I have actually been doing that all along. I believe the issue may be with
something else. I started looking into the logs to see if there was
something obviously wrong, and sure enough, I found something. I keep
getting this error:
Sep 15 03:35:12 pfcmd.pl(26680) INFO: Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)
Sep 15 03:35:12 pfcmd.pl(26680) WARN: We are using IPSET
(pf::ipset::iptables_generate)
Sep 15 03:35:12 pfcmd.pl(26680) INFO: flushing iptables
(pf::ipset::iptables_flush_mangle)
Sep 15 03:35:12 pfcmd.pl(26680) WARN: Problem trying to run command: LANG=C
sudo ipset --destroy called from iptables_generate. Child exited with
non-zero value 1 (pf::util::pf_run)
Sep 15 03:35:12 pfcmd.pl(26680) WARN: Problem trying to run command: LANG=C
sudo ipset --create pfsession_Unreg_137.143.34.0 bitmap:ip,mac range
137.143.34.0/24 2>&1 called from iptables_generate. Child exited with
non-zero value 1 (pf::util::pf_run)
Sep 15 03:35:12 pfcmd.pl(26680) WARN: Problem trying to run command: LANG=C
sudo ipset --create pfsession_Reg_137.143.34.0 bitmap:ip,mac range
137.143.34.0/24 2>&1 called from iptables_generate. Child exited with
non-zero value 1 (pf::util::pf_run)
Sep 15 03:35:12 pfcmd.pl(26680) WARN: Problem trying to run command: LANG=C
sudo ipset --create pfsession_Isol_137.143.34.0 bitmap:ip,mac range
137.143.34.0/24 2>&1 called from iptables_generate. Child exited with
non-zero value 1 (pf::util::pf_run)
Sep 15 03:35:12 pfcmd.pl(26680) WARN: Problem trying to run command: LANG=C
sudo ipset --create pfsession_passthrough hash:ip,port 2>&1 called from
iptables_generate. Child exited with non-zero value 1 (pf::util::pf_run)
Sep 15 03:35:12 pfcmd.pl(26680) INFO: Adding DNS DNAT rules for
unregistered and isolated inline clients.
(pf::iptables::generate_inline_rules)
Sep 15 03:35:12 pfcmd.pl(26680) INFO: Adding NAT Masquarade statement (PAT)
(pf::iptables::generate_inline_rules)
Sep 15 03:35:12 pfcmd.pl(26680) INFO: Addind ROUTED statement
(pf::iptables::generate_inline_rules)
Sep 15 03:35:12 pfcmd.pl(26680) INFO: building firewall to accept
registered users through inline interface
(pf::iptables::generate_inline_rules)
Sep 15 03:35:12 pfcmd.pl(26680) WARN: Problem trying to run command: LANG=C
sudo ipset --add pfsession_Reg_137.143.34.0 137.143.34.7,00:e0:b8:5c:8c:ff
2>&1 called from generate_mangle_rules. Child exited with non-zero value 1
(pf::util::pf_run)
Sep 15 03:35:12 pfcmd.pl(26680) WARN: Problem trying to run command: LANG=C
sudo ipset --add pfsession_Reg_137.143.34.0 137.143.34.6,52:54:00:50:c0:2a
2>&1 called from generate_mangle_rules. Child exited with non-zero value 1
(pf::util::pf_run)
Sep 15 03:35:12 pfcmd.pl(26680) WARN: Problem trying to run command: LANG=C
sudo ipset --add pfsession_Reg_137.143.34.0 137.143.34.8,c8:2a:14:28:cb:27
2>&1 called from generate_mangle_rules. Child exited with non-zero value 1
(pf::util::pf_run)
Sep 15 03:35:12 pfcmd.pl(26680) INFO: Adding Forward rules to allow
connections to the OAuth2 Providers and passthrough.
(pf::iptables::generate_passthrough_rules)
Sep 15 03:35:12 pfcmd.pl(26680) INFO: Adding NAT Masquerade statement.
(pf::iptables::generate_passthrough_rules)
Sep 15 03:35:12 pfcmd.pl(26680) INFO: restoring iptables from
/usr/local/pf/var/conf/iptables.conf (pf::iptables::iptables_restore)
So, for some reason, I can't get ipset to reload the rules. Is there a way
to force ipset to reload?
On Tue, Sep 17, 2013 at 1:16 PM, Fabrice DURAND <[email protected]> wrote:
> Hello David,
> the are 2 possibilities for passthrough.
> First dns passthrough mean that the dns resolve the fqdn with the real ip
> address and we make a hole in iptables (only work in layer 2).
> Second mod_proxy passthrough mean that the dns resolve the fqdn with the
> captive portal ip address and if the domain is in the list of passthrough
> then apache forward the request to mod_proxy.
>
> So in the 2 cases you have to set a list of domain like
> www.google.ca,www.padl.com,*.cisco.com to make it work.
>
> Regards
> Fabrice
>
> Le 2013-09-16 14:38, David Rice a écrit :
>
> I updated to packetfence-4.0.6-2 because I saw there were some fixes in
> it, but it is still not allowing Passthroughs. I am clearly doing
> something wrong, but I can't see what, so any help would be appreciated.
>
>
> On Thu, Sep 12, 2013 at 2:05 PM, David Rice <[email protected]> wrote:
>
>> I am trying to allow certain domains through to people who are not
>> registered yet, I believe you do this with Passthrough, but I can't seem to
>> get it to work. I am using packetfence-4.0.6-1, I am using an absolute url
>> to the box, I checked Passthrough and added it to the Passthroughs' field,
>> but it is not allowing DNS through for that url. Suggestions?
>>
>> --
>> David Rice
>> System Engineer
>> SUNY Potsdam
>>
>
>
>
> --
> David Rice
> System Engineer
> SUNY Potsdam
>
>
> ------------------------------------------------------------------------------
> LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
> 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
> 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
> Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13.
> http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
> Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
>
> ------------------------------------------------------------------------------
> LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
> 1,500+ hours of tutorials including VisualStudio 2012, Windows 8,
> SharePoint
> 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack
> includes
> Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13.
> http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
David Rice
System Engineer
SUNY Potsdam
------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13.
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
