Hello Guillaume,
There is no management interface defined in your setup.
So in pf.conf, add a interface like:
[interface eth1]
ip=192.168.1.1
type=management
mask=255.255.255.0
Regards
Fabrice
ps: it´s perl not python ;-)
Le 2014-01-20 05:21, Estival Guillaume a écrit :
> Hello, packetfence users
>
> I'm trying to set up a packetfence system, I messed up the config file
> and the service didn't start anymore. Please excuse me for my bad
> English, this is not my native language.
>
> The plan is to use packet fence as a captive portal for external
> customers. Nothing fancy like AD configuration, pf will manage his own
> users database and such.
> The basic configuration went pretty smoothly (using the web based UI)
> and, although I didn't get things straight, I managed to get a
> pass-through with IP address, but the dns didn't work. On the web based
> UI, I can't change the Trapping network for whatever reason, so I
> thought the best was to use the text based configuration.
> I saw this on the pf.conf.default file:
>
> ______________
> [trapping]
> #
> # trapping.range
> #
> # Comma-delimited list of address ranges/CIDR blocks that PacketFence
> will monitor/detect/trap on. Gateway, network, and
> # broadcast addresses are ignored.
> range=192.168.0.0/24
> ______________
>
> the network is wrong, I want to use 192.168.100.0/24 network only.
>
> So I changed the pf.conf file:
>
> _____________
> [general]
> #
> # general.domain
> #
> # Domain name of PacketFence system.
> domain={redacted}
> #
> # general.hostname
> #
> # Hostname of PacketFence system. This is concatenated with the domain
> in Apache rewriting rules and therefore must be resolvable by clients.
> hostname=egroupware
> #
> # general.dhcpservers
> #
> # Comma-delimited list of DHCP servers. Passthroughs are created to
> allow DHCP transactions from even "trapped" nodes.
> dhcpservers=192.168.100.254
>
> [trapping]
>
> range=192.168.100.0/24
> #
> # trapping.passthrough
> #
> # When enabled, pfdns will resolve the real IP addresses of passthroughs
> and add them in the ipset session to give access
> # to trapped devices. Don´t forget to enable ip_forward on your server.
> passthrough=enabled
>
> #
> # trapping.passthroughs
> #
> # Comma-delimited list of domains to be used as HTTP and HTTPS
> passthroughs to web sites.
> #
> passthroughs=*.{redacted}
>
> [alerting]
> #
> # alerting.emailaddr
> #
> # Email address to which notifications of rogue DHCP servers, violations
> with an action of "email", or any other
> # PacketFence-related message goes to.
> emailaddr={redacted}
>
> [database]
> #
> # database.pass
> #
> # Password for the mysql database used by PacketFence.
> pass={redacted}
>
> [interface eth0]
> ip=192.168.0.253
> type=internal
> mask=255.255.255.0
> enforcement=inline
>
> [interface eth2]
> ip=192.168.100.254
> enforcement=inline
> type=internal
> mask=255.255.255.0
> _____________
>
> Then the problem occurred:
> service|command
> Can't call method "tag" on an undefined value at
> /usr/local/pf/lib/pf/iptables.pm line 193.
>
> So I thought that the range= directive was misplaced or something, I
> removed it. The service can't start either.
> AFAIK, I didn't change any other file.
>
> I saw a few related error on the Internet, but it was old pf versions
> and not the iptables.pm file.
> The line 193 of the /usr/local/pf/lib/pf/iptables.pm seems to seek an
> "ip" directive:
> my $mgmt_ip = $management_network->tag("ip");
> So I thought I was deleted an ip= line during the edit but I didn't
> change this part of the file.
> I'm not familiar enough with python to be able to understand what's
> going on here.
>
> I'm quite puzzled at this point, the error_log is empty and the
> packetfence.log didn't help either:
> Jan 20 11:04:56 pfcmd.pl(13829) INFO: saving current iptables to
> var/iptables.bak (main::startService)
> Jan 20 11:04:56 pfcmd.pl(13829) INFO: Instantiate a new iptables
> modification method. pf::ipset (pf::inline::get_technique)
> Jan 20 11:04:56 pfcmd.pl(13829) INFO: saving existing iptables to
> /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save)
> Jan 20 11:04:56 pfcmd.pl(13829) WARN: We are using IPSET
> (pf::ipset::iptables_generate)
> Jan 20 11:04:56 pfcmd.pl(13829) INFO: flushing iptables
> (pf::ipset::iptables_flush_mangle)
>
> (this is only the latest service start try)
>
> If anyone have any clue to explain where I messed up the configuration
> file, I will be quite grateful ;)
>
> Thanks in advance.
>
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
