Re: [PacketFence-users] General question about inline and guest

Derek Wuelfrath Fri, 16 May 2014 09:27:46 -0700

Forget about it,

I’m running through my ML queue and just saw that you actually made a second 
post…


Sorry about that… -_-

Derek

--
Derek Wuelfrath
[email protected] :: www.inverse.ca
+1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

On May 16, 2014, at 11:53 AM, Derek Wuelfrath <[email protected]> wrote:

> Hey Alex,
> 
> What is the output of the following command:
> 
> cat /proc/sys/net/ipv4/ip_forward
> 
> Thanks
> 
> Cheers!
> dw.
> 
> --
> Derek Wuelfrath
> [email protected] :: www.inverse.ca
> +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
> (www.packetfence.org)
> 
> On May 13, 2014, at 12:38 PM, Alexandre Torti <[email protected]> wrote:
> 
>> Hi all
>> 
>> I successfully configured my switches to put nodes in correct VLAN.
>> I want to use packetfence to act as gateway (and if possible proxy) for 
>> guest internet access.
>> Packetfence should not allow access to other VLAN.
>> 
>> I setup from web interface the guest interface. 
>> Then to reach internet, I added a routed network but I'm certainly missing 
>> something here.
>> Here is my conf/networks.conf after configuration from the web interface / 
>> guest VLAN 2471 with ip range 1.1.1.0/24.
>> My main LAN is 192.168.1.0  and internet gateway + dns are on 192.168.1.2
>> 
>> [1.1.1.0]
>> dns=192.168.1.2
>> dhcp_start=1.1.1.10
>> gateway=1.1.1.1
>> domain-name=inline.mydomain.com
>> named=enabled
>> dhcp_max_lease_time=10800
>> dhcpd=enabled
>> type=inline
>> netmask=255.255.255.0
>> dhcp_end=1.1.1.246
>> dhcp_default_lease_time=3600
>> 
>> [1.1.1.0]
>> dns=1.1.1.1
>> next_hop=192.168.1.2
>> gateway=1.1.1.1
>> dhcp_start=1.1.1.10
>> domain-name=vlan-isolation.mydomain.com
>> named=enabled
>> dhcp_max_lease_time=10800
>> dhcpd=enabled
>> netmask=255.255.255.0
>> type=vlan-isolation
>> dhcp_end=1.1.1.249
>> dhcp_default_lease_time=3600
>> 
>> 
>> My interfaces are as this:
>> 
>> ifconfig
>> # this is common LAN, with no VLAN
>> eth0      Link encap:Ethernet  HWaddr 00:00:11:00:00:25
>>           inet addr:192.168.1.5  Bcast:192.168.255.255  Mask:255.255.0.0
>>           inet6 addr: fe80::250:56ff:fe8b:225/64 Scope:Link
>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>           RX packets:47140193 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:1354061 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:1000
>>           RX bytes:5090343365 (4.7 GiB)  TX bytes:155680972 (148.4 MiB)
>> 
>> # this is isolation VLAN
>> eth0.2466 Link encap:Ethernet  HWaddr 00:00:11:00:00:25
>>           inet addr:1.0.0.1  Bcast:1.0.0.255  Mask:255.255.255.0
>>           inet6 addr: fe80::250:56ff:fe8b:225/64 Scope:Link
>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:0 (0.0 b)  TX bytes:636 (636.0 b)
>> 
>> # this is Mac registration VLAN
>> eth0.2469 Link encap:Ethernet  HWaddr 00:00:11:00:00:25
>>           inet addr:1.0.1.1  Bcast:1.0.1.255  Mask:255.255.255.0
>>           inet6 addr: fe80::250:56ff:fe8b:225/64 Scope:Link
>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:0 (0.0 b)  TX bytes:636 (636.0 b)
>> 
>> # this is registration VLAN
>> eth0.2470 Link encap:Ethernet  HWaddr 00:00:11:00:00:25
>>           inet addr:1.2.3.1  Bcast:1.2.3.255  Mask:255.255.255.0
>>           inet6 addr: fe80::250:56ff:fe8b:225/64 Scope:Link
>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>           RX packets:535029 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:403762 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:45946585 (43.8 MiB)  TX bytes:53511808 (51.0 MiB)
>> 
>> # this is guest VLAN
>> eth0.2471 Link encap:Ethernet  HWaddr 00:00:11:00:00:25
>>           inet addr:1.1.1.1  Bcast:1.1.1.255  Mask:255.255.255.0
>>           inet6 addr: fe80::250:56ff:fe8b:225/64 Scope:Link
>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>           RX packets:109102 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:2277 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:6162904 (5.8 MiB)  TX bytes:346791 (338.6 KiB)
>> 
>> 
>> 
>> With a registered user, with guest role, I am put on guest VLAN, I receive 
>> IP address 1.1.1.10, and the gateway is PF (1.1.1.1).
>> But no packet is forwarded by PF. I started to look at iptables.conf, but as 
>> user is registered, I though it should work as this.
>> Do you see where I go wrong ?
>> 
>> Thanks for your help
>> 
>> Alexandre
>> ------------------------------------------------------------------------------
>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>> Instantly run your Selenium tests across 300+ browser/OS combos.
>> Get unparalleled scalability from the best Selenium testing platform 
>> available
>> Simple to use. Nothing to install. Get started now for free."
>> http://p.sf.net/sfu/SauceLabs_______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> 
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.
> Get unparalleled scalability from the best Selenium testing platform available
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] General question about inline and guest

Reply via email to