Hum ok, it will not be so simple since we use the iptable mangle to 'tag' packetfence and forward or not forward to pfdns. In order to make it work you probably have to remove the iptables mark (ipset.pm iptables.pm) and detect in pfdns if the device is reg or not. Nothing really complicate but you must know perl.
If you want i am available on packetfence irc channel https://packetfence.org/support/index.html on work hours (Montréal time) Regards Fabrice Le 2016-07-14 19:20, [email protected] a écrit : > Hello Fabrice, > > Aside from our captive portal "hack" we are using a pure inline setup. > The PF server has two network interfaces. One goes to an AP and the > other to the Internet gateway. There is no external DHCP server and we > use the DNS server of our Internet provider. > > Already registered users are checked against a RADIUS source. When new > user get registered CP adds them to the RADIUS DB. Our CP uses JsonAPI > of the PF's webservice and a patched api.pm to register or update nodes. > > Best regards, > Till > > > On 15.07.2016 00:36, Durand fabrice wrote: >> Hello Till, >> >> can you describe a little bit the setup, are you using out of band or >> inline ? >> >> Regards >> Fabrice >> >> >> Le 2016-07-14 17:34, [email protected] a écrit : >>> Hi Antoine, >>> >>> could you give me a hint where in the code / in which PM the trapping >>> and decision what DNS configuration to use takes place? >>> >>> Thanks, >>> Till >>> >>> On 14.07.2016 16:09, [email protected] wrote: >>>> Hello Antoine, >>>> >>>> thank you for your reply. >>>> >>>> Our client has several locations using Packetfence, and he wanted a >>>> centralized server for CP with a customizable CMS. So we are using >>>> mod_proxy directive in captive-portal-common.tt to forward requests to >>>> this centralized CP. >>>> >>>> We already tested the pass through configuration which works fine. But >>>> sadly it is not really an option for because this implies that there is >>>> always access to Facebook, Google, Twitter etc. >>>> Sadly, most of the login screens of these social networks use the >>>> www.xxx.com domain name and also refer to a lot of external resources >>>> for JS, images etc. Because of this it is not possible to disable access >>>> to Facebook for example in general, but allow access to the login screen >>>> of facebook. This only could be done with firewall rules on the protocol >>>> / HTTP level. >>>> >>>> So we decided to give the users temporary access to the Internet when >>>> they decide to get verified by social networks. >>>> >>>> I wonder if pfdns and trapping mechanism could be configured to sent the >>>> right local IP address for CP name resolution and forwards all other >>>> requests to the external DNS. >>>> >>>> Thanks, >>>> Till >>>> >>>> >>>> >>>> On 14.07.2016 15:11, Antoine Amacher wrote: >>>>> Hello Till, >>>>> >>>>> I am not sure how your authentication by social media is working but why >>>>> not use OAuth2 sources? >>>>> >>>>> You could also add any domains you want to authorize to the pass through >>>>> list, in this way people will be in the registration VLAN with access to >>>>> authorized sites. If you need sites to enable for your social media >>>>> access, you can check in the OAuth sources, each have a predefined list. >>>>> >>>>> Thanks >>>>> >>>>> On 07/14/2016 12:03 AM, [email protected] wrote: >>>>>> Hi there, >>>>>> >>>>>> We wrote our own captive portal, which allows the user to get verified >>>>>> by social networks. For this reason we give him temporary access first >>>>>> so he can reach the social network login pages. >>>>>> >>>>>> But now we have the problem that he can not be directed back to the >>>>>> captive portal as long as he as the temporary Internet access. The >>>>>> reason is that DNS resolution of captive portal (i.e. PF server) does >>>>>> not work anymore. >>>>>> >>>>>> Because we are using a public DNS server, we can not add the captive >>>>>> portal IP (which is a local one in the LAN) to this DNS. >>>>>> >>>>>> Is there a way to tell Packetfence to continue trapping and resolving >>>>>> DNS requests of the captive portal's name, as long as we grant temporary >>>>>> Internet access to the user? >>>>>> This would solve our problem. >>>>>> >>>>>> Or is there another way to resolve the PF name without using a local DNS? >>>>>> >>>>>> Best regards, >>>>>> Till >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> What NetFlow Analyzer can do for you? Monitors network bandwidth and >>>>>> traffic >>>>>> patterns at an interface-level. Reveals which users, apps, and protocols >>>>>> are >>>>>> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >>>>>> J-Flow, sFlow and other flows. Make informed decisions using capacity >>>>>> planning >>>>>> reports.http://sdm.link/zohodev2dev >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> [email protected] >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> ------------------------------------------------------------------------------ >>>> What NetFlow Analyzer can do for you? Monitors network bandwidth and >>>> traffic >>>> patterns at an interface-level. Reveals which users, apps, and protocols >>>> are >>>> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >>>> J-Flow, sFlow and other flows. Make informed decisions using capacity >>>> planning >>>> reports.http://sdm.link/zohodev2dev >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> ------------------------------------------------------------------------------ >>> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >>> patterns at an interface-level. Reveals which users, apps, and protocols are >>> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >>> J-Flow, sFlow and other flows. Make informed decisions using capacity >>> planning >>> reports.http://sdm.link/zohodev2dev >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> ------------------------------------------------------------------------------ >> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >> patterns at an interface-level. Reveals which users, apps, and protocols are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning >> reports.http://sdm.link/zohodev2dev >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity planning > reports.http://sdm.link/zohodev2dev > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
