Ok so the issue is because your management interface is not the same as
the routing interface.
You have to enable nat on the interface ens33 too. (conf/iptables.conf)
Le 2018-04-18 à 09:17, Xav Tauran via PacketFence-users a écrit :
> And my interface management is ens33.20. VLAN 20 is the management's VLAN
> PacketFence run on a virtual machine on Centos 7, and I configured on
> this virtual machine, only one interface : ens33.
>
>
> see below :
>
> [root@localhost ~]# sysctl net.ipv4.ip_forward
> net.ipv4.ip_forward = 1
>
> [root@localhost ~]# ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 <http://127.0.0.1/8> scope host lo
> valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP qlen 1000
> link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
> inet 192.168.2.200/24 <http://192.168.2.200/24> brd 192.168.2.255
> scope global ens33
> valid_lft forever preferred_lft forever
> inet6 fe80::20c:29ff:fe1f:777/64 scope link
> valid_lft forever preferred_lft forever
> 3: ens33.20@ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UP qlen 1000
> link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
> inet 192.168.20.200/24 <http://192.168.20.200/24> brd
> 192.168.20.255 scope global ens33.20
> valid_lft forever preferred_lft forever
> inet6 fe80::20c:29ff:fe1f:777/64 scope link
> valid_lft forever preferred_lft forever
> 4: ens33.30@ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UP qlen 1000
> link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
> inet 192.168.30.200/24 <http://192.168.30.200/24> brd
> 192.168.30.255 scope global ens33.30
> valid_lft forever preferred_lft forever
> inet6 fe80::20c:29ff:fe1f:777/64 scope link
> valid_lft forever preferred_lft forever
> 5: ens33.40@ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UP qlen 1000
> link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
> inet 192.168.40.200/24 <http://192.168.40.200/24> brd
> 192.168.40.255 scope global ens33.40
> valid_lft forever preferred_lft forever
> inet6 fe80::20c:29ff:fe1f:777/64 scope link
> valid_lft forever preferred_lft forever
> 6: ens33.50@ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UP qlen 1000
> link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
> inet 192.168.50.200/24 <http://192.168.50.200/24> brd
> 192.168.50.255 scope global ens33.50
> valid_lft forever preferred_lft forever
> inet6 fe80::20c:29ff:fe1f:777/64 scope link
> valid_lft forever preferred_lft forever
> 7: ens33.60@ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UP qlen 1000
> link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
> inet 192.168.60.200/24 <http://192.168.60.200/24> brd
> 192.168.60.255 scope global ens33.60
> valid_lft forever preferred_lft forever
> inet6 fe80::20c:29ff:fe1f:777/64 scope link
> valid_lft forever preferred_lft forever
> 8: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
> state DOWN qlen 1000
> link/ether 52:54:00:10:65:62 brd ff:ff:ff:ff:ff:ff
> inet 192.168.122.1/24 <http://192.168.122.1/24> brd
> 192.168.122.255 scope global virbr0
> valid_lft forever preferred_lft forever
> 9: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master
> virbr0 state DOWN qlen 1000
> link/ether 52:54:00:10:65:62 brd ff:ff:ff:ff:ff:ff
> 22: S2008-b@if23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UP qlen 1000
> link/ether 62:66:fe:c4:60:6c brd ff:ff:ff:ff:ff:ff link-netnsid 0
> inet 169.254.0.2/30 <http://169.254.0.2/30> brd 169.254.0.3 scope
> global S2008-b
> valid_lft forever preferred_lft forever
> inet6 fe80::6066:feff:fec4:606c/64 scope link
> valid_lft forever preferred_lft forever
>
>
> [root@localhost ~]# ping 192.168.6.200
> PING 192.168.6.200 (192.168.6.200) 56(84) bytes of data.
> 64 bytes from 192.168.6.200 <http://192.168.6.200>: icmp_seq=1 ttl=128
> time=1.60 ms
> 64 bytes from 192.168.6.200 <http://192.168.6.200>: icmp_seq=2 ttl=128
> time=0.535 ms
> 64 bytes from 192.168.6.200 <http://192.168.6.200>: icmp_seq=3 ttl=128
> time=1.17 ms
> 64 bytes from 192.168.6.200 <http://192.168.6.200>: icmp_seq=4 ttl=128
> time=0.739 ms
> ^C
> --- 192.168.6.200 ping statistics ---
> 4 packets transmitted, 4 received, 0% packet loss, time 3006ms
> rtt min/avg/max/mdev = 0.535/1.013/1.604/0.412 ms
> [root@localhost ~]#
>
> S2008 is the name of my Active Directory. This Active Directory is on
> a virtual machine (working on Windows Server 2008).
>
> Thank you for your help.
>
> Regards,
>
> Xavier
>
>
> 2018-04-18 14:38 GMT+02:00 Fabrice Durand via PacketFence-users
> <packetfence-users@lists.sourceforge.net
> <mailto:packetfence-users@lists.sourceforge.net>>:
>
> Ok so do you have ipv4_forward enabled (sysctl net.ipv4.ip_forward).
>
> Can you paste : ip a
>
> Does the dns 192.168.6.200 answer ?
>
> What is S2008 ?
>
>
> Le 2018-04-18 à 08:33, Xav Tauran via PacketFence-users a écrit :
>> Hello Fabrice,
>>
>> Thank you for your answer !
>> Yes I mean join PacketFence to my domain.
>>
>> See below the result :
>> [root@localhost ~]# ip route get 192.168.6.200
>> 192.168.6.200 via 192.168.2.254 dev ens33 src 192.168.2.200
>> cache
>> [root@localhost ~]#
>>
>> Regards,
>>
>> Xavier
>>
>>
>> 2018-04-18 14:17 GMT+02:00 Fabrice Durand via PacketFence-users
>> <packetfence-users@lists.sourceforge.net
>> <mailto:packetfence-users@lists.sourceforge.net>>:
>>
>> Hello Xav,
>>
>> When you say bind , you mean join PacketFence to the domain ?
>>
>> Also what is your management interface and what is returned
>> by : ip route get 192.168.6.200
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>> Le 2018-04-18 à 03:39, Xav Tauran via PacketFence-users a écrit :
>>> Hello,
>>>
>>> I made a mock-up to set up Packet Fence for a company. In
>>> attached, you will find a drawing to my mock-up with the
>>> differents subnets, and VLAN configured on Packet Fence. I
>>> use a Stomrshield Firewall, and a Cisco Switch which run on
>>> GNS3.
>>> My Active Directory Server is on the subnet 192.168.6.0/24
>>> <http://192.168.6.0/24> and Packet Fence, installed on a
>>> virtual machine's Centos 7 (run under VMWARE), is on the
>>> subnet 192.168.2.0/24 <http://192.168.2.0/24>.
>>> Every devices may to reach with a ping.
>>> My problem is when I want to bind Packet Fence to my Active
>>> Directory from the graphic interface. I have the same
>>> problem that this person, who has already posted a message
>>> on the support. (check
>>> on https://sourceforge.net/p/packetfence/mailman/message/36009451/
>>> <https://sourceforge.net/p/packetfence/mailman/message/36009451/>)
>>> But the solution that the person give her, doesn't work for
>>> me... However I follow
>>> the instructions that this person gave him
>>>
>>> Can you help me please? :) I will give you, all the
>>> informations that you need !
>>>
>>> Ps : Sorry for my english i'm French
>>>
>>> Thank you.
>>>
>>> Kind regards,
>>>
>>> Xavier TAURAN
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>
>>>
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> <mailto:PacketFence-users@lists.sourceforge.net>
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>
>> --
>> Fabrice Durand
>> fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918
>> (x135) :: www.inverse.ca <http://www.inverse.ca>
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
>> PacketFence (http://packetfence.org)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> <mailto:PacketFence-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> <mailto:PacketFence-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>
> --
> Fabrice Durand
> fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
> :: www.inverse.ca <http://www.inverse.ca>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> <mailto:PacketFence-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
