Hello Fabrice,
I have figured out what it was. The iptables settings were fine - the
problem was that the tagged VLAN traffic was not travellingcorrectly. Once
I fixed that on the Cisco switch side the problem was fixed.
Thanks again for all your help.
Cheers,
Boris.
On Jan 24, 2015 10:50 AM, "Durand fabrice" <[email protected]> wrote:
> Hello Boris,
>
> very strange, by default ssh is available :
>
> https://github.com/inverse-inc/packetfence/blob/devel/conf/iptables.conf.example#L16
>
> Can you post the rsult of iptables -L -n -v
>
> Regards
> Fabrice
>
>
> Le 2015-01-24 10:33, Boris Epstein a écrit :
> > Hello Fabrice,
> >
> > Thanks a lot for your response.
> >
> > This makes sense. So then why is it that I can only use ping, it seems,
> > when it comes to reaching this PF server even on the management
> interface.
> > Even SSH is not available!
> >
> > This just seems really weird - and impractical, too. I wonder where I go
> to
> > fix that.
> >
> > Cheers,
> >
> > Boris.
> >
> >
> > On Fri, Jan 23, 2015 at 7:53 PM, Durand fabrice <[email protected]>
> wrote:
> >
> >> Hello Boris,
> >>
> >> packetfence manage iptables on each interfaces that have been declared
> >> in pf.conf.
> >>
> >> So check the file /usr/local/pf/conf/iptables.conf which is the template
> >> to build the file /usr/local/pf/var/conf/iptables.conf and you can see
> >> what port are allowed.
> >>
> >> Btw the management interface is use to:
> >> - manage packetfence
> >> - receive snmptrap
> >> - receive radius request ....
> >> Registration/Isolation interface are only use to deal with the devices
> >> (portal,dhcp,dns).
> >>
> >> Regards
> >> Fabrice
> >>
> >>
> >> Le 2015-01-23 19:26, Boris Epstein a écrit :
> >>> Actually, I was too fast to say this is resolved. The PF seems to
> totally
> >>> block most traffic - even the SSH. Makes it a little difficult to
> >>> administer.
> >>>
> >>> Anybody know why that may be?
> >>>
> >>> Thanks.
> >>>
> >>> Boris.
> >>>
> >>>
> >>> On Fri, Jan 23, 2015 at 10:26 AM, Boris Epstein <[email protected]>
> >>> wrote:
> >>>
> >>>> OK, I think I fixed the issue by assigning the correct IP address to
> the
> >>>> management interface.
> >>>>
> >>>> Boris.
> >>>>
> >>>> On Thu, Jan 22, 2015 at 6:47 PM, Boris Epstein <[email protected]>
> >>>> wrote:
> >>>>
> >>>>> Hello all,
> >>>>>
> >>>>> It looks like my PF server does not allow any traffic in that comes
> >> from
> >>>>> outside of the VLAN's defined on it. And that seems to be a problem
> as
> >> it
> >>>>> needs to get SNMP traffic (at the very least) from the switches
> >> located at
> >>>>> remote sites and not part of any local VLAN.
> >>>>>
> >>>>> Is that how things are supposed to be? Is there a way to overcome it?
> >> Am
> >>>>> I doing something wrong (the most likely scenario)?
> >>>>>
> >>>>> Thanks.
> >>>>>
> >>>>> Boris.
> >>>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>>
> >>
> ------------------------------------------------------------------------------
> >>> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> >>> GigeNET is offering a free month of service with a new server in
> Ashburn.
> >>> Choose from 2 high performing configs, both with 100TB of bandwidth.
> >>> Higher redundancy.Lower latency.Increased capacity.Completely
> compliant.
> >>> http://p.sf.net/sfu/gigenet
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> PacketFence-users mailing list
> >>> [email protected]
> >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> >>>
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> >> GigeNET is offering a free month of service with a new server in
> Ashburn.
> >> Choose from 2 high performing configs, both with 100TB of bandwidth.
> >> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> >> http://p.sf.net/sfu/gigenet
> >> _______________________________________________
> >> PacketFence-users mailing list
> >> [email protected]
> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> >>
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> > GigeNET is offering a free month of service with a new server in Ashburn.
> > Choose from 2 high performing configs, both with 100TB of bandwidth.
> > Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> > http://p.sf.net/sfu/gigenet
> >
> >
> >
> > _______________________________________________
> > PacketFence-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/packetfence-users
> >
>
>
> ------------------------------------------------------------------------------
> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in Ashburn.
> Choose from 2 high performing configs, both with 100TB of bandwidth.
> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> http://p.sf.net/sfu/gigenet
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
