The file is attached below. As for tcpdump, I see multiple [R.] when I ask for the status page.
<snip> [general] # # general.domain # # Domain name of PacketFence system. domain=resnet.uwp.edu # # general.dnsservers # # Comma-delimited list of DNS servers. Passthroughs are created to allow queries to these servers from even "trapped" nodes. dnsservers=*.*.*.* # # general.dhcpservers # # Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP transactions from even "trapped" nodes. dhcpservers=131.210.92.1 # # general.timezone # # System's timezone in string format. Supported list: # http://www.php.net/manual/en/timezones.php timezone=America/Chicago [trapping] # # trapping.range # # Comma-delimited list of address ranges/CIDR blocks that Snort/Suricata will monitor/detect/trap on. Gateway, network, and # broadcast addresses are ignored. range=131.210.88.0/21 # # trapping.passthrough # # When enabled, pfdns will resolve the real IP addresses of passthroughs and add them in the ipset session to give access # to trapped devices. DonĀ“t forget to enable ip_forward on your server. passthrough=enabled # # trapping.passthroughs # # Comma-delimited list of domains to be used as HTTP and HTTPS passthroughs to web sites. # passthroughs=libguides.uwp.edu,*.copyright.com,*.wistia.com [registration] # # registration.device_registration # # Enable or Disable the ability to register a gaming device using the specific portal page designed to do it device_registration=enabled [guests_admin_registration] # # guests_admin_registration.access_duration_choices # # These are all the choices offered in the guest management interface as # possible access duration values for a given registration. access_duration_choices=1h,3h,12h,1D,2D,3D,5D,5DF+1D,7DF+1D,30DF+1D # # guests_admin_registration.default_access_duration # # This is the default access duration value selected in the dropdown on the # guest management interface. default_access_duration=30D [alerting] # # alerting.emailaddr # # Email address to which notifications of rogue DHCP servers, violations with an action of "email", or any other # PacketFence-related message goes to. [email protected] [database] # # database.pass # # Password for the mysql database used by PacketFence. pass=DB---PASS [expire] # # expire.node # # Time before a node is removed due to inactivity. # A value of 0D disables expiration. # example: # node=90D node=10D # # expire.iplog # # Time which you would like to keep logs on IP/MAC information. # A value of 0D disables expiration. # example: # iplog=180D iplog=180D # # expire.traplog # # Time which you would like to keep logs on trap information. # A value of 0D disables expiration. # example: # traplog=180D traplog=60D # # expire.locationlog # # Time which you would like to keep logs on location information # Please note that this table should not become too big since it # could degrade pfsetvlan performance. # A value of 0D disables expiration. # example: # locationlog=180D locationlog=180D [services] # # services.snort # # Should snort be managed by PacketFence? snort=disabled # # services.suricata # # Should suricata be managed by PacketFence? suricata=disabled # # services.radiusd # # Should radiusd be managed by PacketFence? radiusd=disabled # # services.pfsetvlan # # Should pfsetvlan be managed by PacketFence? pfsetvlan=enabled # # services.snmptrapd # # Should snmptrapd be managed by PacketFence? snmptrapd=enabled [captive_portal] # # captive_portal.network_detection_ip # # This IP is used as the webserver who hosts the common/network-access-detection.gif which is used to detect if network # access was enabled. # It cannot be a domain name since it is used in registration or quarantine where DNS is blackholed. # It is recommended that you allow your users to reach your packetfence server and put your LAN's PacketFence IP. # By default we will make this reach PacketFence's website as an easy solution. # network_detection_ip=131.210.92.1 [interface eth0] ip=131.210.201.21 type=management mask=255.255.255.0 [interface eth1] enforcement=inlinel2 ip=131.210.92.1 type=internal mask=255.255.248.0 </snip> -- Gregory A. Thomas IT Manager, Student Life University of Wisconsin-Parkside [email protected]</owa/redir.aspx?C=PJoLX1MXo0SU0MLM7GrPmwxJzaMkdtAIgi4jkK-AXpCwJ307G0bt2lvFPw4WGoqQ06Tt1qwrKAA.&URL=mailto%3athomasg%40uwp.edu> 262.595.2432 From: Louis Munro [mailto:[email protected]] Sent: Thursday, August 13, 2015 8:56 AM To: [email protected] Subject: Re: [PacketFence-users] Status and Gaming Ok, Then please post your pf.conf file. Also, don't bother with nmap if you have root on the server itself. Just ask your kernel what processes are running on what port: netst at -tnlp (for tcp) and -unlp (for udp). Then run tcpdump and check to see if your requests are going to the correct IP and port. If they are, check to see if they get a reply. If there are no reply at all and you don't see a tcp handshake, then that points to a firewall dropping the packets (probably, routing is another possible source of this problem). If you see a reply, check to see what it is. Do you see packets marked with an [R.] (for reset)? Regards, -- Louis Munro [email protected]<mailto:[email protected]> :: www.inverse.ca<http://www.inverse.ca> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and PacketFence (www.packetfence.org<http://www.packetfence.org>) On Aug 12, 2015, at 17:42 , Thomas, Gregory A <[email protected]<mailto:[email protected]>> wrote: Now I need to add to this. I can get to the status and gaming-reg pages from the internal address space on in the internal address (eth1, Inline Layer 2 which also has the portal daemon). I should also mention that this is a complete Inline setup. -- Gregory A. Thomas IT Manager, Student Life University of Wisconsin-Parkside [email protected]<x-msg://94/owa/redir.aspx?C=PJoLX1MXo0SU0MLM7GrPmwxJzaMkdtAIgi4jkK-AXpCwJ307G0bt2lvFPw4WGoqQ06Tt1qwrKAA.&URL=mailto%3athomasg%40uwp.edu> 262.595.2432 From: Thomas, Gregory A [mailto:[email protected]] Sent: Wednesday, August 12, 2015 4:14 PM To: [email protected]<mailto:[email protected]> Subject: Re: [PacketFence-users] Status and Gaming Under the Interfaces in the GUI, for the management IP/eth0 it has portal listed as a daemon. Another strange thing is from nmap: ----- Starting Nmap 5.51 ( http://nmap.org<http://nmap.org/> ) at 2015-08-12 15:57 CDT Nmap scan report for packetfence.****.**.** (xxx.xxx.xxx.xx) Host is up (0.00043s latency). Not shown: 989 filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp closed http 443/tcp closed https 1443/tcp open ies-lm 1812/tcp closed radius 2004/tcp open mailbox 3306/tcp open mysql 7002/tcp open afs3-prserver 7070/tcp open realserver 9000/tcp open cslistener 9090/tcp open zeus-admin Nmap done: 1 IP address (1 host up) scanned in 5.04 seconds ----- This is with the default iptables.conf file and with iptables running. Like I said, when I stop the iptable service, 80 and 443 are open but still get connection refused errors -- Gregory A. Thomas IT Manager, Student Life University of Wisconsin-Parkside [email protected]<x-msg://94/owa/redir.aspx?C=PJoLX1MXo0SU0MLM7GrPmwxJzaMkdtAIgi4jkK-AXpCwJ307G0bt2lvFPw4WGoqQ06Tt1qwrKAA.&URL=mailto%3athomasg%40uwp.edu> 262.595.2432 From: Louis Munro [mailto:[email protected]] Sent: Wednesday, August 12, 2015 4:05 PM To: [email protected]<mailto:[email protected]> Subject: Re: [PacketFence-users] Status and Gaming Make sure the portal is running on the port and ip where you are connecting to. Check with netstat. If they are not, try adding the "portal" type to the management interface in conf/pf.conf. Then do a pfcmd configreload hard and restart the portal. -- Louis Munro [email protected]<mailto:[email protected]> :: www.inverse.ca<http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu/>) and PacketFence (www.packetfence.org<http://www.packetfence.org/>) On Aug 12, 2015, at 16:48 , Thomas, Gregory A <[email protected]<mailto:[email protected]>> wrote: On my fresh installs of 5.3.1, I can not get to /status or /gaming-registration. I have checked the gaming registration box on the Admin GUI. With the error of err_connection_refused I thought there might have been something with the firewall, so I stop that service, tried again, same error. I have compared my 4.7 install to my 5.3 and they look the same but there has to be something that I am missing. Any help would be great. -- Gregory A. Thomas IT Manager, Student Life University of Wisconsin-Parkside [email protected]<x-msg://92/owa/redir.aspx?C=PJoLX1MXo0SU0MLM7GrPmwxJzaMkdtAIgi4jkK-AXpCwJ307G0bt2lvFPw4WGoqQ06Tt1qwrKAA.&URL=mailto%3athomasg%40uwp.edu> 262.595.2432 ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
