Re: [PacketFence-users] Firewall question
Hello, you can try this: in /usr/local/pf/conf/iptables.conf change: :forward-internal-inline-if - [0:0] %%filter_forward_inline%% to: :forward-internal-inline-if - [0:0] -A forward-internal-inline-if --match mark --mark 0x1 -d 10.255.60.0/24 --jump DROP %%filter_forward_inline%% Then restart the iptables service. Regards Fabrice Le 20-09-04 à 08 h 12, INFO via PacketFence-users a écrit : Hi, i have un in line configuratione using 2 VM Cisco WLC for 200 AP . Not use Radius . PF is used ogni for Guest with Captive portal and using a spcecific group in AD . All work correctly, but i have a problem when the user its autorized. The guest must go only in the internet and not in the intranet. The guest have un private NET in a private Vlan, but from PF and internet have many hops e many network . And the guest now can view all the net . the guest crosses several networks without firewalls and in these, for example, there is the corporate DNS, various MS Domain controllers and other things that must not be able to access. Basically I should enable the requests to the various dns and related responses but then block a whole net / 8. I tried to do ACLs on WLCs but they are a little weird and dangerous and if I'm wrong I could do the company disservice. how can I do ?? Client 10.122.250./24--- PF--10.255.60.0/24-Hop---hop-Firewall-firewall---Router--AS Internet The Guest can view the net 10.2550.60.0/24 and other net since to the first firewall.. Who can see me how to make an simple firewall config for iptables.conf ?? Thank's ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Firewall question
Hi, i have un in line configuratione using 2 VM Cisco WLC for 200 AP . Not use Radius . PF is used ogni for Guest with Captive portal and using a spcecific group in AD . All work correctly, but i have a problem when the user its autorized. The guest must go only in the internet and not in the intranet. The guest have un private NET in a private Vlan, but from PF and internet have many hops e many network . And the guest now can view all the net . the guest crosses several networks without firewalls and in these, for example, there is the corporate DNS, various MS Domain controllers and other things that must not be able to access. Basically I should enable the requests to the various dns and related responses but then block a whole net / 8. I tried to do ACLs on WLCs but they are a little weird and dangerous and if I'm wrong I could do the company disservice. how can I do ?? Client 10.122.250./24--- PF--10.255.60.0/24-Hop---hop-Firewall-firewall---Router--AS Internet The Guest can view the net 10.2550.60.0/24 and other net since to the first firewall.. Who can see me how to make an simple firewall config for iptables.conf ?? Thank's ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Firewall question
Hi, i have un in line configuratione using 2 VM Cisco WLC for 200 AP . Not use Radius . PF is used ogni for Guest with Captive portal and using a spcecific group in AD . All work correctly, but i have a problem when the user its autorized. The guest must go only in the internet and not in the intranet. The guest have un private NET in a private Vlan, but from PF and internet have many hops e many network . And the guest now can view all the net . the guest crosses several networks without firewalls and in these, for example, there is the corporate DNS, various MS Domain controllers and other things that must not be able to access. Basically I should enable the requests to the various dns and related responses but then block a whole net / 8. I tried to do ACLs on WLCs but they are a little weird and dangerous and if I'm wrong I could do the company disservice. how can I do ?? Client 10.122.250./24--- PF--10.255.60.0/24-Hop---hop-Firewall-firewall---Router--AS Internet The Guest can view the net 10.2550.60.0/24 and other net since to the first firewall.. Who can see me how to make an simple firewall config for iptables.conf ?? Thank's Gino ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users