Ip forwarding was enabled in the sysctl.conf file and I did find the device in
a set. Please see below output
[root@PacketFence-6_4_0 ~]# more /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
#
# Use '/sbin/sysctl -a' to list all possible parameters.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
[root@PacketFence-6_4_0 logs]# ipset -L
Name: portal_deny
Type: hash:ip
Header: family inet hashsize 1024 maxelem 65536 timeout 300
Size in memory: 16504
References: 2
Members:
Name: parking
Type: hash:ip
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16504
References: 2
Members:
…..
…
…
Name: pfsession_Reg_192.168.2.0
Type: bitmap:ip,mac
Header: range 192.168.2.0-192.168.2.255
Size in memory: 4208
References: 1
Members:
192.168.2.11,CC:08:8D:C3:CB:3C
….
..
..
[root@PacketFence-6_4_0 logs]#
> On Jan 31, 2017, at 11:49 AM, Fabrice Durand <[email protected]
> <mailto:[email protected]>> wrote:
>
> Hello Yasir,
>
> can you do an ipset -L and see if your device appear in a set ?
>
> Also did you enabled ip_forward on your setup ?
>
> Regards
>
> Fabrice
>
>
>
> Le 2017-01-31 à 11:26, Yasir McCarroll a écrit :
>> So far I managed to install the ova appliance in virtualbox, setup
>> interfaces, DB etc. After successfully registering a guest via the captive
>> portal using inline mode the client is never redirected past the portal. A
>> message appears after registration stating PF is enabling the network but
>> after a minute a second message appears stating network has failed advising
>> me wait for a while then refresh the browser.
>>
>> Although wireshark packet captures shows two way traffic between the
>> following hosts
>>
>> The inline interface IP (192.168.1.2 )<> SMTP Server (68.17.178.213.203) -
>> (never completes full tcp-three-way-handshake)
>> The registering guest iPhone 7 (192.168.1.10) <> inverse server
>> (192.95.20.194) - (never completes full tcp-three-way-handshake)
>> The inline interface IP (192.168.1.2 ) <> inverse server (192.95.20.194) -
>> (never completes full tcp-three-way-handshake)
>> The inline interface IP (192.168.1.2 ) <> The registering guest iPhone 7
>> (192.168.1.10) - (completes TCP handshake no issues found)
>>
>>
>> Reviewing the packetfence.log file shows violation 1300003 which I assume to
>> be a bug as I have parking disabled (threshold set to 0).
>>
>>
>> Jan 30 14:29:56 httpd.portal(2791) INFO: [mac:cc:08:8d:c3:cb:3c] Static
>> User-Agent lookup data initialized (pf::useragent::_init)
>> Jan 30 14:29:58 httpd.portal(2791) INFO: [mac:unknown] Instantiate profile
>> default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:29:58 httpd.portal(2791) INFO: [mac:cc:08:8d:c3:cb:3c] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:29:58 httpd.portal(2791) INFO: [mac:cc:08:8d:c3:cb:3c] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:30:02 httpd.portal(2792) INFO: [mac:unknown] Instantiate profile
>> default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:30:02 httpd.portal(2792) INFO: [mac:cc:08:8d:c3:cb:3c] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:30:02 httpd.portal(2792) INFO: [mac:cc:08:8d:c3:cb:3c] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:30:09 httpd.portal(2791) INFO: [mac:unknown] Instantiate profile
>> default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:30:09 httpd.portal(2791) INFO: [mac:cc:08:8d:c3:cb:3c] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:30:09 httpd.portal(2791) INFO: [mac:cc:08:8d:c3:cb:3c] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:30:10 httpd.portal(2790) INFO: [mac:unknown] Instantiate profile
>> default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:30:10 httpd.portal(2790) INFO: [mac:cc:08:8d:c3:cb:3c] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:30:10 httpd.portal(2790) INFO: [mac:cc:08:8d:c3:cb:3c] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:30:48 httpd.portal(2790) INFO: [mac:unknown] Instantiate profile
>> default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:30:48 httpd.portal(2790) INFO: [mac:cc:08:8d:c3:cb:3c] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:30:48 httpd.portal(2790) INFO: [mac:cc:08:8d:c3:cb:3c] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:30:48 httpd.portal(2790) INFO: [mac:cc:08:8d:c3:cb:3c] person
>> [email protected] <mailto:[email protected]> added
>> (pf::person::person_add)
>> Jan 30 14:30:48 httpd.portal(2790) WARN: [mac:cc:08:8d:c3:cb:3c] modify of
>> non-existent person [email protected]
>> <mailto:[email protected]> attempted - person added
>> (pf::person::person_modify)
>> Jan 30 14:30:48 httpd.portal(2790) INFO: [mac:cc:08:8d:c3:cb:3c] new
>> activation code successfully generated (pf::activation::create)
>> Jan 30 14:30:49 httpd.portal(2790) INFO: [mac:cc:08:8d:c3:cb:3c] Email sent
>> to [email protected] <mailto:[email protected]> (yaslabpf:
>> Email activation required) (pf::activation::__ANON__)
>> Jan 30 14:30:49 httpd.portal(2790) INFO: [mac:cc:08:8d:c3:cb:3c] User
>> [email protected] <mailto:[email protected]> has authenticated
>> on the portal. (Class::MOP::Class:::after)
>> Jan 30 14:30:49 httpd.portal(2790) INFO: [mac:cc:08:8d:c3:cb:3c] User
>> [email protected] <mailto:[email protected]> has authenticated
>> on the portal. (Class::MOP::Class:::after)
>> Jan 30 14:30:49 httpd.portal(2790) WARN: [mac:cc:08:8d:c3:cb:3c] Calling
>> match with empty/invalid rule class. Defaulting to 'authentication'
>> (pf::authentication::match)
>> Jan 30 14:30:49 httpd.portal(2790) INFO: [mac:cc:08:8d:c3:cb:3c] Using
>> sources email for matching (pf::authentication::match)
>> Jan 30 14:30:49 httpd.portal(2790) INFO: [mac:cc:08:8d:c3:cb:3c] Matched
>> rule (catchall) in source email, returning actions.
>> (pf::Authentication::Source::match)
>> Jan 30 14:30:49 httpd.portal(2790) INFO: [mac:cc:08:8d:c3:cb:3c] User
>> [email protected] <mailto:[email protected]> has authenticated
>> on the portal. (Class::MOP::Class:::after)
>> Jan 30 14:30:49 httpd.portal(2790) WARN: [mac:cc:08:8d:c3:cb:3c] Calling
>> match with empty/invalid rule class. Defaulting to 'authentication'
>> (pf::authentication::match)
>> Jan 30 14:30:49 httpd.portal(2790) INFO: [mac:cc:08:8d:c3:cb:3c] Using
>> sources email for matching (pf::authentication::match)
>> Jan 30 14:30:49 httpd.portal(2790) INFO: [mac:cc:08:8d:c3:cb:3c] Matched
>> rule (catchall) in source email, returning actions.
>> (pf::Authentication::Source::match)
>> Jan 30 14:30:49 httpd.portal(2790) INFO: [mac:cc:08:8d:c3:cb:3c] User
>> [email protected] <mailto:[email protected]> has authenticated
>> on the portal. (Class::MOP::Class:::after)
>> Jan 30 14:30:49 httpd.portal(2790) INFO: [mac:cc:08:8d:c3:cb:3c] User
>> [email protected] <mailto:[email protected]> has authenticated
>> on the portal. (Class::MOP::Class:::after)
>> Jan 30 14:30:49 httpd.portal(2790) INFO: [mac:cc:08:8d:c3:cb:3c] violation
>> 1300003 force-closed for cc:08:8d:c3:cb:3c
>> (pf::violation::violation_force_close)
>> Jan 30 14:30:49 httpd.portal(2790) INFO: [mac:cc:08:8d:c3:cb:3c] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:30:49 httpd.portal(2794) INFO: [mac:unknown] Instantiate profile
>> default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:30:49 httpd.portal(2794) INFO: [mac:cc:08:8d:c3:cb:3c] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:30:49 httpd.portal(2794) INFO: [mac:cc:08:8d:c3:cb:3c] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:30:50 httpd.portal(2794) INFO: [mac:cc:08:8d:c3:cb:3c] Releasing
>> device (captiveportal::PacketFence::DynamicRouting::Module::Root::release)
>> Jan 30 14:30:50 httpd.portal(2794) INFO: [mac:cc:08:8d:c3:cb:3c] User
>> default has authenticated on the portal. (Class::MOP::Class:::after)
>> Jan 30 14:30:50 httpd.portal(2794) INFO: [mac:cc:08:8d:c3:cb:3c] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 30 14:30:50 httpd.portal(2794) INFO: [mac:cc:08:8d:c3:cb:3c]
>> re-evaluating access (manage_register called)
>> (pf::enforcement::reevaluate_access)
>> Jan 30 14:30:50 httpd.webservices(2803) INFO: [mac:cc:08:8d:c3:cb:3c] stated
>> changed, adapting firewall rules for proper enforcement
>> (pf::inline::performInlineEnforcement)
>>
>>
>>
>> Can someone please advise if a patch exist for this condition?
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org <http://slashdot.org/>!
>> http://sdm.link/slashdot <http://sdm.link/slashdot>
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> <mailto:[email protected]>
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>
> --
> Fabrice Durand
> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x135) ::
> www.inverse.ca <http://www.inverse.ca/>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu
> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org
> <http://packetfence.org/>)
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org <http://slashdot.org/>!
> http://sdm.link/slashdot <http://sdm.link/slashdot>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> <mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
