Hi Fabrice,
I changed the type of the vlan to registration but still not working.
[192.168.27.0]
dns=192.168.27.1
dhcp_start=192.168.27.10
gateway=192.168.27.1
domain-name=vlan-registration.mydomain.com
named=enabled
dhcp_max_lease_time=30
dhcpd=enabled
type=vlan-registration
netmask=255.255.255.0
dhcp_end=192.168.27.246
dhcp_default_lease_time=30
I also copied the code (if ( ($qname =~ /$OAUTH::ALLO....) from regzone
sub to isolzone. Also not working. Any idea? Thanks.
On Thu, Apr 10, 2014 at 2:09 PM, Fabrice DURAND <[email protected]> wrote:
> Hi,
>
> Passthrough is only working in the reg vlan, not isolation.
>
> Take a look at pfdns code and in the isolzone sub copy the part of the
> code you have in the regzone sub. (if ( ($qname =~ /$OAUTH::ALLO....)
>
>
> Regards
> Fabrice
>
>
>
> Le 2014-04-10 14:01, forbmsyn a écrit :
>
> Hi,
>
> When a device was put into a isolation vlan after being scanned by
> Nessus, I want it to be able to access some specific websites. for example
> www.google.com.
>
>
> First I have www.google.com configured as passthrough.
>
> Below is the config from pf.conf
> passthrough=enabled
> #
> # trapping.passthroughs
> #
> # Comma-delimited list of domains to be used as HTTP and HTTPS
> passthroughs to web sites.
> #
> passthroughs=www.google.com
>
>
> Below is the config of the isolation vlan:
> network.conf
> [192.168.27.0]
> dns=192.168.27.1
> dhcp_start=192.168.27.10
> gateway=192.168.27.2
> domain-name=vlan-isolation.mydomain.com
> named=enabled
> dhcp_max_lease_time=30
> dhcpd=enabled
> type=vlan-isolation
> netmask=255.255.255.0
> dhcp_end=192.168.27.246
> dhcp_default_lease_time=30
>
>
> I also have ip_forward enabled on the PF server.
> [root@vmpf conf]# cat /proc/sys/net/ipv4/ip_forward
> 1
>
>
> Below is the nslookup output from the Client machine which register with
> PF. www.google.com is still pointed to the PF interface.
> c:\>nslookup
> Derfault Server: Unknown
> Address: 192.168.27.1
>
> > www.google.com
> Server: Unknown
> Address: 192.168.27.1
>
> Name: www.google.com.vlan-isolation.mydomain.com
> Address: 192.168.27.1
>
> > www.yahoo.com
> Server: Unknown
> Address: 192.168.27.1
>
> Name: www.yahoo.com.vlan-isolation.mydomain.com
> Address: 192.168.27.1
>
>
> Any idea what else I should change to make it work? Thanks.
>
>
>
>
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment
> Start a new project now. Try Jenkins in the
> cloud.http://p.sf.net/sfu/13600_Cloudbees
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
> Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
>
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment
> Start a new project now. Try Jenkins in the cloud.
> http://p.sf.net/sfu/13600_Cloudbees
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
