I have 1GB of memory and 512MB of swap on this machine. I forgot to mention
in my original message that we had this working on 3.5.1, but we're trying
to use 3.6.0 now and we've also added a third network interface. I'm not
sure which change broke things. We were running with just the inline
interface and a management interface and the network traffic going out
would go out the management interface. The end goal, however, is to not
have that traffic going over our internal network so we needed to have a
third separate interface for that traffic to get to the Internet by.
Anyway, I hope the extra information helps. Let me know if there's any more
information that might be helpful.
Thanks,
Russ
---
Russel Ingram
Associate Systems Administrator
Institute for Systems Biology
401 Terry Ave N
+1 206 732 2140
On Fri, Nov 2, 2012 at 5:29 PM, Fabrice Durand <[email protected]> wrote:
> Hello Russel,
> i don't have answer right now.
> In all my test there is no problem about that.
> How many memory do you have on your server and swap ?
>
> I think that system command isn't the right way to configure ipset, but
> there is no perl module that interact with ipset.
> I have a look about perlxs but i have to understand how it work.
>
> Let me know if after ipset -F the problem disppear or if after you restart
> packetfence the problem persist.
>
> Regards
>
> Le jeudi 1 novembre 2012 17:50:51, Russel Ingram a écrit :
>
>> I'm having trouble getting my packetfence server to allow registered
>> clients through. From looking at the logs, it looks like the ipset
>> command is failing when it tries to add the newly registered node to
>> the registered set. Here's what I'm seeing in the log:
>>
>> Nov 01 14:24:44 register.cgi(0) INFO: 172.16.0.11 - 00:19:d2:7b:e4:2c
>> on registration page
>> (ModPerl::ROOT::ModPerl::**PerlRun::usr_local_pf_html_**
>> captive_2dportal_register_**2ecgi::handler)
>> Nov 01 14:24:45 register.cgi(0) INFO: performing node registration
>> MAC: 00:19:d2:7b:e4:2c pid: guest (pf::web::_sanitize_and_**register)
>> Nov 01 14:24:45 register.cgi(0) INFO: re-evaluating access for node
>> 00:19:d2:7b:e4:2c (manage_register called)
>> (pf::enforcement::reevaluate_**access)
>> Nov 01 14:24:45 register.cgi(0) INFO: Instantiate a new iptables
>> modification method. pf::ipset (pf::inline::get_technique)
>> Nov 01 14:24:45 register.cgi(0) INFO: 172.16.0.11 - 00:19:d2:7b:e4:2c
>> on registration page
>> (ModPerl::ROOT::ModPerl::**PerlRun::usr_local_pf_html_**
>> captive_2dportal_register_**2ecgi::handler)
>> Nov 01 14:24:48 pfsetvlan(22) INFO: local (127.0.0.1) trap for switch
>> 127.0.0.1 (main::parseTrap)
>> Nov 01 14:24:48 pfsetvlan(3) INFO: nb of items in queue: 1; nb of
>> threads running: 0 (main::startTrapHandlers)
>> Nov 01 14:24:48 pfsetvlan(3) INFO: firewallRequest trap received for
>> inline client: 00:19:d2:7b:e4:2c. Modifying firewall. (main::handleTrap)
>> Nov 01 14:24:48 pfsetvlan(3) INFO: Instantiate a new iptables
>> modification method. pf::ipset (pf::inline::get_technique)
>> Nov 01 14:24:48 pfsetvlan(3) WARN: Problem trying to run command:
>> LANG=C sudo ipset --test pfsession_Unreg_172.16.0.0
>> 172.16.0.11,00:19:d2:7b:e4:2c 2>&1 called from
>> get_mangle_mark_for_mac. OS Error: Cannot allocate memory
>> (pf::util::pf_run)
>> Nov 01 14:24:48 pfsetvlan(3) WARN: Problem trying to run command:
>> LANG=C sudo ipset --test pfsession_Reg_172.16.0.0
>> 172.16.0.11,00:19:d2:7b:e4:2c 2>&1 called from
>> get_mangle_mark_for_mac. OS Error: Cannot allocate memory
>> (pf::util::pf_run)
>> Nov 01 14:24:48 pfsetvlan(3) WARN: Problem trying to run command:
>> LANG=C sudo ipset --test pfsession_Isol_172.16.0.0
>> 172.16.0.11,00:19:d2:7b:e4:2c 2>&1 called from
>> get_mangle_mark_for_mac. OS Error: Cannot allocate memory
>> (pf::util::pf_run)
>> Nov 01 14:24:48 pfsetvlan(3) INFO: MAC: 00:19:d2:7b:e4:2c stated
>> changed, adapting firewall rules for proper enforcement
>> (pf::inline::**performInlineEnforcement)
>> Nov 01 14:24:48 pfsetvlan(3) WARN: Problem trying to run command:
>> LANG=C sudo ipset --list pfsession_Unreg_172.16.0.0 2>&1 called from
>> get_ip_from_ipset_by_mac. OS Error: Cannot allocate memory
>> (pf::util::pf_run)
>> Use of uninitialized value $out in split at
>> /usr/local/pf/lib/pf/ipset.pm <http://ipset.pm> line 304.
>>
>> Nov 01 14:24:48 pfsetvlan(3) WARN: Problem trying to run command:
>> LANG=C sudo ipset --list pfsession_Reg_172.16.0.0 2>&1 called from
>> ipset_remove_ip. OS Error: Cannot allocate memory (pf::util::pf_run)
>> Use of uninitialized value $out in split at
>> /usr/local/pf/lib/pf/ipset.pm <http://ipset.pm> line 266.
>>
>> Nov 01 14:24:48 pfsetvlan(3) WARN: Problem trying to run command:
>> LANG=C sudo ipset --add pfsession_Reg_172.16.0.0
>> 172.16.0.11,00:19:d2:7b:e4:2c 2>&1 called from iptables_mark_node. OS
>> Error: Cannot allocate memory (pf::util::pf_run)
>> Nov 01 14:24:48 pfsetvlan(3) INFO: finished (main::cleanupAfterThread)
>>
>> You can see there that it's logging a memory allocation problem. When
>> I run those same commands as the pf user, with sudo, just like it
>> shows in the log, they run without any errors. Has anyone seen this
>> before? Anyone have any ideas on how to troubleshoot it?
>>
>> I'm running PacketFence 3.6.0 installed from the PacketFence Red Hat
>> repository on CentOS 6.3 x86_64. The full log is attached.
>>
>> Thanks,
>> Russ
>> ---
>> Russel Ingram
>> Associate Systems Administrator
>> Institute for Systems Biology
>> 401 Terry Ave N
>> +1 206 732 2140
>>
>>
>> ------------------------------**------------------------------**
>> ------------------
>> LogMeIn Central: Instant, anywhere, Remote PC access and management.
>> Stay in control, update software, and manage PCs from one command center
>> Diagnose problems and improve visibility into emerging IT issues
>> Automate, monitor and manage. Do more in less time with Central
>> http://p.sf.net/sfu/**logmein12331_d2d<http://p.sf.net/sfu/logmein12331_d2d>
>>
>>
>> ______________________________**_________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.**sourceforge.net<[email protected]>
>> https://lists.sourceforge.net/**lists/listinfo/packetfence-**users<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>
>
>
>
------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
