I fixed it this but I'm not sure I'm breaking something else:
[root@srvpf pf]# diff -Naur sbin/pfdns.orig sbin/pfdns
--- sbin/pfdns.orig 2017-08-08 18:40:40.006571993 +0200
+++ sbin/pfdns 2017-08-08 18:42:53.040963724 +0200
@@ -448,7 +448,7 @@
my $query_non_filtered =
Poking in the code I found that pfdns calls matches_passthrough in
lib/pf/util/dns.pm which returns the following (with data dumper):
1,
$VAR1 = [
'tcp:8080'
];
But it does not work
--
Check out the
Hi, I don't know if I'm hitting a bug or I'm missing something. I'm
using 7.2 (ZEN), enabled passthrough and configured it like this:
[root@srvpf ~]# grep ^passt /usr/local/pf/conf/pf.conf
passthrough=enabled
passthroughs=*.facebook.com,*.fbcdn.net,*.akamaihd.net,portquiz.net:tcp:8080
Notice
Hello Alex,
what you need is to capture dns traffic from the device and adapt
passthrough based on what you seen in the capture.
Regards
Fabrice
Le 2017-02-27 à 23:17, Alex Fishel a écrit :
Hello all,
I have set up PacketFence inline mode and have the captive portal
working. I have a
Hello all,
I have set up PacketFence inline mode and have the captive portal working.
I have a Cisco Aironet access point set up as well through which wireless
devices connect. The goal of my setup is to be able to provision iOS and
Android devices. So far, I have iOS working but am running into
We need to be able to allow an app download for .1x setup from the google
play store.
Hostname is:
r3---sn-hxgpu-a5oe.gvt1.com
But it won't batch *.gvt1.com in passthroughs.
Im assuming its a dynamically generated host that will change. Im pretty
sure the problem is in the "---" causing
Oh. *. Seemed to work in the past.
Sent from my iPhone
On Sep 4, 2015, at 10:35 AM, Louis Munro wrote:
Hi Tim,
Try just .gvt1.com in your passthroughs.
IIRC it is matched as a regular expression, not a globbing pattern.
Regards,
--
Louis Munro
lmu...@inverse.ca ::
Weird.. I wrote a script to process everything as pfdns would.. found that
it wasn't taking the updates from the pf.conf into the keyed table in the
DB. had to delete the config::Pf(packetfence2.mcc.edu) and config::Pf(
packetfence1.mcc.edu) keys then reload packetfence-config
On Fri, Sep 4,
Hi,
I've successfully implemented a captive portal in inline mode and I also have
configured some website available for guest users without authentication with
passthrough.
But I also want to authorize users to access their vpn gateway (University
network). I have a list of ip addresses and
Passthrough works fine! Thanks Fabrice! I thought it was necessary to write the
entire url, because I had seen some configuration, in the mailing list, which
operated in this way...
Thanks again :) Have a nice day!
Best Regards,
Rosario Ippolito
2015-02-26 14:18 GMT+01:00 Fabrice DURAND
Ok so you just have to define domain and not the whole address.
Something like that is better www.google.it,www.google.com.
Also you are able to define a widlcard like *.google.com
Regards
Fabrice
Le 2015-02-26 07:40, Rosario Ippolito a écrit :
Sure! Thanks a lot!
2015-02-26 13:23
Thanks Fabrice, but Passthrough does not work even without the ssl
websites... I am redirected again to the Captive-Portal..
Regards,
Rosario Ippolito
--
Dive into the World of Parallel Programming The Go Parallel
Hello Rosario,
can you send me a screenshot of the passthrough configuration section ?
Regards
Fabrice
Le 2015-02-26 04:48, Rosario Ippolito a écrit :
Thanks Fabrice, but Passthrough does not work even without the ssl
websites... I am redirected again to the Captive-Portal..
Regards,
Hi all,
I have some questions about Passthrough to do. I have configured
PacketFence (4.6 version) in Out-of-band mode, and it works very well. So,
I have configured the Passthrough following the guide, that is, from the
Web Interface, I have selected the Passthrough box and I have added
Hi Rosario,
using proxy passthrough for ssl webise is not a good idea, you will have
a certificate issue.
Regards
Fabrice
Le 2015-02-24 08:04, Rosario Ippolito a écrit :
Hi all,
I have some questions about Passthrough to do. I have configured
PacketFence (4.6 version) in Out-of-band mode,
Hi,
When a device was put into a isolation vlan after being scanned by Nessus,
I want it to be able to access some specific websites. for example
www.google.com.
First I have www.google.com configured as passthrough.
Below is the config from pf.conf
passthrough=enabled
#
#
Hi,
Passthrough is only working in the reg vlan, not isolation.
Take a look at pfdns code and in the isolzone sub copy the part of the
code you have in the regzone sub. (if ( ($qname =~ /$OAUTH::ALLO)
Regards
Fabrice
Le 2014-04-10 14:01, forbmsyn a écrit :
Hi,
When a device was put
Hi Fabrice,
I changed the type of the vlan to registration but still not working.
[192.168.27.0]
dns=192.168.27.1
dhcp_start=192.168.27.10
gateway=192.168.27.1
domain-name=vlan-registration.mydomain.com
named=enabled
dhcp_max_lease_time=30
dhcpd=enabled
type=vlan-registration
Are there any more thoughts on why my passthroughs are not working?
Cheers,
Andi
-Original Message-
From: Morris, Andi [mailto:amor...@cardiffmet.ac.uk]
Sent: 18 January 2012 14:54
To: packetfence-users@lists.sourceforge.net
Subject: Re: [Packetfence-users] Passthrough list not working
Hi Andi,
On 18/01/12 9:53 AM, Morris, Andi wrote:
Thanks for your help Olivier,
I am interested in having the passthrough in vlan isolation mode.
Here is the var/conf/httpd.conf
[snip]
# NO auto-generated mod_rewrite rules for PacketFence Passthroughs
# NO auto-generated
I just tried http://www.google.co.uk and found out that you are missing
the / at the end which is mandatory if you have no query string.
So try with:
google=http://www.google.co.uk/
instead of
google=http://www.google.co.uk
I filed http://www.packetfence.org/bugs/view.php?id=1368 and
Passthrough with IPs *won't* work with passthrough=proxy since we
perform DNS blackholing on the registration VLAN (rewriting all DNS to
the same IP).
As you already noted, squid redirector is to bypass client-side proxy
configuration. This is not what you are looking for.
On 18/01/12 5:40 AM,
Hi again all,
I'm trying to configure a passthrough so that users in the registration vlan
can access a website in order for them to download a tool to configure their
dot1x settings. I have the following in my pf.conf:
[trapping]
#
# trapping.range
#
# Comma-delimited list of address
23 matches
Mail list logo