Hello Alex, in fact it´s simple, define your production server in the dhcp scope of the inline network (networks.conf)
When you are unreg then the dns traffic is forwarded to 1.1.1.1 and you hit the captive portal and have to register and when you are reg then packetfence allow you to pass through iptables (ipset -L) and the dns traffic hit the production dns server. For transparent proxy you can play with iptables.conf to add your own custom rules. Regards Fabrice Le 2014-05-14 12:20, Alex a écrit : > Hi > > first sorry for last post, it got queued to thread > http://article.gmane.org/gmane.comp.networking.packetfence.user/7814 by > mistake. > > Second, I'd like to rephrase my problematic with a simpler presentation: > > My setup: > with ZEN 4.1, VLAN enforcement is working. The guest VLAN has for now no > other network equipment to allow any connectivity so I wanted to use > packetfence as a dhcp + dns + gateway to access internet only, and block > other VLANs. PF should forward of packets to our main gateway only > (192.168.1.2) and not other servers (eg: 192.168.1.100). > > This guest VLAN already has a working DHCP from PF, and provides guests > nodes this configuration: > Ethernet adapter Local Area Connection: > Connection-specific DNS Suffix . : inline.mydomain.com > IPv4 Address. . . . . . . . . . . : 1.1.1.10 > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : 1.1.1.1 > Also gives DNS server: 1.1.1.1 > > I enables sysctl -w net.ipv4.ip_forward=1 > > My questions are: > A-How can I get DNS queries forwarded from 1.1.1.1 eth0.2471 to our main > DNS server ? > > Documentation says, when a user in the inline VLAN is registered, PF > allows this user to go through iptables.(page 87, Access Control). > B-How can we tweak what is allowed or not ? > > C-Can I install a transparent proxy for this VLAN on packetfence without > messing with other services, and is there any example of people doing so ? > > Thanks > > Alex > > ------------------------------------------------------------------------------ > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE > Instantly run your Selenium tests across 300+ browser/OS combos. > Get unparalleled scalability from the best Selenium testing platform available > Simple to use. Nothing to install. Get started now for free." > http://p.sf.net/sfu/SauceLabs > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
