Hello Till, can you describe a little bit the setup, are you using out of band or inline ?
Regards Fabrice Le 2016-07-14 17:34, [email protected] a écrit : > Hi Antoine, > > could you give me a hint where in the code / in which PM the trapping > and decision what DNS configuration to use takes place? > > Thanks, > Till > > On 14.07.2016 16:09, [email protected] wrote: >> Hello Antoine, >> >> thank you for your reply. >> >> Our client has several locations using Packetfence, and he wanted a >> centralized server for CP with a customizable CMS. So we are using >> mod_proxy directive in captive-portal-common.tt to forward requests to >> this centralized CP. >> >> We already tested the pass through configuration which works fine. But >> sadly it is not really an option for because this implies that there is >> always access to Facebook, Google, Twitter etc. >> Sadly, most of the login screens of these social networks use the >> www.xxx.com domain name and also refer to a lot of external resources >> for JS, images etc. Because of this it is not possible to disable access >> to Facebook for example in general, but allow access to the login screen >> of facebook. This only could be done with firewall rules on the protocol >> / HTTP level. >> >> So we decided to give the users temporary access to the Internet when >> they decide to get verified by social networks. >> >> I wonder if pfdns and trapping mechanism could be configured to sent the >> right local IP address for CP name resolution and forwards all other >> requests to the external DNS. >> >> Thanks, >> Till >> >> >> >> On 14.07.2016 15:11, Antoine Amacher wrote: >>> Hello Till, >>> >>> I am not sure how your authentication by social media is working but why >>> not use OAuth2 sources? >>> >>> You could also add any domains you want to authorize to the pass through >>> list, in this way people will be in the registration VLAN with access to >>> authorized sites. If you need sites to enable for your social media >>> access, you can check in the OAuth sources, each have a predefined list. >>> >>> Thanks >>> >>> On 07/14/2016 12:03 AM, [email protected] wrote: >>>> Hi there, >>>> >>>> We wrote our own captive portal, which allows the user to get verified >>>> by social networks. For this reason we give him temporary access first >>>> so he can reach the social network login pages. >>>> >>>> But now we have the problem that he can not be directed back to the >>>> captive portal as long as he as the temporary Internet access. The >>>> reason is that DNS resolution of captive portal (i.e. PF server) does >>>> not work anymore. >>>> >>>> Because we are using a public DNS server, we can not add the captive >>>> portal IP (which is a local one in the LAN) to this DNS. >>>> >>>> Is there a way to tell Packetfence to continue trapping and resolving >>>> DNS requests of the captive portal's name, as long as we grant temporary >>>> Internet access to the user? >>>> This would solve our problem. >>>> >>>> Or is there another way to resolve the PF name without using a local DNS? >>>> >>>> Best regards, >>>> Till >>>> >>>> ------------------------------------------------------------------------------ >>>> What NetFlow Analyzer can do for you? Monitors network bandwidth and >>>> traffic >>>> patterns at an interface-level. Reveals which users, apps, and protocols >>>> are >>>> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >>>> J-Flow, sFlow and other flows. Make informed decisions using capacity >>>> planning >>>> reports.http://sdm.link/zohodev2dev >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> ------------------------------------------------------------------------------ >> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >> patterns at an interface-level. Reveals which users, apps, and protocols are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning >> reports.http://sdm.link/zohodev2dev >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity planning > reports.http://sdm.link/zohodev2dev > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
