug 21 14:10:59 pfcmd(5594) INFO: Stopping httpd with '/usr/bin/pkill httpd' (pf::services::service_ctl) Aug 21 14:10:59 pfcmd(5594) INFO: /usr/sbin/httpd status (pf::services::service_ctl) Aug 21 14:11:00 pfcmd(5594) INFO: pidof -x httpd returned 5450 5446 5445 5444 5443 5442 5441 5393 5392 5390 5182 5180 5049 5041 5040 4884 (pf::services::service_ctl) Aug 21 14:11:00 pfcmd(5594) INFO: Waiting for httpd to stop (pf::services::service_ctl) Aug 21 14:11:02 pfcmd(5594) INFO: /usr/sbin/httpd status (pf::services::service_ctl) Aug 21 14:11:02 pfcmd(5594) INFO: pidof -x httpd returned 0 (pf::services::service_ctl) Aug 21 14:11:02 pfcmd(5594) INFO: /usr/sbin/snmptrapd stop (pf::services::service_ctl) Aug 21 14:11:02 pfcmd(5594) INFO: Stopping snmptrapd with '/usr/bin/pkill snmptrapd' (pf::services::service_ctl) Aug 21 14:11:02 pfcmd(5594) INFO: /usr/sbin/snmptrapd status (pf::services::service_ctl) Aug 21 14:11:02 pfcmd(5594) INFO: pidof -x snmptrapd returned 0 (pf::services::service_ctl) Aug 21 14:11:02 pfcmd(5594) INFO: /usr/local/pf/sbin/pfsetvlan stop (pf::services::service_ctl) Aug 21 14:11:02 pfcmd(5594) INFO: Stopping pfsetvlan with '/usr/bin/pkill pfsetvlan' (pf::services::service_ctl) Aug 21 14:11:02 pfsetvlan(0) FATAL: pfsetvlan: caught SIGTERM - terminating at /usr/share/perl5/File/Tail.pm line 554 (main::normal_sighandler) pfsetvlan: caught SIGTERM - terminating at /usr/share/perl5/File/Tail.pm line 554 Aug 21 14:11:02 pfsetvlan(0) INFO: stopping pfsetvlan (main::END) Aug 21 14:11:02 pfcmd(5594) INFO: /usr/local/pf/sbin/pfsetvlan status (pf::services::service_ctl) Aug 21 14:11:02 pfcmd(5594) INFO: pidof -x pfsetvlan returned 4898 (pf::services::service_ctl) Aug 21 14:11:02 pfcmd(5594) INFO: Waiting for pfsetvlan to stop (pf::services::service_ctl) Aug 21 14:11:04 pfcmd(5594) INFO: /usr/local/pf/sbin/pfsetvlan status (pf::services::service_ctl) Aug 21 14:11:04 pfcmd(5594) INFO: pidof -x pfsetvlan returned 4898 (pf::services::service_ctl) Aug 21 14:11:04 pfcmd(5594) INFO: Waiting for pfsetvlan to stop (pf::services::service_ctl) Aug 21 14:11:06 pfcmd(5594) INFO: /usr/local/pf/sbin/pfsetvlan status (pf::services::service_ctl) Aug 21 14:11:10 pfcmd(5594) INFO: pidof -x pfsetvlan returned 4898 (pf::services::service_ctl) Aug 21 14:11:10 pfcmd(5594) INFO: Waiting for pfsetvlan to stop (pf::services::service_ctl) Aug 21 14:11:13 pfcmd(5594) INFO: /usr/local/pf/sbin/pfsetvlan status (pf::services::service_ctl) Aug 21 14:11:14 pfcmd(5594) INFO: pidof -x pfsetvlan returned 4898 (pf::services::service_ctl) Aug 21 14:11:18 pfdhcplistener(4896) INFO: DHCPREQUEST from 70:5a:b6:a8:f2:37 (192.168.0.116) (main::parse_dhcp_request) Aug 21 14:11:18 pfcmd(5594) INFO: Waiting for pfsetvlan to stop (pf::services::service_ctl) Aug 21 14:11:18 pfcmd(5594) INFO: Waiting for pfsetvlan to stop (pf::services::service_ctl) Aug 21 14:11:18 pfdhcplistener(4896) INFO: could not resolve 192.168.0.116 to mac in ARP table (pf::iplog::ip2macinarp) Aug 21 14:11:20 pfcmd(5594) INFO: /usr/local/pf/sbin/pfsetvlan status (pf::services::service_ctl) Aug 21 14:11:22 pfdhcplistener(4896) INFO: resolved 192.168.0.116 to mac (70:5a:b6:a8:f2:37) in ARP table (pf::iplog::ip2macinarp) Aug 21 14:11:22 pfcmd(5594) INFO: pidof -x pfsetvlan returned 4898 (pf::services::service_ctl) Aug 21 14:11:22 pfcmd(5594) INFO: Waiting for pfsetvlan to stop (pf::services::service_ctl) Aug 21 14:11:25 pfcmd(5594) INFO: /usr/local/pf/sbin/pfsetvlan status (pf::services::service_ctl) Aug 21 14:11:27 pfdhcplistener(4896) INFO: 70:5a:b6:a8:f2:37 requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008). Modified node with last_dhcp = 2012-08-21 14:11:27,computername = Sc33w7-net01,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43 (main::listen_dhcp) Aug 21 14:11:27 pfdhcplistener(4896) INFO: DHCPOFFER from 192.168.0.20 (00:50:56:bb:41:f3) to host 70:5a:b6:a8:f2:37 (192.168.0.116) (main::parse_dhcp_offer) Aug 21 14:11:27 pfdhcplistener(4896) INFO: DHCPOFFER from 192.168.0.20 (00:50:56:bb:41:f3) to host 70:5a:b6:a8:f2:37 (192.168.0.116) (main::parse_dhcp_offer) Aug 21 14:11:27 pfdhcplistener(4896) INFO: DHCPACK from 192.168.0.20 (00:50:56:bb:41:f3) to host 70:5a:b6:a8:f2:37 (192.168.0.116) for 10800 seconds (main::parse_dhcp_ack) Aug 21 14:11:27 pfdhcplistener(4896) INFO: DHCPOFFER from 192.168.0.10 (00:50:56:bb:00:11) to host 70:5a:b6:a8:f2:37 (192.168.0.77) (main::parse_dhcp_offer) Aug 21 14:11:27 pfcmd(5594) INFO: pidof -x pfsetvlan returned 4898 (pf::services::service_ctl) Aug 21 14:11:27 pfcmd(5594) INFO: Waiting for pfsetvlan to stop (pf::services::service_ctl) Aug 21 14:11:30 pfcmd(5594) INFO: /usr/local/pf/sbin/pfsetvlan status (pf::services::service_ctl) Aug 21 14:11:31 pfcmd(5594) INFO: pidof -x pfsetvlan returned 4898 (pf::services::service_ctl) Aug 21 14:11:31 pfcmd(5594) INFO: Waiting for pfsetvlan to stop (pf::services::service_ctl) Aug 21 14:11:33 pfcmd(5594) INFO: /usr/local/pf/sbin/pfsetvlan status (pf::services::service_ctl) Aug 21 14:11:33 pfcmd(5594) INFO: pidof -x pfsetvlan returned 0 (pf::services::service_ctl) Aug 21 14:11:33 pfcmd(5594) INFO: /usr/local/pf/sbin/pfdhcplistener stop (pf::services::service_ctl) Aug 21 14:11:33 pfcmd(5594) INFO: Stopping pfdhcplistener with '/usr/bin/pkill pfdhcplistener' (pf::services::service_ctl) Aug 21 14:11:33 pfdhcplistener(4896) FATAL: pfdhcplistener: caught SIGTERM - terminating (main::normal_sighandler) Aug 21 14:11:33 pfdhcplistener(4896) INFO: stopping pfdhcplistener for interface eth0 (main::END) Aug 21 14:11:33 pfdhcplistener(4895) FATAL: pfdhcplistener: caught SIGTERM - terminating (main::normal_sighandler) Aug 21 14:11:33 pfdhcplistener(4895) INFO: stopping pfdhcplistener for interface eth1 (main::END) Aug 21 14:11:33 pfcmd(5594) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl) Aug 21 14:11:33 pfcmd(5594) INFO: pidof -x pfdhcplistener returned 4896 4895 (pf::services::service_ctl) Aug 21 14:11:33 pfcmd(5594) INFO: Waiting for pfdhcplistener to stop (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: pidof -x pfdhcplistener returned 0 (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: /usr/local/pf/sbin/pfmon stop (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: Stopping pfmon with '/usr/bin/pkill pfmon' (pf::services::service_ctl) Aug 21 14:11:35 pfmon(0) FATAL: pfmon: caught SIGTERM - terminating (main::normal_sighandler) Aug 21 14:11:35 pfmon(0) INFO: stopping pfmon (main::END) Aug 21 14:11:35 pfcmd(5594) INFO: /usr/local/pf/sbin/pfmon status (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: pidof -x pfmon returned 0 (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: /usr/sbin/named status (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: pidof -x named returned 0 (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: /usr/sbin/dhcpd status (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: pidof -x dhcpd returned 0 (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: /usr/sbin/snort status (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: pidof -x snort returned 0 (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: /usr/bin/suricata status (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: pidof -x suricata returned 0 (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: /usr/sbin/radiusd status (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: pidof -x radiusd returned 0 (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: /usr/sbin/httpd status (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: pidof -x httpd returned 0 (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: /usr/sbin/snmptrapd status (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: pidof -x snmptrapd returned 0 (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: /usr/local/pf/sbin/pfdetect status (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: pidof -x pfdetect returned 0 (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: /usr/local/pf/sbin/pfredirect status (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: pidof -x pfredirect returned 0 (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: /usr/local/pf/sbin/pfsetvlan status (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: pidof -x pfsetvlan returned 0 (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: pidof -x pfdhcplistener returned 0 (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: /usr/local/pf/sbin/pfmon status (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: pidof -x pfmon returned 0 (pf::services::service_ctl) Aug 21 14:11:35 pfcmd(5594) INFO: restoring iptables from /usr/local/pf/var/iptables.bak (pf::iptables::iptables_restore) Aug 21 14:11:35 pfcmd(5594) INFO: Executing pfcmd service pf start (main::service) Aug 21 14:11:37 pfcmd(5594) INFO: /usr/sbin/named status (pf::services::service_ctl) Aug 21 14:11:37 pfcmd(5594) INFO: pidof -x named returned 0 (pf::services::service_ctl) Aug 21 14:11:37 pfcmd(5594) INFO: /usr/sbin/dhcpd status (pf::services::service_ctl) Aug 21 14:11:37 pfcmd(5594) INFO: pidof -x dhcpd returned 0 (pf::services::service_ctl) Aug 21 14:11:37 pfcmd(5594) INFO: /usr/sbin/snort status (pf::services::service_ctl) Aug 21 14:11:37 pfcmd(5594) INFO: pidof -x snort returned 0 (pf::services::service_ctl) Aug 21 14:11:37 pfcmd(5594) INFO: /usr/bin/suricata status (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: pidof -x suricata returned 0 (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: /usr/sbin/radiusd status (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: /usr/sbin/radiusd status (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: pidof -x radiusd returned 0 (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: /usr/sbin/httpd status (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: pidof -x httpd returned 0 (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: /usr/sbin/snmptrapd status (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: pidof -x snmptrapd returned 0 (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: /usr/local/pf/sbin/pfdetect status (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: pidof -x pfdetect returned 0 (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: /usr/local/pf/sbin/pfredirect status (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: pidof -x pfredirect returned 0 (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: /usr/local/pf/sbin/pfsetvlan status (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: pidof -x pfsetvlan returned 0 (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: pidof -x pfdhcplistener returned 0 (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: /usr/local/pf/sbin/pfmon status (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: pidof -x pfmon returned 0 (pf::services::service_ctl) Aug 21 14:11:38 pfcmd(5594) INFO: saving current iptables to var/iptables.bak (main::service) Aug 21 14:11:38 pfcmd(5594) INFO: saving existing iptables to /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save) Aug 21 14:11:54 pfcmd(5594) INFO: Adding DNS DNAT rules for unregistered and isolated inline clients. (pf::iptables::generate_inline_rules) Aug 21 14:11:54 pfcmd(5594) INFO: Adding NAT Masquarade statement (PAT) (pf::iptables::generate_inline_rules) Aug 21 14:11:54 pfcmd(5594) INFO: building firewall to accept registered users through inline interface (pf::iptables::generate_inline_rules) Aug 21 14:11:54 pfcmd(5594) INFO: restoring iptables from /usr/local/pf/var/conf/iptables.conf (pf::iptables::iptables_restore) Aug 21 14:11:54 pfcmd(5594) INFO: /usr/sbin/named start (pf::services::service_ctl) Aug 21 14:11:54 pfcmd(5594) INFO: Generating configuration file for named (generate_named_conf) (pf::services::service_ctl) Aug 21 14:11:54 pfcmd(5594) INFO: Starting named with '/usr/sbin/named -u pf -c /usr/local/pf/var/conf/named.conf' (pf::services::service_ctl) Aug 21 14:11:54 pfcmd(5594) INFO: Daemon named took 0.144 seconds to start. (pf::services::service_ctl) Aug 21 14:11:54 pfcmd(5594) INFO: /usr/sbin/dhcpd start (pf::services::service_ctl) Aug 21 14:11:54 pfcmd(5594) INFO: Generating configuration file for dhcpd (generate_dhcpd_conf) (pf::services::service_ctl) Aug 21 14:11:54 pfcmd(5594) INFO: Starting dhcpd with '/usr/sbin/dhcpd -lf /usr/local/pf/var/dhcpd/dhcpd.leases -cf /usr/local/pf/var/conf/dhcpd.conf eth1' (pf::services::service_ctl) Aug 21 14:11:54 pfcmd(5594) INFO: Daemon dhcpd took 0.132 seconds to start. (pf::services::service_ctl) Aug 21 14:11:54 pfcmd(5594) INFO: /usr/sbin/httpd start (pf::services::service_ctl) Aug 21 14:11:54 pfcmd(5594) INFO: Generating configuration file for httpd (generate_httpd_conf) (pf::services::service_ctl) Aug 21 14:11:54 pfcmd(5594) INFO: generating /usr/local/pf/var/conf/httpd.conf (pf::services::apache::generate_httpd_conf) Aug 21 14:11:54 pfcmd(5594) INFO: generating /usr/local/pf/var/conf/ssl-certificates.conf (pf::services::apache::generate_httpd_conf) Aug 21 14:11:54 pfcmd(5594) INFO: generating /usr/local/pf/var/conf/block-unwanted.conf (pf::services::apache::generate_httpd_conf) Aug 21 14:11:54 pfcmd(5594) INFO: generating /usr/local/pf/var/conf/captive-portal-common.conf (pf::services::apache::generate_httpd_conf) Aug 21 14:11:54 pfcmd(5594) INFO: generating /usr/local/pf/var/conf/captive-portal-cleanurls.conf (pf::services::apache::generate_httpd_conf) Aug 21 14:11:54 pfcmd(5594) INFO: Starting httpd with '/usr/sbin/httpd -f /usr/local/pf/var/conf/httpd.conf' (pf::services::service_ctl) Aug 21 14:11:55 pfcmd(5594) INFO: Daemon httpd took 1.061 seconds to start. (pf::services::service_ctl) Aug 21 14:11:55 pfcmd(5594) INFO: /usr/sbin/snmptrapd start (pf::services::service_ctl) Aug 21 14:11:55 pfcmd(5594) INFO: Generating configuration file for snmptrapd (generate_snmptrapd_conf) (pf::services::service_ctl) Aug 21 14:11:55 pfcmd(5594) INFO: generating /usr/local/pf/var/conf/snmptrapd.conf (pf::services::snmptrapd::generate_snmptrapd_conf) Aug 21 14:11:55 pfcmd(5594) INFO: Starting snmptrapd with '/usr/sbin/snmptrapd -n -c /usr/local/pf/var/conf/snmptrapd.conf -C -A -Lf /usr/local/pf/logs/snmptrapd.log -p /usr/local/pf/var/run/snmptrapd.pid -On' (pf::services::service_ctl) Aug 21 14:11:55 pfcmd(5594) INFO: Daemon snmptrapd took 0.084 seconds to start. (pf::services::service_ctl) Aug 21 14:11:55 pfcmd(5594) INFO: /usr/local/pf/sbin/pfsetvlan start (pf::services::service_ctl) Aug 21 14:11:55 pfcmd(5594) INFO: Starting pfsetvlan with '/usr/local/pf/sbin/pfsetvlan -d &' (pf::services::service_ctl) Aug 21 14:11:55 pfcmd(5594) INFO: Daemon pfsetvlan took 0.030 seconds to start. (pf::services::service_ctl) Aug 21 14:11:55 pfcmd(5594) INFO: /usr/local/pf/sbin/pfdhcplistener start (pf::services::service_ctl) Aug 21 14:11:55 pfcmd(5594) INFO: Starting pfdhcplistener with '/usr/local/pf/sbin/pfdhcplistener -i eth1 -d &' (pf::services::service_ctl) Aug 21 14:11:55 pfcmd(5594) INFO: Daemon pfdhcplistener took 0.027 seconds to start. (pf::services::service_ctl) Aug 21 14:11:55 pfcmd(5594) INFO: Starting pfdhcplistener with '/usr/local/pf/sbin/pfdhcplistener -i eth0 -d &' (pf::services::service_ctl) Aug 21 14:11:55 pfcmd(5594) INFO: Daemon pfdhcplistener took 0.046 seconds to start. (pf::services::service_ctl) Aug 21 14:11:55 pfcmd(5594) INFO: /usr/local/pf/sbin/pfmon start (pf::services::service_ctl) Aug 21 14:11:55 pfcmd(5594) INFO: Starting pfmon with '/usr/local/pf/sbin/pfmon -d &' (pf::services::service_ctl) Aug 21 14:11:55 pfcmd(5594) INFO: Daemon pfmon took 0.072 seconds to start. (pf::services::service_ctl) Aug 21 14:11:57 pfdhcplistener(5687) INFO: pfdhcplistener_eth1 starting and writing 5692 to /usr/local/pf/var/run/pfdhcplistener_eth1.pid (pf::util::createpid) Aug 21 14:11:57 pfdhcplistener(5692) WARN: Unable to open VLAN proc description for eth1: No such file or directory (pf::util::get_vlan_from_int) Aug 21 14:11:57 pfdhcplistener(5692) INFO: DHCP detector on eth1 enabled (main::) Aug 21 14:11:57 pfdhcplistener(5689) INFO: pfdhcplistener_eth0 starting and writing 5693 to /usr/local/pf/var/run/pfdhcplistener_eth0.pid (pf::util::createpid) Aug 21 14:11:57 pfdhcplistener(5693) WARN: Unable to open VLAN proc description for eth0: No such file or directory (pf::util::get_vlan_from_int) Aug 21 14:11:57 pfdhcplistener(5693) INFO: DHCP detector on eth0 enabled (main::) Aug 21 14:11:57 pfmon(0) INFO: pfmon starting and writing 5694 to /usr/local/pf/var/run/pfmon.pid (pf::util::createpid) Aug 21 14:11:57 pfmon(1) INFO: Starting cleanup thread (main::cleanup) Aug 21 14:11:57 pfsetvlan(0) INFO: pfsetvlan starting and writing 5696 to /usr/local/pf/var/run/pfsetvlan.pid (pf::util::createpid) Aug 21 14:11:57 pfsetvlan(0) INFO: Process started (main::) *********************************************************************************************************************** - 9 - After the restart, all seems to be good again in iptable config: *********************************************************************************************************************** iptables -t mangle -L ..... Chain prerouting-int-inline-if (1 references) target prot opt source destination MARK all -- anywhere anywhere MARK set 0x3 MARK all -- anywhere anywhere MAC 00:0C:29:62:3C:38 MARK set 0x1 *********************************************************************************************************************** I can see URLs on the guest machine. It seems that the changement config and activation of iptable works correctly on the first registration, but not after. Is it a bug issue or is there something I don't understand. Any help will be welcome. Thanks in advance. Regards. Olivier DUMON ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
