Thanks all,
I've had this running through my head all night and I understand it a lot more
now. I'm sure this won't be the last question I have on here though ;)
Again, appreciate your patience.
Cheers,
Andi
From: Derek Wuelfrath [mailto:dwuelfr...@inverse.ca]
Sent: 23 November 2011 16:15
To: packetfence-users@lists.sourceforge.net
Subject: Re: [Packetfence-users] Packetfence service will not start
Andi,
As a complimentary information to what François said, the configurator script
will populate the networks.conf file based on the different enforcement types
you entered in the previous step.
If you didn't configure any internal interface (which means no enforcement type
[vlan or inline]), the script will skip the networks.conf section and will not
add anything to the file due to the fact you didn't configure PacketFence to
act on any interface.
On 11/23/11 09:05 , Francois Gaudreault wrote:
Hi Andi,
The two warnings I've fixed using the suggested method, although I don't really
know why the ownership wouldn't be correct from the start as I've followed the
admin guide thoroughly.
Great.
Internal network is not defined - this admittedly is true. I have two networks
cards in my server. One I was hoping for management access, and defined it as
such in the configuration script, but the other I'm not quite sure what to do
with. I do want to do inline sniffing, so presumably will need a card for
that, if so, what park of my physical network would I set that up to be on? A
mirrored core port? Is this different from the internal network as mentioned
in the error message? We have a large number of vlans segmenting our
production environment, so I'm not sure exactly where I need to put the
internal network card.
Ok some interesting questions here. First, let's talk about the internal
network. This is to tell PacketFence which interface should be either the
registration, isolation or inline interface. In order to define internal
interfaces, you simply need to create an interface block like this, and fill it
with the proper information. Example of an internal "vlan" interface :
[interface eth2]
mask=255.255.0.0
type=internal
enforcement=vlan
gateway=10.110.0.1
ip=10.110.0.1
For the SNORT interface (type monitor) ( I believe this is what you meant by
inline sniffing), it is a bit complicated if you are using a VM. You will need
to create a physical SPAN port on your switch and then create a new vswitch
with this physical interface as the uplink, create a port group in ESX, and tie
an interface of the VM on it.
The last step is to create your networks definitions (which should have been
created automatically) in networks.conf. Here is an exemple:
[10.110.0.0]
type=vlan-registration
netmask=255.255.0.0
gateway=10.110.0.1
next_hop=
named=enabled
domain-name=registration.inverse.local
dns=10.110.0.1
dhcpd=enabled
dhcp_start=10.110.0.10
dhcp_end=10.110.255.254
dhcp_default_lease_time=300
dhcp_max_lease_time=300
I don't really know why my networks.conf file is empty. I have double checked
the file and it is indeed empty. Shouldn't this be populated by running the
configurator script?
Yes, it should be populated by the configurator.
Also, I'm slightly nervous that starting packetfence will mean that it
automatically starts allocating IP addresses through its own DHCP service,
which is why I didn't allocate an internal IP address initially.
Not really. PacketFence will use the data in networks.conf to allocate IPs.
If you don't have an interface that matches those subnets, then no DHCP will be
offered. In fact, dhcpd won't even start.
Hope it helps.
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca<mailto:fgaudrea...@inverse.ca> :: +1.514.447.4918
(x130) :: www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net<mailto:Packetfence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Derek Wuelfrath
dwuelfr...@inverse.ca<mailto:dwuelfr...@inverse.ca> :: +1.514.447.4918 (x110)
:: www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
