Le 2018-06-15 à 10:22, Steven Pfister via PacketFence-users a écrit :
Got it... thanks! Should I leave the system iptables service stopped,
or should I uninstall it?
uninstall it, the iptables rules are managed by packetfence.
The var/conf/iptables.conf file has lines:
-A POSTROUTING -s
Got it... thanks! Should I leave the system iptables service stopped, or
should I uninstall it?
The var/conf/iptables.conf file has lines:
-A POSTROUTING -s 192.168.220.0/24 -o eth0 -j SNAT --to 10.99.19.240
-A POSTROUTING -s 192.168.221.0/24 -o eth0 -j SNAT --to 10.99.19.240
which don't seem
Hello Steven,
var/conf/iptables.conf is a file generated from the template
conf/iptables.conf
If you want to restart iptables service you need to do the following
(pfcmd service iptables restart) and not use the iptables service from
the system.
Regards
Fabrice
Le 2018-06-15 à 10:03,
Hi
Hoping someone can help me with the UI/CLI config for Auto-Registration. I
wanted to have this on the onboarding SSID that is also used for all other
devices. However, from using the fingerbank database to profile devices
that are for example playstation and avoid them from the CWP and auto
I just had something strange happen with iptables. I wanted to try a change
in var/conf/iptables.conf, but "service iptables restart" wasn't available.
So I did a "yum install iptables-services". Was that a mistake? The change
I made to iptables.conf didn't work, so I changed it back. Now, with
We had an extra nic in this server, but it's causing a lot of problems, so
we've just removed it altogether for now. The" ip netns exec dpsad ping"
command worked just fine.
[root@PacketFence-ZEN ~]# ip route get 10.99.20.32
10.99.20.32 dev eth0 src 10.99.19.240
cache
[root@PacketFence-ZEN
It looks that you have 2 ip on the interface eth0 and packetfence use
the first one to nat the chroot traffic (10.99.19.240/21)
You will probably need to remove the second one (10.99.21.1/21)
Can you try the following (replace 10.0.0.1 by the AD ip address):
ip netns exec dpsad ping 10.0.0.1
By the way, the server was rebooted last night after I left and the routing
issues seem to have stopped. It still isn't able to join the domain though.
We need to join the server to the domain in order to authentication against
it, is that correct?
On Thu, Jun 14, 2018 at 7:25 PM, Durand fabrice
Sure...
[root@PacketFence-ZEN logs]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever