Hi,
When a device was put into a isolation vlan after being scanned by Nessus,
I want it to be able to access some specific websites. for example
www.google.com.
First I have www.google.com configured as passthrough.
Below is the config from pf.conf
passthrough=enabled
#
# trapping.passthroughs
#
# Comma-delimited list of domains to be used as HTTP and HTTPS passthroughs
to web sites.
#
passthroughs=www.google.com
Below is the config of the isolation vlan:
network.conf
[192.168.27.0]
dns=192.168.27.1
dhcp_start=192.168.27.10
gateway=192.168.27.2
domain-name=vlan-isolation.mydomain.com
named=enabled
dhcp_max_lease_time=30
dhcpd=enabled
type=vlan-isolation
netmask=255.255.255.0
dhcp_end=192.168.27.246
dhcp_default_lease_time=30
I also have ip_forward enabled on the PF server.
[root@vmpf conf]# cat /proc/sys/net/ipv4/ip_forward
1
Below is the nslookup output from the Client machine which register with
PF. www.google.com is still pointed to the PF interface.
c:\>nslookup
Derfault Server: Unknown
Address: 192.168.27.1
> www.google.com
Server: Unknown
Address: 192.168.27.1
Name: www.google.com.vlan-isolation.mydomain.com
Address: 192.168.27.1
> www.yahoo.com
Server: Unknown
Address: 192.168.27.1
Name: www.yahoo.com.vlan-isolation.mydomain.com
Address: 192.168.27.1
Any idea what else I should change to make it work? Thanks.
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
