Re: [PacketFence-users] R: R: R: R: network-access-detection

Durand fabrice via PacketFence-users Thu, 10 Aug 2017 16:51:41 -0700

Hello Alessandro,

what is the result of ? :


cat /proc/sys/net/ipv4/ip_forward

From the pf server are you able to do a query ?
nslookup
> server 153.47.30.113
> inverse.ca

Regards
Fabrice


Le 2017-08-10 à 13:42, Alessandro Canella via PacketFence-users a écrit :


Here some test:

BEFORE LOGIN

Suffisso DNS specifico per connessione: inlinel2.feo-cer.net

Indirizzo IPv4. . . . . . . . . . . . : 192.168.30.14(Preferenziale)

Gateway predefinito . . . . . . . . . : 192.168.30.1

Server DHCP . . . . . . . . . . . . . : 192.168.30.1

   Server DNS . . . . . . . . . . . . .  : 153.47.30.113

C:\Users\aless>nslookup

Server predefinito:  UnKnown

Address:  153.47.30.113

lancelot.feo-cer.net

Server:  UnKnown

Address:  153.47.30.113

Nome:    percival.feo-cer.net

Address:  192.168.30.1

Aliases: lancelot.feo-cer.net.inlinel2.feo-cer.net

AFTER LOGIN

C:\Users\aless>nslookup

DNS request timed out.

    timeout was 2 seconds.

Server predefinito:  UnKnown

Address:  153.47.30.113

> server 192.168.30.1

DNS request timed out.

    timeout was 2 seconds.

Server predefinito:  [192.168.30.1]

Address:  192.168.30.1

As you see from image attached, portscan …works….query not….

*Da:*Alessandro Canella via PacketFence-users[mailto:packetfence-users@lists.sourceforge.net]

*Inviato:* giovedì 10 agosto 2017 09.42
*A:* packetfence-users@lists.sourceforge.net
*Cc:* Alessandro Canella <alessandro.cane...@itcare.it>
*Oggetto:* [PacketFence-users] R: R: R: network-access-detection

Fabrice,

I made a test with nslookup. My first hop (PF inline IF) is closed andcannot reach a remote DNS too. Note that other proto seems ok.

*Da:*Fabrice Durand via PacketFence-users[mailto:packetfence-users@lists.sourceforge.net]

*Inviato:* martedì 8 agosto 2017 14.37

*A:* packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>

*Cc:* Fabrice Durand <fdur...@inverse.ca <mailto:fdur...@inverse.ca>>
*Oggetto:* Re: [PacketFence-users] R: R: network-access-detection

Hello Alessandro,

you probably missconfigured the dns.

Can you give me your networks.conf ?

Regards

Fabrice

Le 2017-08-07 à 11:51, Alessandro Canella via PacketFence-users a écrit :

    I’ve retried and checked traffic.

    As wrotten, I’m in inline, users authenticate but GIF cannot be
    retrieved.

    But not only : from a successful registered client, I cannot query
    DNS. And any other packet works fine….

    How I can check where is “deny” that stops me?

    *Da:*Alessandro Canella via PacketFence-users
    [mailto:packetfence-users@lists.sourceforge.net]
    *Inviato:* venerdì 4 agosto 2017 08.18
    *A:* Ludovic Zammit <lzam...@inverse.ca>
    <mailto:lzam...@inverse.ca>;
    packetfence-users@lists.sourceforge.net
    <mailto:packetfence-users@lists.sourceforge.net>
    *Cc:* Alessandro Canella <alessandro.cane...@itcare.it>
    <mailto:alessandro.cane...@itcare.it>
    *Oggetto:* [PacketFence-users] R: network-access-detection

    Hello Ludovic,

    I’ve tried with Win10, tested with both IP (I know, if I test the
    first reachable is not correct…) I’ve leaved Vlan Enforce due to
    incopatibility of switches, so I’m in inline mode.

    I will try to raise timeout to 90 secs and to open it by hand in
    new tab.

    Later I will recap tests.

    Thanks in advance.

    *Da:*Ludovic Zammit [mailto:lzam...@inverse.ca]
    *Inviato:* giovedì 3 agosto 2017 19.40
    *A:* packetfence-users@lists.sourceforge.net
    <mailto:packetfence-users@lists.sourceforge.net>
    *Cc:* Alessandro Canella <alessandro.cane...@itcare.it
    <mailto:alessandro.cane...@itcare.it>>
    *Oggetto:* Re: [PacketFence-users] network-access-detection

    Hello Alessandra,

    Are you using Mac OS X ? Which PacketFence version are you using ?


    By default on the ZEN it will try to reach our public IP.

    Once you get authorize after the registration process you will
    need to check if you have placed into the correct vlan (In VLAN
    enforcement mode) and got the proper IP address.

    Check also if you have internet, it's known for Mac OS X devices
    that they are slow to release their IP and pickup the new one
    (~90secs).

    Try to have a tab open on the network-access-detection.gif and see
    if it loads after the registration process.

    Thanks,

    Ludovic Zammit

    lzam...@inverse.ca <mailto:lzam...@inverse.ca>  ::  +1.514.447.4918 (x145) 
::www.inverse.ca <http://www.inverse.ca>

    Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

        On Aug 3, 2017, at 11:41 AM, Alessandro Canella via
        PacketFence-users <packetfence-users@lists.sourceforge.net
        <mailto:packetfence-users@lists.sourceforge.net>> wrote:

        Hello all,

        I still have problem detecting
        /common/network-access-detection.gif after access is granted.
        I’m using ZEN version.

        I’ve tried lot of different config. All seems fine, gif is
        reachable from both side of inline mode but “unable to detect”
        is the last portal page that I seen.

        Any ideas about which log explore?

        
------------------------------------------------------------------------------
        Check out the vibrant tech community on one of the world's most
        engaging tech sites,Slashdot.org
        
<http://slashdot.org/>!http://sdm.link/slashdot_______________________________________________
        PacketFence-users mailing list
        PacketFence-users@lists.sourceforge.net
        <mailto:PacketFence-users@lists.sourceforge.net>
        https://lists.sourceforge.net/lists/listinfo/packetfence-users



    
------------------------------------------------------------------------------

    Check out the vibrant tech community on one of the world's most

    engaging tech sites, Slashdot.org!http://sdm.link/slashdot



    _______________________________________________

    PacketFence-users mailing list

    PacketFence-users@lists.sourceforge.net
    <mailto:PacketFence-users@lists.sourceforge.net>

    https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca>  ::  +1.514.447.4918 (x135) 
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] R: R: R: R: network-access-detection

Reply via email to