Re: [Packetfence-devel] I'm giving another chance to pf

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Nathaniel,
    I believe you may be making the config more complex then necessary.  
Since the PF system is inline, you really don't want PacketFence running 
the DHCP server.  This is usually done for configurations where on PF 
system is remote and serving many locations.  PF will be doing many 
scope changes that are not necessary for inline more.
    For your config, I would disable DHCP - remove the scope 
definitions, and run DHCP outside of packetfence.  Then you can PF 
running inline mode, and tune any configuration options you are looking 
for.  Later if you wish to go back to DHCP, it is always an option.

Kevin

Nathaniel Felsen wrote:
> Hi,
> My pf installation is still not working (and I spent hours on it :/ )
>
>
> My dns is on the 10.0.100.0 network
> My pf server has 2 interfaces one on the 192.168.1.0 network which is
> connected to rest of my network and the 192.168.2.0 which is suppose
> to be the network managed by pf.
> I setup a dhcp server on the same server that provide to all the nodes
> of my interface an address on the 192.168.2.0 network
>
> In my conf file I have :
>
> [...]
>
> [network]
> scan=enabled
> mode=inline
> nat=enabled
> dhcp=enabled
>
> [...]
>
> range=192.168.1.0/24,192.168.2.0/24
>
> [...]
> registration=enabled
> isolation=disabled
>
> [...]
>
> authentication=ldap
>
> [...]
>
> [interface eth0]
> mask=255.255.255.0
> type=managed,external
> gateway=192.168.1.1
> ip=192.168.1.10
>
> [interface eth1]
> mask=255.255.255.0
> type=internal,monitor
> gateway=127.0.0.1
> ip=192.168.2.10
>
> [services]
> dhcpd=/usr/sbin/dhcpd
>
> [arp]
> listendevice=eth1
> [...]
>
> [scope iso]
> network=192.168.2.0/24
> gateway=192.168.2.1
> range=192.168.2.20-192.168.10.50
>
> [scope reg]
> network=192.168.2.0/24
> gateway=192.168.2.1
> range=192.168.2.51-192.168.2.180
>
> [scope unreg]
> network=192.168.2.0/24
> gateway=192.168.2.1
> range=192.168.2.181-192.168.2.240
>
>
> (Let me know if I miss something important for you to help me... )
>
> One of the first thing I don't understand, is why and what do I have
> to put in my gateway field for eth1.
>
> For now, my pf server is able to contact the dns but not the computers
> on the 192.168.2.0 network (I guess it comes from) my 1st problem...
>
> Is the scope I setup are good ?
>
> Thanks,
> MrMr
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Packetfence-devel mailing list
> Pac...@li...
> https://lists.sourceforge.net/lists/listinfo/packetfence-devel
>