Hi Alex,
Thanks for taking the time to look at my config. Below is the pf.conf
output. If you need to view any other files just let me know and I'll post
them. Thanks again.
[interface eth1]
enforcement=inline
ip=10.250.0.10
type=internal,monitor
mask=255.255.248.0
[interface eth0]
ip=172.16.4.58
type=management
mask=255.255.0.0
enforcement=
[database]
pass=my_password
[general]
dhcpservers=127.0.0.1,172.16.4.9
domain=mydomain.local
dnsservers=172.16.4.1
timezone=America/Eastern
[alerting]
[email protected]
[email protected]
smtpserver=x.x.x.x
[guests_self_registration]
modes=sms
access_duration=1D
allow_localdomain=disabled
[expire]
node=1D
iplog=3D
traplog=3D
locationlog=5D
[registration]
range=10.250.0.0/21
expire_mode=window
maxnodes=1
nbregpages=1
[trapping]
range=10.250.0.0/21
redirecturl=
detection=enabled
[inline]
interfaceSNAT=
On Mon, May 6, 2013 at 3:15 PM, Alex Kisakye <[email protected]> wrote:
> Hello,
> A copy of your pf.conf should help us see what you missed.
>
> Alex
> ----- Original Message -----
> From: Joe Arcidiacono <[email protected]>
> To: [email protected]
> Sent: Mon, 06 May 2013 16:23:11 +0300 (EAT)
> Subject: Re: [PacketFence-users] Packetfence 3.6.1 Snort help
>
> Hi Fabrice,
>
>
>
> Thank you for getting back to me. To answer your question, yes, I have set
> detection=enabled as well as detection_engine=snort. Snort and pfdetect are
> running. As a matter of fact, all services are running with the exception
> of radius(which is fine since I'm not using it at the moment anyway). If I
> start downloading a Ubuntu torrent file on my guest network, my P2P traffic
> is not being trapped by packetfence. I've tried everything I can think of
> with no success. Any help or suggestions would be greatly appreciated.
> Thank you again
>
>
>
> Joe
>
>
> On Mon, May 6, 2013 at 8:37 AM, Fabrice DURAND <[email protected]> wrote:
>
> > Hi,
> > did you set:
> > [trapping]
> > detection=enabled
> > detection_engine=snort
> >
> > If yes, did snort starting when you try to launch packetfence ?
> > Is pfdetect running ?
> >
> > Regards
> > Fabrice
> >
> > Le 2013-05-03 19:59, Joe Arcidiacono a écrit :
> >
> > Hey All,
> >
> >
> >
> > I'm implementing inline enforcement(NAT) with Packetfence version
> > 3.6.1 and
> > am having alot of trouble trying to get snort to trap violations on my
> > internal network. This network is going to be used for guest wireless
> > access only. Captive Portal and self registration work perfectly,
> > however,
> > I noticed that no trap violations are being generated. I'm using a Meru
> > MC3200 controller for wireless connectivity. I have a physical server
> > running Debian Squeeze
> > that has 2 NICs. NIC 1 is my management NIC with IP 172.16.x.x/16.
> > NIC 2 is
> > assigned 10.250.x.x/21 for the guest wireless network. All guests
> > who receive an IP address has NIC 2's interface as the gateway address.
> > I have set trapping=enabled as well as assign the "monitor" option to
> > my
> > 10.250 NIC and enabled P2P violations. When I issue the command
> > "snort -i eth1 -v"(eth0 is my 172.16.x.x management card) I can see
> > all of the traffic flowing through but for some
> > reason, snort will not pick up on any violations. I ran the
> > update_rules.pl script to make sure the rules were updated to no
> > avail.
> > I believe I am missing an important step or 2.
> > Does the snort.conf file have to be edited somehow? If so, do I edit
> > the
> > /usr/local/pf/conf/snort.conf file or the /etc/snort/snort.conf file?
> > Also,
> > what would need to be edited to get the traps working? I have read the
> > Admin guide for 3.6.1 at least 30 times but with no luck. Any advice
> > would
> > be much appreciated. I thank you ahead of time for any suggestions.
> >
> >
> >
> >
> > Joe
> >
> >
> >
> ------------------------------------------------------------------------------
> > Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> > Get 100% visibility into your production application - at no cost.
> > Code-level diagnostics for performance bottlenecks with <2% overhead
> > Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap1
> >
> >
> >
> > _______________________________________________
> > PacketFence-users mailing listPacketFence-users
> @lists.sourceforge.nethttps://
> lists.sourceforge.net/lists/listinfo/packetfence-users
> >
> >
> >
> > --
> > Fabrice [email protected] :: +1.514.447.4918 (x135) ::
> www.inverse.ca
> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
> PacketFence (http://packetfence.org)
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> > Get 100% visibility into your production application - at no cost.
> > Code-level diagnostics for performance bottlenecks with <2% overhead
> > Download for free and get started troubleshooting in minutes.
> > http://p.sf.net/sfu/appdyn_d2d_ap1
> > _______________________________________________
> > PacketFence-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/packetfence-users
> >
> >
>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and
> their applications. This 200-page book is written by three acclaimed
> leaders in the field. The early access version is available now.
> Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
