OK perfect,
when i will be back from vacation i will check why you have an issue
with Redhat's IPA (if you have logs).
To be more precise let's suppose that the configuration of eth1 is the
following:
ip : 192.168.1.1
mask: 255.255.255.0
and the dhcp server provide something like that on this network:
ip start 192.168.1.10
ip end: 192.168.1.254
mask: 255.255.255.0
gateway: 192.168.1.1
dns: 8.8.8.8
eth0:
ip: 10.0.0.1
mask 255.255.255.0
default GW: 10.0.0.254
So eth1 is the inline layer 2 interface, so if you plug a device in the
inline network you should be able to have an ip address (192.168.1.10)
from packetfence server and if you try to go on internet you will see
the captive portal (192.168.1.1).
On the pf side you will probably hit the default portal profile.(check
in packetfence.log file)
If this works then the next step will be to configure a new portal
profile (configuration -> Portal Profile) :
Name : Inline_test
Filter: network: 192.168.1.0/24
Authentication sources: Local (Local mean the local database: ie user tab)
Also you can add more auth type , change the logo ...
Save
Then now retry to hit the portal and now you will probably hit the
inline_test one (check packetfence.log).
Other option if you have an Active Directory then you are able to
configure it (Configuration -> Sources -> AD) and add it to the source
list of the inline_test portal to use it.
To debug:
Inline use ipset/iptables to allow or deny access to a device, so you
can check the status of a device in ipset by ipset -L (reg/isol session)
Also check that ip_forward has been enabled (it's a must have if you use
NAT).
And check the iptables rules (managed by packetfence).
Hope it will help
Regards
Fabrice
Le 2015-03-25 17:26, Steven Jones a écrit :
Hi,
Yes Selinux was disabled. Packetfence and especially the web ui would not work
on RHEl6.6 so I have installed it on Debian 7.0.8 where it works fine. The
web ui on Debian works fine and the default default gateway was no issue where
in RHEl6.6 the web ui would not accept it. It is possible Redhat's IPA is not
compatible with packetfence and/or it is something else, I do not know but
that's behind me now as on Debian it works.
What I am trying to understand next is the complex web ui and to configure it
for inline mode and later vlan. I actually do not know what to do next.
eth1 is the wifi packetfence will manage and eth0 is the wired ethernet into
our system that has the default route.
regards
Steven
________________________________
From: Durand fabrice <[email protected]>
Sent: Thursday, 26 March 2015 10:13 a.m.
To: [email protected]
Subject: Re: [PacketFence-users] inline manual / cli setip guide by example.
Hi Steven,
without more information i can't help you.
Can you give me information of what you are doing in the configurator (step by
step)
Also:
- the network you want to use for mgmt and for inline ?
- the pf.conf and networks.conf files.
- the result of ip addr and ip route
- the result of cat /proc/sys/net/ipv4/ip_forward
Also did you disabled selinux/apparmor ?
The last thing, you talk about changing the default gateway, the default one is
suppose to be the system defaultone so if you change it you probably break the
default route.
Regards
Fabrice
Le 2015-03-25 16:07, Steven Jones a écrit :
Hi,
it is only simple to do if you know the system, so far i am guessing on
multiple pages as there is no explanation, no process to follow. Sadly there
isnt anything of use on youtube or via google so far either.
Reading through copious posts on different sites its pretty clear others as
well as myself are finding the documentation is severely lacking. In fact
about all I can say is its close to the poorest I have seen.
regards
Steven
________________________________
From: Durand fabrice <[email protected]><mailto:[email protected]>
Sent: Tuesday, 24 March 2015 11:00 a.m.
To:
[email protected]<mailto:[email protected]>
Subject: Re: [PacketFence-users] inline manual / cli setip guide by example.
Hi Steven,
Inline setup is really simple to do.
In packetfence define a management interface and an inline interface
(Type:inline layer 2, DNS:8.8.8.8).
Also don't forget to enable ip_forward.
Now connect a laptop in the inline network and if you are unreg then you will
hit the portal. If your device is reg then packetfence will act as a gateway
and your traffic will use mgmt ip address to reach internet.
http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Administration_Guide-4.7.0.pdf
Regards
Fabrice
Le 2015-03-23 17:21, Steven Jones a écrit :
Hi,
Does anyone have a nice simple config howto via command line to set up packet
fence in inline mode?
I have eth0 as the default network and eth1 as the wifi network I want to
control/limit.
The web ui is simply un-usuable without more documentation explaining the
options so I need some manual configuration guide(s).
thanks
regards
Steven J
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]><mailto:[email protected]><mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
