It appears to work fine with sudo. My test VM got internet access after I
ran the command. Here is the log...
[root@packetfence fhaynes]# su pf
sh-4.1$ ipset --add pfsession_Reg_10.84.0.0 10.84.109.110,00:50:56:b4:7d:1b
2>&1
ipset v6.11: Kernel error received: Operation not permitted
sh-4.1$ sudo ipset --add pfsession_Reg_10.84.0.0
10.84.109.110,00:50:56:b4:7d:1b 2>&1
sh-4.1$
Interestingly, restarting the packetfence process also seems to resolve the
issue for the test VM.
On Thu, May 30, 2013 at 8:21 AM, Fabrice DURAND <[email protected]> wrote:
> Try to run ipset command under the pf user.
>
>
> Le 2013-05-30 11:08, Fletcher Haynes a écrit :
>
> Hi Fabrice,
>
> Here is the entry I have in sudoers for pf user:
> pf ALL=NOPASSWD: /sbin/iptables, /usr/sbin/ipset
> Defaults:pf !requiretty
>
>
> On Thu, May 30, 2013 at 8:05 AM, Fabrice DURAND <[email protected]>wrote:
>
>> Hi Fletcher,
>> can you check in the sudoers file if there is an entry for ipset ?
>>
>> Thanks
>> Fabrice
>>
>> Le 2013-05-29 19:41, Fletcher Haynes a écrit :
>>
>> Hello everyone,
>>
>> I have deployed packetfence in an OOB mode and it works great. I am now
>> experimenting with the inline mode to handle a different use case. I can
>> get through the captive portal on my test machine, but right after
>> registration, ipset seems to have issues. I see the following log messages
>> quite a bit:
>>
>> May 29 16:35:53 pfdhcplistener(12707) WARN: Problem trying to run
>> command: LANG=C sudo ipset --list pfsession_Unreg_10.84.0.0 2>&1 called
>> from get_ip_from_ipset_by_mac. Child exited with non-zero value 1
>> (pf::util::pf_run)
>>
>> May 29 16:35:54 pfdhcplistener(12707) WARN: Problem trying to run
>> command: LANG=C sudo ipset --list pfsession_Reg_10.84.0.0 2>&1 called from
>> ipset_remove_ip. Child exited with non-zero value 1 (pf::util::pf_run)
>>
>> May 29 16:35:54 pfdhcplistener(12707) WARN: Problem trying to run
>> command: LANG=C sudo ipset --add pfsession_Reg_10.84.0.0
>> 10.84.109.110,00:50:56:b4:7d:1b 2>&1 called from iptables_mark_node. Child
>> exited with non-zero value 1 (pf::util::pf_run)
>>
>> May 29 16:34:38 pfsetvlan(9) WARN: Problem trying to run command:
>> LANG=C sudo ipset --list pfsession_Unreg_10.84.0.0 2>&1 called from
>> get_ip_from_ipset_by_mac. Child exited with non-zero value 1
>> (pf::util::pf_run)
>>
>> Use of uninitialized value $out in split at /usr/local/pf/lib/pf/
>> ipset.pm line 304.
>> May 29 16:34:38 pfsetvlan(9) WARN: Problem trying to run command: LANG=C
>> sudo ipset --list pfsession_Reg_10.84.0.0 2>&1 called from ipset_remove_ip.
>> Child exited with non-zero value 1 (pf::util::pf_run)
>> Use of uninitialized value $out in split at
>> /usr/local/pf/lib/pf/ipset.pmline 266.
>>
>> My test machine does not have any network access. However, if I run the
>> ipset --add command manually (I copy and paste it right out of the log
>> message) then it works fine.
>>
>> This is my pf.conf for the interface on the inline network:
>> [interface eth4]
>> ip=10.84.0.1
>> mask=255.255.0.0
>> type=internal
>> enforcement=inline
>> gateway=10.84.0.1
>>
>> And this is my networks.conf for that network:
>> [10.84.0.0]
>> type=inline
>> named=enabled
>> dhcpd=enabled
>> netmask=255.255.0.0
>> gateway=10.84.0.1
>> next_hop=
>> domain-name=kiosk.willamette.edu
>> dns=158.104.100.1
>> dhcp_start=10.84.0.2
>> dhcp_end=10.84.254.254
>> dhcp_default_lease_time=300
>> dhcp_max_lease_time=30
>>
>> I also enabled ipv4 forwarding in sysctl. Did I miss something? Any help
>> would be greatly appreciated!
>>
>> Thanks,
>> --
>> Fletcher Haynes <[email protected]>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
>> Get 100% visibility into your production application - at no cost.
>> Code-level diagnostics for performance bottlenecks with <2% overhead
>> Download for free and get started troubleshooting in
>> minutes.http://p.sf.net/sfu/appdyn_d2d_ap1
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>> --
>> Fabrice [email protected] :: +1.514.447.4918 (x135) ::
>> www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
>> Get 100% visibility into your production application - at no cost.
>> Code-level diagnostics for performance bottlenecks with <2% overhead
>> Download for free and get started troubleshooting in minutes.
>> http://p.sf.net/sfu/appdyn_d2d_ap1
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> --
> Fletcher Haynes <[email protected]>
> Systems Administrator/Network Services Consultant
> Willamette Integrated Technology Services
> Willamette University, Salem, OR
> Phone: 503.370.6016
>
>
> ------------------------------------------------------------------------------
> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> Get 100% visibility into your production application - at no cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in
> minutes.http://p.sf.net/sfu/appdyn_d2d_ap1
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
> Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
>
> ------------------------------------------------------------------------------
> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> Get 100% visibility into your production application - at no cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap1
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Fletcher Haynes <[email protected]>
Systems Administrator/Network Services Consultant
Willamette Integrated Technology Services
Willamette University, Salem, OR
Phone: 503.370.6016
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
