Sorry, I hit the Send button before finishing the post... Pasting the original post: Hello, packetfence users.
I'm trying to set up a packet fence system, and right now, I'm beginning to wonder if I'm doing things right. I attached a small picture of my network, I hope the mailing list robot will accept it.
My LAN network use the 192.168.0.0/24 subnet. There is various servers and end users computers. I want to set up a packetfence system on the 192.168.100.0/24 subnet to provide Internet for customers and retailers. Customers are NOT allowed on the 192.168.100.0/24 subnet.
But packetfence must NOT handle anything on the 192.168.0.0/24 subnet. It must only care about the 192.168.100.0/24 subnet. At start, I got some messages about rogue dhcp (reminds me rogue robots on Wall-E ;)) 192.168.0.101 which is perfectly genuine. On Web Interface, under Main/General section, I added 192.168.0.101 as dhcp server. I now have 192.168.0.101 and 192.168.100.254 as dhcp servers. But on the 192.168.0.0/24 subnet, some windows computers didn't get any DHCP reply when asking for an IP. I shut down the packetfence server, and then it worked right now. On the FAQ, I found this: http://www.packetfence.org/support/faqs/article/i-want-to-manage-only-some-ports-on-a-switch-but-not-all-the-ports-how-can-i-do-that.html?no_cache=1&cHash=d74c632f6ea3d0fb8532bd1a8d376f19 But it needs VLAN switch and I don't have one. The whole packetfence configuration is inline.
So packetfence tries to take care of the 192.168.0.0/24 subnet but I don't want to, I don't know how to set it up right.
The second problem occurs when using the 192.168.100.0/24 subnet: packetfence take over to display a login page but provide a FQDN URL.
How to change it to a IP address, 192.168.100.254 for instance?In fact, if I can set up packetfence to use the 192.168.100.254 resolver, I can set up a local zone to use a FQDN on the 192.168.100.0/24, but if I don't set up the 192.168.0.101 DNS, domain name resolution didn't work.
And I get this warning, which may be related:WARNING - networks.conf 192.168.0.0 gateway (192.168.0.253) is not bound to an internal interface.
You will find relevant (or so I think) configuration files in attachment and the actual network
Many thanks in advance. -- Guillaume ESTIVAL ___________________ CREATIVE EURECOM 39, Bd de la Romanerie 49124 St BARTHELEMY D'ANJOU t : 02 41 73 18 18 f : 02 41 73 07 33
<<attachment: packetfence.png>>
[Node Manager] actions=NODES_READ,NODES_CREATE,NODES_UPDATE,NODES_DELETE description=Nodes management [User Manager] actions=USERS_READ,USERS_DELETE,USERS_UPDATE,USERS_CREATE description=Users management [Violation Manager] description=Violations managements actions=VIOLATIONS_READ,VIOLATIONS_CREATE,VIOLATIONS_UPDATE,VIOLATIONS_DELETE,USERS_READ,NODES_READ
[192.168.100.0]
dns=192.168.0.254
dhcp_start=192.168.100.10
gateway=192.168.100.254
domain-name=inline.{redacted}
named=enabled
dhcp_max_lease_time=86400
dhcpd=enabled
type=inline
netmask=255.255.255.0
dhcp_end=192.168.100.246
dhcp_default_lease_time=86400
[192.168.0.0]
dns=192.168.0.101
dhcp_start=192.168.0.120
gateway=192.168.0.253
domain-name=inline.{redacted}
named=enabled
dhcp_max_lease_time=86400
dhcpd=enabled
type=inline
netmask=255.255.255.0
dhcp_end=192.168.0.200
dhcp_default_lease_time=86400
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain={redacted}
#
# general.hostname
#
# Hostname of PacketFence system. This is concatenated with the domain in
Apache rewriting rules and therefore must be resolvable by clients.
hostname=egroupware
#
# general.dhcpservers
#
# Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP
transactions from even "trapped" nodes.
dhcpservers=192.168.100.254,192.168.0.101
[trapping]
#
# trapping.passthrough
#
range=192.168.100.0/24
#
# trapping.passthroughs
#
# Comma-delimited list of domains to be used as HTTP and HTTPS passthroughs to
web sites.
#
passthroughs=*.{redacted}
[alerting]
#
# alerting.emailaddr
#
# Email address to which notifications of rogue DHCP servers, violations with
an action of "email", or any other
# PacketFence-related message goes to.
emailaddr={redacted}
[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence.
pass={redacted}
[services]
#
# services.dhcpd
#
# Should DHCPd be managed by PacketFence?
dhcpd=disabled
[captive_portal]
#
# captive_portal.network_detection_ip
#
# This IP is used as the webserver who hosts the
common/network-access-detection.gif which is used to detect if network
# access was enabled.
# It cannot be a domain name since it is used in registration or quarantine
where DNS is blackholed.
# It is recommended that you allow your users to reach your packetfence server
and put your LAN's PacketFence IP.
# By default we will make this reach PacketFence's website as an easy solution.
#
network_detection_ip=192.168.100.254
#
# captive_portal.secure_redirect
#
# If secure_redirect is enabled, the captive portal uses HTTPS when redirecting
# captured clients. This is the default behavior.
secure_redirect=disabled
[interface eth0]
ip=192.168.0.253
type=management
mask=255.255.255.0
enforcement=inline
[interface eth2]
ip=192.168.100.254
enforcement=inline
#ip=192.168.100.254
type=internal
mask=255.255.255.0
------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
