Hello Alain,
is it suppose to be on the inline interface ?
Also is supposed to be available for the registered user ? (the rules in
red DROP if registered)
ACCEPT tcp -- anywhere anywhere tcp
dpt:domain mark match 0x3
ACCEPT udp -- anywhere anywhere udp
dpt:domain mark match 0x3
ACCEPT tcp -- anywhere anywhere tcp
dpt:domain mark match 0x2
ACCEPT udp -- anywhere anywhere udp
dpt:domain mark match 0x2
DROP tcp -- anywhere anywhere tcp dpt:domain mark
match 0x1
DROP udp -- anywhere anywhere udp dpt:domain mark
match 0x1
Regards
Fabrice
Le 19-10-02 à 07 h 54, Alain Defrance a écrit :
Hi,
i've restart my iptables,
i can see the two authorized port with iptables -L but my client can't
access the website with this port...
how can i log the "denied access" from iptables ?
regards
Alain
powerclientcsf 2443/tcp
dls-monitor 2048/tcp
Chain input-internal-inline-if (2 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:domain mark
match 0x3
ACCEPT udp -- anywhere anywhere udp dpt:domain mark
match 0x3
ACCEPT tcp -- anywhere anywhere tcp dpt:domain mark
match 0x2
ACCEPT udp -- anywhere anywhere udp dpt:domain mark
match 0x2
DROP tcp -- anywhere anywhere tcp dpt:domain mark
match 0x1
DROP udp -- anywhere anywhere udp dpt:domain mark
match 0x1
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:dls-monitor
ACCEPT tcp -- anywhere anywhere tcp dpt:powerclientcsf
*Alain Defrance*
Chef de service des systèmes d'informations
01 47 03 89 11
[email protected]
------------------------------------------------------------------------
*De: *"packetfence-users" <[email protected]>
*À: *"packetfence-users" <[email protected]>
*Cc: *"Fabrice Durand" <[email protected]>
*Envoyé: *Mardi 24 Septembre 2019 12:34:19
*Objet: *Re: [PacketFence-users] authorized ports
Hello Alain,
you can go ahead and restart iptables service, there is no impact.
systemctl restart packetfence-iptables
Regards
Fabrice
Le 19-09-24 à 05 h 35, Alain Defrance via PacketFence-users a écrit :
Hi Martijn
not yet because the server packetfence is in product.. i'm afraid
to block users...
*Alain Defrance*
Chef de service des systèmes d'informations
01 47 03 89 11
[email protected]
------------------------------------------------------------------------
*De: *"Martijn Langendoen" <[email protected]>
*À: *"packetfence-users" <[email protected]>
*Cc: *"Alain Defrance" <[email protected]>
*Envoyé: *Mardi 24 Septembre 2019 09:40:15
*Objet: *RE: authorized ports
Hi,
Did you restart the restart the iptables service?
http://www.dezb.nl/content/dam/zeeland/zeeuwse/bestanden/logo-zb-email.jpg
http://www.dezb.nl/content/dam/zeeland/zeeuwse/bestanden/email-onderbreking.jpg
*Martijn Langendoen*
Network Administrator
Storage Administrator
/[email protected] <mailto:[email protected]>_/
http://www.dezb.nl/content/dam/zeeland/zeeuwse/bestanden/email-onderbreking.jpg
T: 0118 654307
http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/facebook.jpg
<https://www.facebook.com/dezbnl>http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/twitter.jpg
<https://www.twitter.com/dezbnl>http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/linkedin.jpg
<https://www.linkedin.com/company/dezbnl>http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/instagram.jpg
<https://www.instagram.com/dezbnl>/dezbnl/
//www.dezb.nl <http://www.dezb.nl>///
http://www.dezb.nl/content/dam/zeeland/zeeuwse/bestanden/email-onderbreking.jpg
Kousteensedijk 7
4331 JE Middelburg
Postbus 8004
4330 EA Middelburg
http://www.dezb.nl/content/dam/zeeland/zeeuwse/bestanden/email-onderbreking.jpg
/Ik werk op: /
ma, wo ochtend
di,do,vr 7:30 – 17:00
*Van:*Alain Defrance via PacketFence-users
<[email protected]>
*Verzonden:* dinsdag 24 september 2019 09:28
*Aan:* packetfence-users <[email protected]>
*CC:* Alain Defrance <[email protected]>
*Onderwerp:* Re: [PacketFence-users] authorized ports
Merci Fabrice
thank a lot Fabrice
i've a iptables.conf file which contains the 2 lines
-A input-internal-inline-if --protocol tcp --match tcp --dport
2048 --jump ACCEPT
-A input-internal-inline-if --protocol tcp --match tcp --dport
2443 --jump ACCEPT
but when i use
iptables -L
i can't see the lines and that doesn't works
regards
j'ai bien un fichier iptables.conf qui comporte les 2 lignes
-A input-internal-inline-if --protocol tcp --match tcp --dport
2048 --jump ACCEPT
-A input-internal-inline-if --protocol tcp --match tcp --dport
2443 --jump ACCEPT
mais lorsque je fait
iptables -L
je ne les voit pas... et donc ça ne fonctionne pas, est-ce que
cela veut dire qu'elles ne sont pas chargées ?
bien cordialement
*Alain Defrance*
Chef de service des systèmes d'informations
01 47 03 89 11
[email protected] <mailto:[email protected]>
------------------------------------------------------------------------
*De: *"packetfence-users" <[email protected]
<mailto:[email protected]>>
*À: *"packetfence-users" <[email protected]
<mailto:[email protected]>>
*Cc: *"Fabrice Durand" <[email protected]
<mailto:[email protected]>>
*Envoyé: *Lundi 23 Septembre 2019 17:32:51
*Objet: *Re: [PacketFence-users] authorized ports
Hello Alain,
you just need to edit the iptables template file under
/usr/local/pf/conf/iptables.conf:
-A input-management-if --protocol tcp --match tcp --dport 2048
--jump ACCEPT
-A input-management-if --protocol tcp --match tcp --dport 2443
--jump ACCEPT
Then restart the iptables service.
Regards
Fabrice
Le 19-09-23 à 11 h 10, Alain Defrance via PacketFence-users a écrit :
Hi,
i need to authorized 2 ports on my packetfence, 2048 and 2443
but i don't how..
with the interface and where ?
with iptables and how ?
thanks a lot for replies
Alain
*Alain Defrance*
Chef de service des systèmes d'informations
01 47 03 89 11
[email protected] <mailto:[email protected]>
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] <mailto:[email protected]> :: +1.514.447.4918
(x135) :: www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
