Anonymous | Login | 2024-11-22 23:42 EST |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
ID | Project | Category | View Status | Date Submitted | Last Update | |||
0001271 | PacketFence | configuration | public | 2011-09-19 08:46 | 2011-10-26 14:27 | |||
Reporter | fgaudreault | |||||||
Assigned To | obilodeau | |||||||
Priority | normal | Severity | major | Reproducibility | always | |||
Status | closed | Resolution | duplicate | |||||
Platform | OS | OS Version | ||||||
Product Version | devel | |||||||
Target Version | Fixed in Version | 3.0.0 | ||||||
Summary | 0001271: IPTables rules not enough strong in registration/isolation VLAN | |||||||
Description | Apparently, we are not sealing the registration or isolation VLAN enough. Some users are reporting that they can torrent while in registration/isolation VLAN, which is not good. We should allow only DHCP and DNS externally, and keep the HTTP/HTTPS redirect. | |||||||
Additional Information | On 17/09/11 12:19 AM, Randy Chockley wrote: > I have installed CentOS 5.7 and the latest DEVEL build to manage a > student network. All of my switches are unmanaged, I've got 2 network > interfaces, one in the ip range of the campus, and another in it's own > subnet to DHCP to clients. DHCP is working, violations are working > (some what), we have had some copyright letters sent to us, so I need to > monitor and block p2p. When a violation is detected browsing the web is > disabled, and redirected, but the p2p application can continue to > download. I am not sure I have the pf.conf setup correctly because I > have been unable to find much documentation, all has been for vlan which > I am unable to do. My pf.conf: > > [general] > domain=metro > hostname=packetfence > dnsservers=8.8.8.8,8.8.4.4 > > [trapping] > range=10.10.11.0/24 <http://10.10.11.0/24> [^] > detection=enabled > redirtimer=10s > > [database] > pass=******* > > [interface eth0] > ip=10.10.10.113 > mask=255.255.255.0 > type=management > gateway=10.10.10.1 > authorizedips= > > [interface eth1] > ip=10.10.11.1 > mask=255.255.255.0 > type=internal,monitor > gateway=10.10.11.1 > enforcement=inline > > [services] > named=disabled > | |||||||
Tags | No tags attached. | |||||||
fixed in git revision | ||||||||
fixed in mtn revision | ||||||||
Attached Files | pf.conf [^] (469 bytes) 2011-09-19 11:46 networks.conf [^] (248 bytes) 2011-09-19 11:47 | |||||||
Relationships | ||||||
|
Notes | |
(0002210) obilodeau (reporter) 2011-09-19 10:48 |
Not sure about internal and monitor on the same interface plus inline enforcement... |
(0002211) chockrl (reporter) 2011-09-19 11:38 |
I believe I have found a work around for the issue. I have changed the pf.conf slightly from the one attached. The parameter that seems to correct the issue is general.dnsservers by entering only one ip address everything is functioning correctly. I also turned on registration, but had the same issue if two dns servers were entered and separated by a comma. I made the same change in network.conf for my DHCP server config. |
(0002212) obilodeau (reporter) 2011-09-19 11:41 |
Reminder sent to: chockrl Can you attach your new pf.conf and networks.conf? We are not quite sure at this point if this is a duplicate of 0001269 or not. |
(0002213) chockrl (reporter) 2011-09-19 11:47 |
I may have read that issue when trying to get this work. Files attached. |
(0002216) obilodeau (reporter) 2011-09-19 13:55 |
I fixed 0001269. I'll try to reproduce the 'p2p still works' portion of the issue in our lab and if I can't I'll mark this as a duplicate of 0001269 which is now fixed. Thanks for your help! |
(0002217) obilodeau (reporter) 2011-09-19 14:24 |
confirmed as a dupe of 0001269 which is fixed |
Issue History | |||
Date Modified | Username | Field | Change |
2011-09-19 08:46 | fgaudreault | New Issue | |
2011-09-19 10:47 | obilodeau | Additional Information Updated | |
2011-09-19 10:48 | obilodeau | Note Added: 0002210 | |
2011-09-19 11:38 | chockrl | Note Added: 0002211 | |
2011-09-19 11:41 | obilodeau | Note Added: 0002212 | |
2011-09-19 11:46 | chockrl | File Added: pf.conf | |
2011-09-19 11:47 | chockrl | File Added: networks.conf | |
2011-09-19 11:47 | chockrl | Note Added: 0002213 | |
2011-09-19 13:55 | obilodeau | Note Added: 0002216 | |
2011-09-19 14:23 | obilodeau | Relationship added | duplicate of 0001269 |
2011-09-19 14:24 | obilodeau | Note Added: 0002217 | |
2011-09-19 14:24 | obilodeau | Status | new => resolved |
2011-09-19 14:24 | obilodeau | Resolution | open => duplicate |
2011-09-19 14:24 | obilodeau | Assigned To | => obilodeau |
2011-10-26 14:27 | obilodeau | Status | resolved => closed |
2011-10-26 14:27 | obilodeau | Fixed in Version | => 3.0.0 |
Copyright © 2000 - 2012 MantisBT Group |