[PacketFence-users] Email Registration Link doesn't work from inline interface

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I'm having a problem with email registration using PacketFence inline (version 4.5).  Would anyone be willing to help?

Here's the scenario:

User registers and selects Register by Email.
The node is marked registered with a deregister time of 10 minutes in the future.
The node can now access the internet and check for the email.
The email is received, the user clicks on the link but nothing happens and eventually the connection attempt times out.

Here's my observations:

Clicking on the link from a computer on a different network that has internet access works and the access is granted for the specified number of days.
If the user waits 10 minutes and their node is deregistered, they can then click the link and get the access granted message.

So it seems to me that something is blocking the connection to the portal only from a registered node.  However when I look at the iptables rules using "iptables -nxvL" the only drop rules I see are related to DNS, not HTTPS.

I have multiple inline interface pairs with PacketFence handling DHCP for the inside networks and managing NAT/PAT outbound to separate cable modems.  All traffic from the internet trying to access the portal comes back in through another firewall and is translated to the management interface.  I've verified the traffic is successfully traversing the other firewall as I can see the firewall log a "built inbound TCP connection" message.

Ideas?

--------------------------------------------------
Gavin Pyle
Network Engineer
Green River College