Hello Fabrice, I will take a look at conf/iptables.conf As far as I understand, srnat / dstnat or mangle is needed.
the Management Interface is currently the Eth0 Interface. Eth1: WAN: 123.123.123.160 Eth0: Management: 10.0.0.1/13 VLAN 220: 10.20.0.1/16 (isolation, registration) VLAN 210: 10.10.0.1/16 (dhcp, portal, registration,...) This is the current setup. My idea is that we start by putting every new user and unknown user in isolation. Registered users (LDAP) and known devices (radius) should switch to VLAN 210. Later we introduce user based VLANs. But this setup does not work yet. I did not setup LDAP nor radius yet. We use ubiquity switches. I am currently trying to figure out how to add a switch. I added the controller and one switch. But I see no feedback. How can I test the communication between PF and the unifi controller? Thanks, Ivo > Am 11.09.2021 um 03:23 schrieb Fabrice Durand <oeufd...@gmail.com>: > > > Hello Ivo, > > Hum, first you need to add virtual ips on the WAN interface and play with > conf/iptables.conf to add your rules. > > Also which interface is the management one ? (this one is natted by default). > > Regards > Fabrice > > > >> Le ven. 10 sept. 2021 à 01:40, Admin SielNet via PacketFence-users >> <packetfence-users@lists.sourceforge.net> a écrit : >> Hello, >> >> I am a new PF user and currently overwhelmed with the settings of PF. >> >> Our PacketFence installation has 2 network ports currently. >> >> 1 interface is WAN. 123.123.123.160 >> The other interface is LAN. 10.0.0.1 >> >> We have one /24 public address block at our disposal. >> >> What I like to do with the PacketFence VM is the following: >> >> NAT private 10.10.5.X to public 123.123.123.5 >> NAT private 10.10.6.X to public 123.123.123.6 >> NAT private 10.10.7.X to public 123.123.123.7 >> and so forth. For 120 IP addresses. >> >> What do I need to do to accomplish this? >> I need to set up virtual interfaces in PacketFence for every user. >> The IP addresses are examples. >> >> An internal user should receive 1 public IP address. (example 123.123.123.7) >> Each device of this user should receive an IP from 10.10.7.X and each device >> from this user should use the public IP address 123.123.123.7 >> >> Lastly, users should be on separate VLANs. 10.10.7.X is VLAN 7. >> >> I am unsure how I can accomplish this with PF. >> I am a newbie in networks. >> As far as I understand, this is possible. >> >> I just need a little help to figure this out. >> >> Greetings >> >> Ivo Damjanovic >> SielNet e.V. >> >> >> >> >> >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
