Hi Andi,
The two warnings I've fixed using the suggested method, although I
don't really know why the ownership wouldn't be correct from the start
as I've followed the admin guide thoroughly.
Great.
Internal network is not defined -- this admittedly is true. I have
two networks cards in my server. One I was hoping for management
access, and defined it as such in the configuration script, but the
other I'm not quite sure what to do with. I do want to do inline
sniffing, so presumably will need a card for that, if so, what park of
my physical network would I set that up to be on? A mirrored core
port? Is this different from the internal network as mentioned in the
error message? We have a large number of vlans segmenting our
production environment, so I'm not sure exactly where I need to put
the internal network card.
Ok some interesting questions here. First, let's talk about the
internal network. This is to tell PacketFence which interface should be
either the registration, isolation or inline interface. In order to
define internal interfaces, you simply need to create an interface block
like this, and fill it with the proper information. Example of an
internal "vlan" interface :
[interface eth2]
mask=255.255.0.0
type=internal
enforcement=vlan
gateway=10.110.0.1
ip=10.110.0.1
For the SNORT interface (type monitor) ( I believe this is what you
meant by inline sniffing), it is a bit complicated if you are using a
VM. You will need to create a physical SPAN port on your switch and
then create a new vswitch with this physical interface as the uplink,
create a port group in ESX, and tie an interface of the VM on it.
The last step is to create your networks definitions (which should have
been created automatically) in networks.conf. Here is an exemple:
[10.110.0.0]
type=vlan-registration
netmask=255.255.0.0
gateway=10.110.0.1
next_hop=
named=enabled
domain-name=registration.inverse.local
dns=10.110.0.1
dhcpd=enabled
dhcp_start=10.110.0.10
dhcp_end=10.110.255.254
dhcp_default_lease_time=300
dhcp_max_lease_time=300
I don't really know why my networks.conf file is empty. I have double
checked the file and it is indeed empty. Shouldn't this be populated
by running the configurator script?
Yes, it should be populated by the configurator.
Also, I'm slightly nervous that starting packetfence will mean that it
automatically starts allocating IP addresses through its own DHCP
service, which is why I didn't allocate an internal IP address initially.
Not really. PacketFence will use the data in networks.conf to allocate
IPs. If you don't have an interface that matches those subnets, then no
DHCP will be offered. In fact, dhcpd won't even start.
Hope it helps.
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
