Hello John,
if you use the latest version, it´s possible to specify in the
configuration file networks.conf that you don´t want to nat.
Introduced in PacketFence 3.6, the outgoing interface should be
specified by adding in pf.conf the option interfaceSNAT in inline
section. It is a comma delimited list of network interfaces like
eth0,eth0.100. It's also possible to specify a network that will be
routed instead of using NAT by adding in `conf/networks.conf` an option
nat=no under one or more network section.
regards
Fabrice
Le 2013-03-27 17:42, John Baker a écrit :
Hi,
I am working with Debian Squeeze and the latest package available for
Packetfence.
We want to route our registered users rather than NAT them. But the
instructions for custom NAT "Comment the line
%%nat_postrouting_inline%% in conf/iptables.conf. Restart PacketFence.
At this point packets are routed out" don't seem to work. As long as
:postrouting-int-inline-if - [0:0] is in my iptables.conf these rules
are created:
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
postrouting-int-inline-if all -- anywhere anywhere mark
match 0x3
postrouting-int-inline-if all -- anywhere anywhere mark
match 0x1
postrouting-int-inline-if all -- anywhere anywhere mark
match 0x2
But ,of course, if I comment out :postrouting-int-inline-if - [0:0] I
get errors on start-up and dns redirection breaks.
We have been using packetfence 3.3.2 with Fedora and had the same
issue. There I edited iptables.pm <http://iptables.pm> to get the
behavior I wanted like this:
foreach ($IPTABLES_MARK_UNREG, $IPTABLES_MARK_REG,
$IPTABLES_MARK_ISOLATION) {
to:
foreach ($IPTABLES_MARK_UNREG, $IPTABLES_MARK_ISOLATION) {
This worked and it looks it will work again. But I'd really rather
have the other piece working.
Any suggestions on why the directions aren't working for me?
--
John Baker
Network Administrator
Marlboro College
Phone: 451-7551 Cell: 490-0066
------------------------------------------------------------------------------
Own the Future-Intel® Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game
on Steam. $5K grand prize plus 10 genre and skill prizes.
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Own the Future-Intel® Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game
on Steam. $5K grand prize plus 10 genre and skill prizes.
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
