[root@PF conf]# cat pf.conf [general] # # general.domain # # Domain name of PacketFence system. domain=il2k.net # # general.hostname # # Hostname of PacketFence system. This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients. hostname=pf # # general.dnsservers # # Comma-delimited list of DNS servers. Passthroughs are created to allow queries to these servers from even "trapped" nodes. dnsservers=8.8.8.8,4.2.2.2 # # general.timezone # # System's timezone in string format. Supported list: # http://www.php.net/manual/en/timezones.php timezone=America/Indiana/Indianapolis [network] # # network.interfaceSNAT # Choose interface(s) where you want to enable snat for passthrough (by default it's the management interface) interfaceSNAT=eth2 [trapping] # # trapping.range # # Comma-delimited list of address ranges/CIDR blocks that PacketFence will monitor/detect/trap on. Gateway, network, and # broadcast addresses are ignored. range=10.100.7.10-10.100.7.250 # # trapping.redirtimer # # How long to display the progress bar during trap release. Default value is # based on VLAN enforcement techniques. Inline enforcement only users could # lower the value. redirtimer=3s # # trapping.whitelist # # Comma-delimited list of MAC addresses that are immune to isolation. In # inline level 2 enforcement, the firewall is opened for them as if they were # registered. This "feature" will probably be reworked in the future. whitelist=50:60:28:56:da:c0,50:60:28:56:da:ff # # trapping.passthrough # # When enabled, pfdns will resolve the real IP addresses of passthroughs and add them in the ipset session to give access # to trapped devices. Donīt forget to enable ip_forward on your server. passthrough=enabled # # trapping.passthroughs # # Comma-delimited list of domains to be used as HTTP and HTTPS passthroughs to web sites. # passthroughs=accounts.google.com,graph.facebook.com,www.linkedin.com # # trapping.proxy_passthroughs # # Comma-delimited list of domains to be use for apache passthrough proxy_passthroughs=accounts.google.com,graph.facebook.com,www.linkedin.com [registration] # # registration.button_text # # button_text=Register here please!! [alerting] # # alerting.smtpserver # # Server through which to send messages to the above emailaddr. The default is localhost - be sure you're running an SMTP # host locally if you don't change it! smtpserver=smtp.elkhart.net [scan] # # scan.pass # # Password to log into scanning engine with. pass=elk1net [database] # # database.pass # # Password for the mysql database used by PacketFence. pass=elk1net [services] # # services.httpd_mod_qos_maximum_users # # The maximum connections per device httpd_mod_qos_maximum_connections_per_device=10 [inline] # # inline.ports_redirect # # Ports to intercept and redirect for trapped and unregistered systems. Defaults to 80/tcp (HTTP), 443/tcp (HTTPS). # Redirecting 443/tcp (SSL) will work, although users might get certificate errors if you didn't install a valid # certificate or if you don't use DNS (although IP-based certificates supposedly exist) # Redirecting 53/udp (DNS) seems to have issues and is also not recommended. # We also have experimental IMAP and POP3 listeners which give fake emails telling users to open their browsers. # Enable them via the ports.listeners parameter and add the IMAP (143/tcp) and POP3 (110/tcp) here. ports_redirect=80/tcp # # inline.interfaceSNAT # Choose the interface(s) you want to use to enable snat (by default itīs the management interface) interfaceSNAT=eth2 # inline.accounting # # Should we handle accouting data for inline clients? # This controls inline accouting tasks in pfmon. accounting=enabled [servicewatch] # # servicewatch.restart # # Should pfcmd service pf watch restart PF if services are not running? # You must make sure to call the watch command. Installing it in the cron is the # recommended approach: # */5 * * * * /usr/local/pf/bin/pfcmd service pf watch restart=enabled [captive_portal] # # captive_portal.secure_redirect # # If secure_redirect is enabled, the captive portal uses HTTPS when redirecting # captured clients. This is the default behavior. secure_redirect=disabled [provisioning] # # provisioning.autoconfig # # Enable or disable the XML mobile config generation for wireless on iPhones, iPods, and iPads autoconfig=enabled # # interfaces [interface eth0] ip=10.100.1.138 type=management mask=255.255.255.0 [interface eth1] enforcement=inlinel3 ip=10.100.7.254 type=internal mask=255.255.255.0 [root@PF conf]#