Re: [PacketFence-users] DNS Resolution of Captive Portal after granting Access
Dear Fabrice, Sorry for my late answer. Thank you very much for offering your help and giving me this information. I appreciate this very much. I just started looking into the code. Perl isn't an issue, luckily... I did a lot of perl scripting in the late 90s. But iptables / ipset techniques could be an issue. I understand the basic principles of firewalling and NAT using iptables. But that is it... Well, we will see. Best regards, Till On 15.07.2016 02:27, Durand fabrice wrote: > Hum ok, > it will not be so simple since we use the iptable mangle to 'tag' > packetfence and forward or not forward to pfdns. > In order to make it work you probably have to remove the iptables mark > (ipset.pm iptables.pm) and detect in pfdns if the device is reg or not. > Nothing really complicate but you must know perl. > > If you want i am available on packetfence irc channel > https://packetfence.org/support/index.html on work hours (Montréal time) > > Regards > Fabrice > > > > Le 2016-07-14 19:20, g4-l...@tonarchiv.ch a écrit : >> Hello Fabrice, >> >> Aside from our captive portal "hack" we are using a pure inline setup. >> The PF server has two network interfaces. One goes to an AP and the >> other to the Internet gateway. There is no external DHCP server and we >> use the DNS server of our Internet provider. >> >> Already registered users are checked against a RADIUS source. When new >> user get registered CP adds them to the RADIUS DB. Our CP uses JsonAPI >> of the PF's webservice and a patched api.pm to register or update nodes. >> >> Best regards, >> Till >> >> >> On 15.07.2016 00:36, Durand fabrice wrote: >>> Hello Till, >>> >>> can you describe a little bit the setup, are you using out of band or >>> inline ? >>> >>> Regards >>> Fabrice >>> >>> >>> Le 2016-07-14 17:34, g4-l...@tonarchiv.ch a écrit : Hi Antoine, could you give me a hint where in the code / in which PM the trapping and decision what DNS configuration to use takes place? Thanks, Till On 14.07.2016 16:09, g4-l...@tonarchiv.ch wrote: > Hello Antoine, > > thank you for your reply. > > Our client has several locations using Packetfence, and he wanted a > centralized server for CP with a customizable CMS. So we are using > mod_proxy directive in captive-portal-common.tt to forward requests to > this centralized CP. > > We already tested the pass through configuration which works fine. But > sadly it is not really an option for because this implies that there is > always access to Facebook, Google, Twitter etc. > Sadly, most of the login screens of these social networks use the > www.xxx.com domain name and also refer to a lot of external resources > for JS, images etc. Because of this it is not possible to disable access > to Facebook for example in general, but allow access to the login screen > of facebook. This only could be done with firewall rules on the protocol > / HTTP level. > > So we decided to give the users temporary access to the Internet when > they decide to get verified by social networks. > > I wonder if pfdns and trapping mechanism could be configured to sent the > right local IP address for CP name resolution and forwards all other > requests to the external DNS. > > Thanks, > Till > > > > On 14.07.2016 15:11, Antoine Amacher wrote: >> Hello Till, >> >> I am not sure how your authentication by social media is working but why >> not use OAuth2 sources? >> >> You could also add any domains you want to authorize to the pass through >> list, in this way people will be in the registration VLAN with access to >> authorized sites. If you need sites to enable for your social media >> access, you can check in the OAuth sources, each have a predefined list. >> >> Thanks >> >> On 07/14/2016 12:03 AM, g4-l...@tonarchiv.ch wrote: >>> Hi there, >>> >>> We wrote our own captive portal, which allows the user to get verified >>> by social networks. For this reason we give him temporary access first >>> so he can reach the social network login pages. >>> >>> But now we have the problem that he can not be directed back to the >>> captive portal as long as he as the temporary Internet access. The >>> reason is that DNS resolution of captive portal (i.e. PF server) does >>> not work anymore. >>> >>> Because we are using a public DNS server, we can not add the captive >>> portal IP (which is a local one in the LAN) to this DNS. >>> >>> Is there a way to tell Packetfence to continue trapping and resolving >>> DNS requests of the captive portal's name, as long as we grant temporary >>> Internet access to the user? >>> This would solve our problem. >>> >>> Or is there another way to resolve the PF name without using a local >>> DNS? >>> >>>
Re: [PacketFence-users] DNS Resolution of Captive Portal after granting Access
Hum ok, it will not be so simple since we use the iptable mangle to 'tag' packetfence and forward or not forward to pfdns. In order to make it work you probably have to remove the iptables mark (ipset.pm iptables.pm) and detect in pfdns if the device is reg or not. Nothing really complicate but you must know perl. If you want i am available on packetfence irc channel https://packetfence.org/support/index.html on work hours (Montréal time) Regards Fabrice Le 2016-07-14 19:20, g4-l...@tonarchiv.ch a écrit : > Hello Fabrice, > > Aside from our captive portal "hack" we are using a pure inline setup. > The PF server has two network interfaces. One goes to an AP and the > other to the Internet gateway. There is no external DHCP server and we > use the DNS server of our Internet provider. > > Already registered users are checked against a RADIUS source. When new > user get registered CP adds them to the RADIUS DB. Our CP uses JsonAPI > of the PF's webservice and a patched api.pm to register or update nodes. > > Best regards, > Till > > > On 15.07.2016 00:36, Durand fabrice wrote: >> Hello Till, >> >> can you describe a little bit the setup, are you using out of band or >> inline ? >> >> Regards >> Fabrice >> >> >> Le 2016-07-14 17:34, g4-l...@tonarchiv.ch a écrit : >>> Hi Antoine, >>> >>> could you give me a hint where in the code / in which PM the trapping >>> and decision what DNS configuration to use takes place? >>> >>> Thanks, >>> Till >>> >>> On 14.07.2016 16:09, g4-l...@tonarchiv.ch wrote: Hello Antoine, thank you for your reply. Our client has several locations using Packetfence, and he wanted a centralized server for CP with a customizable CMS. So we are using mod_proxy directive in captive-portal-common.tt to forward requests to this centralized CP. We already tested the pass through configuration which works fine. But sadly it is not really an option for because this implies that there is always access to Facebook, Google, Twitter etc. Sadly, most of the login screens of these social networks use the www.xxx.com domain name and also refer to a lot of external resources for JS, images etc. Because of this it is not possible to disable access to Facebook for example in general, but allow access to the login screen of facebook. This only could be done with firewall rules on the protocol / HTTP level. So we decided to give the users temporary access to the Internet when they decide to get verified by social networks. I wonder if pfdns and trapping mechanism could be configured to sent the right local IP address for CP name resolution and forwards all other requests to the external DNS. Thanks, Till On 14.07.2016 15:11, Antoine Amacher wrote: > Hello Till, > > I am not sure how your authentication by social media is working but why > not use OAuth2 sources? > > You could also add any domains you want to authorize to the pass through > list, in this way people will be in the registration VLAN with access to > authorized sites. If you need sites to enable for your social media > access, you can check in the OAuth sources, each have a predefined list. > > Thanks > > On 07/14/2016 12:03 AM, g4-l...@tonarchiv.ch wrote: >> Hi there, >> >> We wrote our own captive portal, which allows the user to get verified >> by social networks. For this reason we give him temporary access first >> so he can reach the social network login pages. >> >> But now we have the problem that he can not be directed back to the >> captive portal as long as he as the temporary Internet access. The >> reason is that DNS resolution of captive portal (i.e. PF server) does >> not work anymore. >> >> Because we are using a public DNS server, we can not add the captive >> portal IP (which is a local one in the LAN) to this DNS. >> >> Is there a way to tell Packetfence to continue trapping and resolving >> DNS requests of the captive portal's name, as long as we grant temporary >> Internet access to the user? >> This would solve our problem. >> >> Or is there another way to resolve the PF name without using a local DNS? >> >> Best regards, >> Till >> >> -- >> What NetFlow Analyzer can do for you? Monitors network bandwidth and >> traffic >> patterns at an interface-level. Reveals which users, apps, and protocols >> are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning >> reports.http://sdm.link/zohodev2dev >> ___ >> PacketFence-users mailing list >>
Re: [PacketFence-users] DNS Resolution of Captive Portal after granting Access
Hello Fabrice, Aside from our captive portal "hack" we are using a pure inline setup. The PF server has two network interfaces. One goes to an AP and the other to the Internet gateway. There is no external DHCP server and we use the DNS server of our Internet provider. Already registered users are checked against a RADIUS source. When new user get registered CP adds them to the RADIUS DB. Our CP uses JsonAPI of the PF's webservice and a patched api.pm to register or update nodes. Best regards, Till On 15.07.2016 00:36, Durand fabrice wrote: > Hello Till, > > can you describe a little bit the setup, are you using out of band or > inline ? > > Regards > Fabrice > > > Le 2016-07-14 17:34, g4-l...@tonarchiv.ch a écrit : >> Hi Antoine, >> >> could you give me a hint where in the code / in which PM the trapping >> and decision what DNS configuration to use takes place? >> >> Thanks, >> Till >> >> On 14.07.2016 16:09, g4-l...@tonarchiv.ch wrote: >>> Hello Antoine, >>> >>> thank you for your reply. >>> >>> Our client has several locations using Packetfence, and he wanted a >>> centralized server for CP with a customizable CMS. So we are using >>> mod_proxy directive in captive-portal-common.tt to forward requests to >>> this centralized CP. >>> >>> We already tested the pass through configuration which works fine. But >>> sadly it is not really an option for because this implies that there is >>> always access to Facebook, Google, Twitter etc. >>> Sadly, most of the login screens of these social networks use the >>> www.xxx.com domain name and also refer to a lot of external resources >>> for JS, images etc. Because of this it is not possible to disable access >>> to Facebook for example in general, but allow access to the login screen >>> of facebook. This only could be done with firewall rules on the protocol >>> / HTTP level. >>> >>> So we decided to give the users temporary access to the Internet when >>> they decide to get verified by social networks. >>> >>> I wonder if pfdns and trapping mechanism could be configured to sent the >>> right local IP address for CP name resolution and forwards all other >>> requests to the external DNS. >>> >>> Thanks, >>> Till >>> >>> >>> >>> On 14.07.2016 15:11, Antoine Amacher wrote: Hello Till, I am not sure how your authentication by social media is working but why not use OAuth2 sources? You could also add any domains you want to authorize to the pass through list, in this way people will be in the registration VLAN with access to authorized sites. If you need sites to enable for your social media access, you can check in the OAuth sources, each have a predefined list. Thanks On 07/14/2016 12:03 AM, g4-l...@tonarchiv.ch wrote: > Hi there, > > We wrote our own captive portal, which allows the user to get verified > by social networks. For this reason we give him temporary access first > so he can reach the social network login pages. > > But now we have the problem that he can not be directed back to the > captive portal as long as he as the temporary Internet access. The > reason is that DNS resolution of captive portal (i.e. PF server) does > not work anymore. > > Because we are using a public DNS server, we can not add the captive > portal IP (which is a local one in the LAN) to this DNS. > > Is there a way to tell Packetfence to continue trapping and resolving > DNS requests of the captive portal's name, as long as we grant temporary > Internet access to the user? > This would solve our problem. > > Or is there another way to resolve the PF name without using a local DNS? > > Best regards, > Till > > -- > What NetFlow Analyzer can do for you? Monitors network bandwidth and > traffic > patterns at an interface-level. Reveals which users, apps, and protocols > are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning > reports.http://sdm.link/zohodev2dev > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> -- >>> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >>> patterns at an interface-level. Reveals which users, apps, and protocols are >>> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >>> J-Flow, sFlow and other flows. Make informed decisions using capacity >>> planning >>> reports.http://sdm.link/zohodev2dev >>> ___ >>> PacketFence-users mailing list >>>
Re: [PacketFence-users] DNS Resolution of Captive Portal after granting Access
Hello Till, can you describe a little bit the setup, are you using out of band or inline ? Regards Fabrice Le 2016-07-14 17:34, g4-l...@tonarchiv.ch a écrit : > Hi Antoine, > > could you give me a hint where in the code / in which PM the trapping > and decision what DNS configuration to use takes place? > > Thanks, > Till > > On 14.07.2016 16:09, g4-l...@tonarchiv.ch wrote: >> Hello Antoine, >> >> thank you for your reply. >> >> Our client has several locations using Packetfence, and he wanted a >> centralized server for CP with a customizable CMS. So we are using >> mod_proxy directive in captive-portal-common.tt to forward requests to >> this centralized CP. >> >> We already tested the pass through configuration which works fine. But >> sadly it is not really an option for because this implies that there is >> always access to Facebook, Google, Twitter etc. >> Sadly, most of the login screens of these social networks use the >> www.xxx.com domain name and also refer to a lot of external resources >> for JS, images etc. Because of this it is not possible to disable access >> to Facebook for example in general, but allow access to the login screen >> of facebook. This only could be done with firewall rules on the protocol >> / HTTP level. >> >> So we decided to give the users temporary access to the Internet when >> they decide to get verified by social networks. >> >> I wonder if pfdns and trapping mechanism could be configured to sent the >> right local IP address for CP name resolution and forwards all other >> requests to the external DNS. >> >> Thanks, >> Till >> >> >> >> On 14.07.2016 15:11, Antoine Amacher wrote: >>> Hello Till, >>> >>> I am not sure how your authentication by social media is working but why >>> not use OAuth2 sources? >>> >>> You could also add any domains you want to authorize to the pass through >>> list, in this way people will be in the registration VLAN with access to >>> authorized sites. If you need sites to enable for your social media >>> access, you can check in the OAuth sources, each have a predefined list. >>> >>> Thanks >>> >>> On 07/14/2016 12:03 AM, g4-l...@tonarchiv.ch wrote: Hi there, We wrote our own captive portal, which allows the user to get verified by social networks. For this reason we give him temporary access first so he can reach the social network login pages. But now we have the problem that he can not be directed back to the captive portal as long as he as the temporary Internet access. The reason is that DNS resolution of captive portal (i.e. PF server) does not work anymore. Because we are using a public DNS server, we can not add the captive portal IP (which is a local one in the LAN) to this DNS. Is there a way to tell Packetfence to continue trapping and resolving DNS requests of the captive portal's name, as long as we grant temporary Internet access to the user? This would solve our problem. Or is there another way to resolve the PF name without using a local DNS? Best regards, Till -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users >> -- >> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >> patterns at an interface-level. Reveals which users, apps, and protocols are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning >> reports.http://sdm.link/zohodev2dev >> ___ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity planning > reports.http://sdm.link/zohodev2dev > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net >
Re: [PacketFence-users] DNS Resolution of Captive Portal after granting Access
Hi Antoine, could you give me a hint where in the code / in which PM the trapping and decision what DNS configuration to use takes place? Thanks, Till On 14.07.2016 16:09, g4-l...@tonarchiv.ch wrote: > Hello Antoine, > > thank you for your reply. > > Our client has several locations using Packetfence, and he wanted a > centralized server for CP with a customizable CMS. So we are using > mod_proxy directive in captive-portal-common.tt to forward requests to > this centralized CP. > > We already tested the pass through configuration which works fine. But > sadly it is not really an option for because this implies that there is > always access to Facebook, Google, Twitter etc. > Sadly, most of the login screens of these social networks use the > www.xxx.com domain name and also refer to a lot of external resources > for JS, images etc. Because of this it is not possible to disable access > to Facebook for example in general, but allow access to the login screen > of facebook. This only could be done with firewall rules on the protocol > / HTTP level. > > So we decided to give the users temporary access to the Internet when > they decide to get verified by social networks. > > I wonder if pfdns and trapping mechanism could be configured to sent the > right local IP address for CP name resolution and forwards all other > requests to the external DNS. > > Thanks, > Till > > > > On 14.07.2016 15:11, Antoine Amacher wrote: >> Hello Till, >> >> I am not sure how your authentication by social media is working but why >> not use OAuth2 sources? >> >> You could also add any domains you want to authorize to the pass through >> list, in this way people will be in the registration VLAN with access to >> authorized sites. If you need sites to enable for your social media >> access, you can check in the OAuth sources, each have a predefined list. >> >> Thanks >> >> On 07/14/2016 12:03 AM, g4-l...@tonarchiv.ch wrote: >>> Hi there, >>> >>> We wrote our own captive portal, which allows the user to get verified >>> by social networks. For this reason we give him temporary access first >>> so he can reach the social network login pages. >>> >>> But now we have the problem that he can not be directed back to the >>> captive portal as long as he as the temporary Internet access. The >>> reason is that DNS resolution of captive portal (i.e. PF server) does >>> not work anymore. >>> >>> Because we are using a public DNS server, we can not add the captive >>> portal IP (which is a local one in the LAN) to this DNS. >>> >>> Is there a way to tell Packetfence to continue trapping and resolving >>> DNS requests of the captive portal's name, as long as we grant temporary >>> Internet access to the user? >>> This would solve our problem. >>> >>> Or is there another way to resolve the PF name without using a local DNS? >>> >>> Best regards, >>> Till >>> >>> -- >>> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >>> patterns at an interface-level. Reveals which users, apps, and protocols are >>> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >>> J-Flow, sFlow and other flows. Make informed decisions using capacity >>> planning >>> reports.http://sdm.link/zohodev2dev >>> ___ >>> PacketFence-users mailing list >>> PacketFence-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity planning > reports.http://sdm.link/zohodev2dev > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] DNS Resolution of Captive Portal after granting Access
Hello Antoine, thank you for your reply. Our client has several locations using Packetfence, and he wanted a centralized server for CP with a customizable CMS. So we are using mod_proxy directive in captive-portal-common.tt to forward requests to this centralized CP. We already tested the pass through configuration which works fine. But sadly it is not really an option for because this implies that there is always access to Facebook, Google, Twitter etc. Sadly, most of the login screens of these social networks use the www.xxx.com domain name and also refer to a lot of external resources for JS, images etc. Because of this it is not possible to disable access to Facebook for example in general, but allow access to the login screen of facebook. This only could be done with firewall rules on the protocol / HTTP level. So we decided to give the users temporary access to the Internet when they decide to get verified by social networks. I wonder if pfdns and trapping mechanism could be configured to sent the right local IP address for CP name resolution and forwards all other requests to the external DNS. Thanks, Till On 14.07.2016 15:11, Antoine Amacher wrote: > Hello Till, > > I am not sure how your authentication by social media is working but why > not use OAuth2 sources? > > You could also add any domains you want to authorize to the pass through > list, in this way people will be in the registration VLAN with access to > authorized sites. If you need sites to enable for your social media > access, you can check in the OAuth sources, each have a predefined list. > > Thanks > > On 07/14/2016 12:03 AM, g4-l...@tonarchiv.ch wrote: >> Hi there, >> >> We wrote our own captive portal, which allows the user to get verified >> by social networks. For this reason we give him temporary access first >> so he can reach the social network login pages. >> >> But now we have the problem that he can not be directed back to the >> captive portal as long as he as the temporary Internet access. The >> reason is that DNS resolution of captive portal (i.e. PF server) does >> not work anymore. >> >> Because we are using a public DNS server, we can not add the captive >> portal IP (which is a local one in the LAN) to this DNS. >> >> Is there a way to tell Packetfence to continue trapping and resolving >> DNS requests of the captive portal's name, as long as we grant temporary >> Internet access to the user? >> This would solve our problem. >> >> Or is there another way to resolve the PF name without using a local DNS? >> >> Best regards, >> Till >> >> -- >> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >> patterns at an interface-level. Reveals which users, apps, and protocols are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning >> reports.http://sdm.link/zohodev2dev >> ___ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] DNS Resolution of Captive Portal after granting Access
Hello Till, I am not sure how your authentication by social media is working but why not use OAuth2 sources? You could also add any domains you want to authorize to the pass through list, in this way people will be in the registration VLAN with access to authorized sites. If you need sites to enable for your social media access, you can check in the OAuth sources, each have a predefined list. Thanks On 07/14/2016 12:03 AM, g4-l...@tonarchiv.ch wrote: > Hi there, > > We wrote our own captive portal, which allows the user to get verified > by social networks. For this reason we give him temporary access first > so he can reach the social network login pages. > > But now we have the problem that he can not be directed back to the > captive portal as long as he as the temporary Internet access. The > reason is that DNS resolution of captive portal (i.e. PF server) does > not work anymore. > > Because we are using a public DNS server, we can not add the captive > portal IP (which is a local one in the LAN) to this DNS. > > Is there a way to tell Packetfence to continue trapping and resolving > DNS requests of the captive portal's name, as long as we grant temporary > Internet access to the user? > This would solve our problem. > > Or is there another way to resolve the PF name without using a local DNS? > > Best regards, > Till > > -- > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity planning > reports.http://sdm.link/zohodev2dev > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Antoine Amacher aamac...@inverse.ca :: +1.514.447.4918 *130 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] DNS Resolution of Captive Portal after granting Access
Hi there, We wrote our own captive portal, which allows the user to get verified by social networks. For this reason we give him temporary access first so he can reach the social network login pages. But now we have the problem that he can not be directed back to the captive portal as long as he as the temporary Internet access. The reason is that DNS resolution of captive portal (i.e. PF server) does not work anymore. Because we are using a public DNS server, we can not add the captive portal IP (which is a local one in the LAN) to this DNS. Is there a way to tell Packetfence to continue trapping and resolving DNS requests of the captive portal's name, as long as we grant temporary Internet access to the user? This would solve our problem. Or is there another way to resolve the PF name without using a local DNS? Best regards, Till -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users