I realize the 169.254 addresses are link=local addresses that are assigned
from the /etc/networks file? Could these be causing issues. Does anyone
else have these addresses with their working packetfence? Also, my routed
networks do not show up in my routing table, but do show up in my routing
table of my debian install.
Also, could someone look at my iptables? They differ a bit from my
production install:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp
echo-request
ACCEPT all -- anywhere base-address.mcast.net/8
ACCEPT vrrp -- anywhere anywhere
input-internal-vlan-if all -- anywhere
packetfence.mydomain.org
input-internal-vlan-if all -- anywhere 255.255.255.255
ACCEPT all -- anywhere base-address.mcast.net/8
ACCEPT vrrp -- anywhere anywhere
input-internal-isol_vlan-if all -- anywhere
packetfence.mydomain.org
input-internal-isol_vlan-if all -- anywhere 255.255.255.255
ACCEPT all -- anywhere base-address.mcast.net/8
ACCEPT vrrp -- anywhere anywhere
input-radius-if all -- anywhere anywhere
input-management-if all -- anywhere anywhere
Should the packetfence.mydomain.org address be the vlans address instead of
the dns name of the server? That is what it is set as on my workig
production install.
Thanks for any help you can provide. I've been working on fixing this issue
for hours now...
On Tue, Feb 6, 2018 at 4:28 PM, Chris Abel <[email protected]>
wrote:
> Hello all,
>
> I have a working packetfence install, but I would like to upgrade to the
> latest version of packetfence. rather then upgrade my current production
> server, I am installing a new packetfence server with the latest version.
> Both of these packetfence servers exists as virtual machines on the same
> host.
>
> I've created my vlan interfaces on the new pf server, but I am not able to
> ping the interface from machines outside of that vlan/subnet. I am able to
> ping the interface on my production pf server without any issues. It looks
> like the way I have it set up on my production server is that any traffic
> that comes to the vlan interfaces is sent back through the default
> interface... For example, If I ping the eth0.200 interface from a machine
> outside of the 200 vlan, the icmp reply is sent back through the pf
> server's eth0 interface. This works fine and I would like to set that up
> with my new server. The only thing I can think of it the way centos is
> managing vlan interfaces. My production pf server is on Debian and my new
> pf server is CentOS.
>
> Here is my routing table on the new pf server:
>
> 0.0.0.0 10.128.0.1 0.0.0.0 UG 0 0 0
> eth0
>
> 10.128.0.0 0.0.0.0 255.255.252.0 U 0 0 0
> eth0
>
> 10.128.22.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth0.50
>
> 10.128.100.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth0.200
>
> 10.128.101.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth0.201
>
> 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0
> eth0
>
> 169.254.0.0 0.0.0.0 255.255.0.0 U 1012 0 0
> eth0.200
>
> 169.254.0.0 0.0.0.0 255.255.0.0 U 1013 0 0
> eth0.201
>
> 169.254.0.0 0.0.0.0 255.255.0.0 U 1014 0 0
> eth0.50
>
>
> Not sure what that 169.254.0.0 network is...
>
> ip_forward is also turned on:
>
> # cat /proc/sys/net/ipv4/ip_forward
> 1
>
> Has anyone had any issues with this on new pf installs running on CentOS?
> I realize this may be more of a centos/networking question, but figured
> someone from pf must have ran into this issue before. Thanks for any help
> you can provide.
>
> --
> Chris Abel
> Systems and Network Administrator
> Wildwood Programs
> 2995 Curry Road Extension
> Schenectady, NY 12303
> 518-836-2341 <(518)%20836-2341>
>
--
Chris Abel
Systems and Network Administrator
Wildwood Programs
2995 Curry Road Extension
Schenectady, NY 12303
518-836-2341
--
IMPORTANT NOTICE: This message and any attachments are solely for the
intended recipient and may contain confidential information, which is, or
may be, legally privileged or otherwise protected by law from further
disclosure. If you are not the intended recipient, any disclosure, copying,
use, or distribution of the information included in this email and any
attachments is prohibited. If you have received this communication in
error, please notify the sender by reply email and immediately and
permanently delete this email and any attachments.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
