Hi,
Passthrough is only working in the reg vlan, not isolation.
Take a look at pfdns code and in the isolzone sub copy the part of the
code you have in the regzone sub. (if ( ($qname =~ /$OAUTH::ALLO....)
Regards
Fabrice
Le 2014-04-10 14:01, forbmsyn a écrit :
Hi,
When a device was put into a isolation vlan after being scanned by
Nessus, I want it to be able to access some specific websites. for
example www.google.com <http://www.google.com>.
First I have www.google.com <http://www.google.com> configured as
passthrough.
Below is the config from pf.conf
passthrough=enabled
#
# trapping.passthroughs
#
# Comma-delimited list of domains to be used as HTTP and HTTPS
passthroughs to web sites.
#
passthroughs=www.google.com <http://www.google.com>
Below is the config of the isolation vlan:
network.conf
[192.168.27.0]
dns=192.168.27.1
dhcp_start=192.168.27.10
gateway=192.168.27.2
domain-name=vlan-isolation.mydomain.com
<http://vlan-isolation.mydomain.com>
named=enabled
dhcp_max_lease_time=30
dhcpd=enabled
type=vlan-isolation
netmask=255.255.255.0
dhcp_end=192.168.27.246
dhcp_default_lease_time=30
I also have ip_forward enabled on the PF server.
[root@vmpf conf]# cat /proc/sys/net/ipv4/ip_forward
1
Below is the nslookup output from the Client machine which register
with PF. www.google.com <http://www.google.com> is still pointed to
the PF interface.
c:\>nslookup
Derfault Server: Unknown
Address: 192.168.27.1
> www.google.com <http://www.google.com>
Server: Unknown
Address: 192.168.27.1
Name: www.google.com.vlan-isolation.mydomain.com
<http://www.google.com.vlan-isolation.mydomain.com>
Address: 192.168.27.1
> www.yahoo.com <http://www.yahoo.com>
Server: Unknown
Address: 192.168.27.1
Name: www.yahoo.com.vlan-isolation.mydomain.com
<http://www.yahoo.com.vlan-isolation.mydomain.com>
Address: 192.168.27.1
Any idea what else I should change to make it work? Thanks.
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
