Oh sorry never mind. I wrote before drinking my coffee.
Thanks
On Fri, Mar 29, 2013 at 10:40 AM, John Baker <[email protected]> wrote:
> Hi,
>
> That's not for inline though is it?
>
> Perhaps that's the issue here and it's not meant to give you the option
> with inline mode. It redirects packets on unregistered mac addresses to the
> captive portal during nat.
>
>
> On Thu, Mar 28, 2013 at 2:24 PM, Fabrice DURAND <[email protected]>wrote:
>
>> Hello John,
>> if you use the latest version, it´s possible to specify in the
>> configuration file networks.conf that you don´t want to nat.
>>
>>
>> Introduced in PacketFence 3.6, the outgoing interface should be specified
>> by adding in pf.conf the option interfaceSNAT in inline section. It is a
>> comma delimited list of network interfaces like eth0,eth0.100. It's also
>> possible to specify a network that will be routed instead of using NAT by
>> adding in `conf/networks.conf` an option nat=no under one or more network
>> section.
>>
>>
>> regards
>> Fabrice
>>
>> Le 2013-03-27 17:42, John Baker a écrit :
>>
>> Hi,
>>
>> I am working with Debian Squeeze and the latest package available for
>> Packetfence.
>>
>> We want to route our registered users rather than NAT them. But the
>> instructions for custom NAT "Comment the line %%nat_postrouting_inline%% in
>> conf/iptables.conf. Restart PacketFence. At this point packets are routed
>> out" don't seem to work. As long as :postrouting-int-inline-if - [0:0] is
>> in my iptables.conf these rules are created:
>> Chain POSTROUTING (policy ACCEPT)
>> target prot opt source destination
>> postrouting-int-inline-if all -- anywhere anywhere
>> mark match 0x3
>> postrouting-int-inline-if all -- anywhere anywhere
>> mark match 0x1
>> postrouting-int-inline-if all -- anywhere anywhere
>> mark match 0x2
>>
>>
>> But ,of course, if I comment out :postrouting-int-inline-if - [0:0] I
>> get errors on start-up and dns redirection breaks.
>>
>> We have been using packetfence 3.3.2 with Fedora and had the same
>> issue. There I edited iptables.pm to get the behavior I wanted like this:
>>
>> foreach ($IPTABLES_MARK_UNREG, $IPTABLES_MARK_REG,
>> $IPTABLES_MARK_ISOLATION) {
>> to:
>> foreach ($IPTABLES_MARK_UNREG, $IPTABLES_MARK_ISOLATION) {
>>
>> This worked and it looks it will work again. But I'd really rather have
>> the other piece working.
>>
>> Any suggestions on why the directions aren't working for me?
>>
>> --
>> John Baker
>> Network Administrator
>> Marlboro College
>> Phone: 451-7551 Cell: 490-0066
>>
>>
>> ------------------------------------------------------------------------------
>> Own the Future-Intel® Level Up Game Demo Contest 2013
>> Rise to greatness in Intel's independent game demo contest.
>> Compete for recognition, cash, and the chance to get your game
>> on Steam. $5K grand prize plus 10 genre and skill prizes.
>> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>> --
>> Fabrice [email protected] :: +1.514.447.4918 (x135) ::
>> www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Own the Future-Intel® Level Up Game Demo Contest 2013
>> Rise to greatness in Intel's independent game demo contest.
>> Compete for recognition, cash, and the chance to get your game
>> on Steam. $5K grand prize plus 10 genre and skill prizes.
>> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> --
> John Baker
> Network Administrator
> Marlboro College
> Phone: 451-7551 Cell: 490-0066
>
--
John Baker
Network Administrator
Marlboro College
Phone: 451-7551 Cell: 490-0066
------------------------------------------------------------------------------
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete
for recognition, cash, and the chance to get your game on Steam.
$5K grand prize plus 10 genre and skill prizes. Submit your demo
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
