Dear Fabrice, Sorry for my late answer.
Thank you very much for offering your help and giving me this information. I appreciate this very much. I just started looking into the code. Perl isn't an issue, luckily... I did a lot of perl scripting in the late 90s. But iptables / ipset techniques could be an issue. I understand the basic principles of firewalling and NAT using iptables. But that is it... Well, we will see. Best regards, Till On 15.07.2016 02:27, Durand fabrice wrote: > Hum ok, > it will not be so simple since we use the iptable mangle to 'tag' > packetfence and forward or not forward to pfdns. > In order to make it work you probably have to remove the iptables mark > (ipset.pm iptables.pm) and detect in pfdns if the device is reg or not. > Nothing really complicate but you must know perl. > > If you want i am available on packetfence irc channel > https://packetfence.org/support/index.html on work hours (Montréal time) > > Regards > Fabrice > > > > Le 2016-07-14 19:20, [email protected] a écrit : >> Hello Fabrice, >> >> Aside from our captive portal "hack" we are using a pure inline setup. >> The PF server has two network interfaces. One goes to an AP and the >> other to the Internet gateway. There is no external DHCP server and we >> use the DNS server of our Internet provider. >> >> Already registered users are checked against a RADIUS source. When new >> user get registered CP adds them to the RADIUS DB. Our CP uses JsonAPI >> of the PF's webservice and a patched api.pm to register or update nodes. >> >> Best regards, >> Till >> >> >> On 15.07.2016 00:36, Durand fabrice wrote: >>> Hello Till, >>> >>> can you describe a little bit the setup, are you using out of band or >>> inline ? >>> >>> Regards >>> Fabrice >>> >>> >>> Le 2016-07-14 17:34, [email protected] a écrit : >>>> Hi Antoine, >>>> >>>> could you give me a hint where in the code / in which PM the trapping >>>> and decision what DNS configuration to use takes place? >>>> >>>> Thanks, >>>> Till >>>> >>>> On 14.07.2016 16:09, [email protected] wrote: >>>>> Hello Antoine, >>>>> >>>>> thank you for your reply. >>>>> >>>>> Our client has several locations using Packetfence, and he wanted a >>>>> centralized server for CP with a customizable CMS. So we are using >>>>> mod_proxy directive in captive-portal-common.tt to forward requests to >>>>> this centralized CP. >>>>> >>>>> We already tested the pass through configuration which works fine. But >>>>> sadly it is not really an option for because this implies that there is >>>>> always access to Facebook, Google, Twitter etc. >>>>> Sadly, most of the login screens of these social networks use the >>>>> www.xxx.com domain name and also refer to a lot of external resources >>>>> for JS, images etc. Because of this it is not possible to disable access >>>>> to Facebook for example in general, but allow access to the login screen >>>>> of facebook. This only could be done with firewall rules on the protocol >>>>> / HTTP level. >>>>> >>>>> So we decided to give the users temporary access to the Internet when >>>>> they decide to get verified by social networks. >>>>> >>>>> I wonder if pfdns and trapping mechanism could be configured to sent the >>>>> right local IP address for CP name resolution and forwards all other >>>>> requests to the external DNS. >>>>> >>>>> Thanks, >>>>> Till >>>>> >>>>> >>>>> >>>>> On 14.07.2016 15:11, Antoine Amacher wrote: >>>>>> Hello Till, >>>>>> >>>>>> I am not sure how your authentication by social media is working but why >>>>>> not use OAuth2 sources? >>>>>> >>>>>> You could also add any domains you want to authorize to the pass through >>>>>> list, in this way people will be in the registration VLAN with access to >>>>>> authorized sites. If you need sites to enable for your social media >>>>>> access, you can check in the OAuth sources, each have a predefined list. >>>>>> >>>>>> Thanks >>>>>> >>>>>> On 07/14/2016 12:03 AM, [email protected] wrote: >>>>>>> Hi there, >>>>>>> >>>>>>> We wrote our own captive portal, which allows the user to get verified >>>>>>> by social networks. For this reason we give him temporary access first >>>>>>> so he can reach the social network login pages. >>>>>>> >>>>>>> But now we have the problem that he can not be directed back to the >>>>>>> captive portal as long as he as the temporary Internet access. The >>>>>>> reason is that DNS resolution of captive portal (i.e. PF server) does >>>>>>> not work anymore. >>>>>>> >>>>>>> Because we are using a public DNS server, we can not add the captive >>>>>>> portal IP (which is a local one in the LAN) to this DNS. >>>>>>> >>>>>>> Is there a way to tell Packetfence to continue trapping and resolving >>>>>>> DNS requests of the captive portal's name, as long as we grant temporary >>>>>>> Internet access to the user? >>>>>>> This would solve our problem. >>>>>>> >>>>>>> Or is there another way to resolve the PF name without using a local >>>>>>> DNS? >>>>>>> >>>>>>> Best regards, >>>>>>> Till >>>>>>> >>>>>>> ------------------------------------------------------------------------------ >>>>>>> What NetFlow Analyzer can do for you? Monitors network bandwidth and >>>>>>> traffic >>>>>>> patterns at an interface-level. Reveals which users, apps, and >>>>>>> protocols are >>>>>>> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >>>>>>> J-Flow, sFlow and other flows. Make informed decisions using capacity >>>>>>> planning >>>>>>> reports.http://sdm.link/zohodev2dev >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> [email protected] >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> ------------------------------------------------------------------------------ >>>>> What NetFlow Analyzer can do for you? Monitors network bandwidth and >>>>> traffic >>>>> patterns at an interface-level. Reveals which users, apps, and protocols >>>>> are >>>>> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >>>>> J-Flow, sFlow and other flows. Make informed decisions using capacity >>>>> planning >>>>> reports.http://sdm.link/zohodev2dev >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> ------------------------------------------------------------------------------ >>>> What NetFlow Analyzer can do for you? Monitors network bandwidth and >>>> traffic >>>> patterns at an interface-level. Reveals which users, apps, and protocols >>>> are >>>> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >>>> J-Flow, sFlow and other flows. Make informed decisions using capacity >>>> planning >>>> reports.http://sdm.link/zohodev2dev >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> ------------------------------------------------------------------------------ >>> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >>> patterns at an interface-level. Reveals which users, apps, and protocols are >>> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >>> J-Flow, sFlow and other flows. Make informed decisions using capacity >>> planning >>> reports.http://sdm.link/zohodev2dev >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> ------------------------------------------------------------------------------ >> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >> patterns at an interface-level. Reveals which users, apps, and protocols are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning >> reports.http://sdm.link/zohodev2dev >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity planning > reports.http://sdm.link/zohodev2dev > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
