Re: [PacketFence-users] inline, unpredictable behaviour

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

You should post your networks.conf and pf.conf.
> Date: Fri, 10 Jul 2015 14:41:27 +0200
> From: he...@gm...
> To: pac...@li...
> Subject: Re: [PacketFence-users] inline, unpredictable behaviour
> 
> Hi Andy, list,
> 
> Yes, you are totally right. :-) Sorry. Let me try again.
> 
> I'm running packetfence 5.2.0, debian wheezy, installed from the repo's,
> inline mode. My inline NATted network is 10.19.0.0/16 and packetfence
> has ip 10.19.0.1 on eth0 as the gateway for the NATted network. We have
> enabled the captive portal, with self registration.
> 
> Anyway: Things seem to work 'unpredictable'. After registration,
> sometimes network detection works, but sometimes clients become trapped
> in the "Sorry, your network should be enabled within a minute or two".
> 
> Having said that, we notice the following warnings in the logs:
> 
> > WARN: Problem trying to run command: LANG=C sudo ipset del
> > PF-iL2_ID4_10.19.0.0 10.19.218.65 2>&1 called from
> > iptables_update_set. Child exited with non-zero value 1
> > (pf::util::pf_run)
> (NOTE: manually running the same command as pf user seems to work!)
> 
> > Jul 08 18:55:55 httpd.webservices(3636) WARN: Problem trying to run
> > command: LANG=C sudo /usr/sbin/conntrack -D -s 10.19.218.65 2>&1
> > called from iptables_unmark_node. Child exited with non-zero value 1
> > (pf::util::pf_run)
> (NOTE again: manually running the same command as pf also seems to work)
> 
> > Jul 08 20:37:04 httpd.portal(3623) ERROR: WARNING ! Unknown
> > switch(es) 10.19.0.1 (pf::SwitchFactory::instantiate)
> (NOTE: this ip is the packetfence NAT address, gateway/dhcp, and there
> is NO switch configured with this ip) (verified in switches.conf)
> 
> > WARN: Problem trying to run command: LANG=C sudo ipset del
> > PF-iL2_ID_10.19.0.0 10.19.218.65 2>&1 called from
> > iptables_update_set. Child exited with non-zero value 1
> > (pf::util::pf_run)
> 
> Judging from that, I assume that the ipset PF-iL2_ID_10.19.0.0 exists,
> however it does not? See:
> 
> > root@pf:/usr/local/pf/logs# su pf
> > $ sudo ipset -L
> > Name: PF-iL2_ID1_10.19.0.0
> > Type: bitmap:ip
> > Header: range 10.19.0.0-10.19.255.255
> > Size in memory: 8312
> > References: 2
> > Members:
> >
> > Name: PF-iL2_ID2_10.19.0.0
> > Type: bitmap:ip
> > Header: range 10.19.0.0-10.19.255.255
> > Size in memory: 8312
> > References: 2
> > Members:
> >
> > Name: PF-iL2_ID3_10.19.0.0
> > Type: bitmap:ip
> > Header: range 10.19.0.0-10.19.255.255
> > Size in memory: 8312
> > References: 2
> > Members:
> >
> > Name: PF-iL2_ID4_10.19.0.0
> > Type: bitmap:ip
> > Header: range 10.19.0.0-10.19.255.255
> > Size in memory: 8312
> > References: 2
> > Members:
> > 10.19.218.65
> >
> > Name: PF-iL2_ID5_10.19.0.0
> > Type: bitmap:ip
> > Header: range 10.19.0.0-10.19.255.255
> > Size in memory: 8312
> > References: 2
> > Members:
> >
> > Name: pfsession_Unreg_10.19.0.0
> > Type: bitmap:ip,mac
> > Header: range 10.19.0.0-10.19.255.255
> > Size in memory: 1048688
> > References: 1
> > Members:
> > 10.19.218.61,3C:97:0E:2F:14:F8
> >
> > Name: pfsession_Reg_10.19.0.0
> > Type: bitmap:ip,mac
> > Header: range 10.19.0.0-10.19.255.255
> > Size in memory: 1048688
> > References: 1
> > Members:
> > 10.19.218.65,60:67:20:5D:74:98
> >
> > Name: pfsession_Isol_10.19.0.0
> > Type: bitmap:ip,mac
> > Header: range 10.19.0.0-10.19.255.255
> > Size in memory: 1048688
> > References: 1
> > Members:
> 
> So... I hope someone has the time to read/react to this. I know I'm
> leaving out config files, but if those are relevant, I'll gladly post
> them, of course. (but it's such a long email already...)
> 
> MJ
> 
> ------------------------------------------------------------------------------
> Don't Limit Your Business. Reach for the Cloud.
> GigeNET's Cloud Solutions provide you with the tools and support that
> you need to offload your IT needs and focus on growing your business.
> Configured For All Businesses. Start Your Cloud Today.
> https://www.gigenetcloud.com/
> _______________________________________________
> PacketFence-users mailing list
> Pac...@li...
> https://lists.sourceforge.net/lists/listinfo/packetfence-users