I am new to PacketFence and have just started using an inline setup (version
6.3.0 running on CentOS 7).
I have an inline interface with IP 10.18.255.254/16 and management on a
different subnet 10.11.0.0/16.
Users are able to self-register fine and pass traffic etc.
We have a requirement to retain user access logs though so I have followed the
post at
https://www.mail-archive.com/[email protected]/msg06213.html
regarding enabling iptables logging.
When I modify the /usr/local/pf/conf/iptables.conf file I can no longer pass
traffic from a client. Reverting starts working fine again.
Initial contents:
### FORWARD ###
:FORWARD DROP [0:0]
:forward-internal-vlan-if - [0:0]
%%filter_forward_vlan%%
:forward-internal-inline-if - [0:0]
%%filter_forward_inline%%
:OUTPUT ACCEPT [0:0]
Modified to:
### FORWARD ###
:FORWARD DROP [0:0]
:forward-internal-vlan-if - [0:0]
%%filter_forward_vlan%%
:forward-internal-inline-if - [0:0]
%%filter_forward_inline%%
-A forward-internal-inline-if -s 10.18.X.0/16 -j LOG --log-prefix
"[packetfilter] "
:OUTPUT ACCEPT [0:0]
Have I added it correctly or should it go somewhere else or has something
changed since the original post?
Many thanks.
Seth.
------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
