I'm trying to set up pf in inline-only mode for guest Internet access at our company. I have it set up like this:
Guest LAN (10.x.x.x) | | | eth1 (inline) +=====+ | pf |eth2------Internet (default gateway) +=====+ | eth0 (mgmt.) | | Corporate LAN (172.x.x.x) Currently pf detects all the nodes on our corporate LAN, and there are a lot. But they have their own way of accessing the Internet, so those nodes just clutter up pf. How can I configure PacketFence to not detect nodes on the Management interface? The only thing I need the management interface for is configuration. I've tried disabling the DHCP listener altogether (pfdhcplistener=disabled in [services]) but it still runs anyway. I've also tried modifying iptables.conf, commenting out the lines that accept 67/udp and 67/tcp on the management interface. Are the nodes being picked up from other broadcasts or ARP? Is there any way of keeping these nodes out of PacketFence? Thanks! -- Dan ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
