> On Jun 6, 2016, at 11:05 , Morris, Andi <[email protected]> wrote:
>
> When setting the reverse proxy to forward the original IP the packetfence
> server doesn’t seem to respond to the incoming request.
>
> Tcpdump output of the packetfence server shows:
> 16:01:51.644525 IP host86-176-129-66.range86-176.btcentralplus.com
> <http://host86-176-129-66.range86-176.btcentralplus.com/>.51863 >
> pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 166613653, win 8192,
> options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
> 16:01:54.648694 IP host86-176-129-66.range86-176.btcentralplus.com
> <http://host86-176-129-66.range86-176.btcentralplus.com/>.51863 >
> pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 166613653, win 8192,
> options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
> 16:02:00.654695 IP host86-176-129-66.range86-176.btcentralplus.com
> <http://host86-176-129-66.range86-176.btcentralplus.com/>.51863 >
> pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 166613653, win 65535,
> options [mss 1460,nop,nop,sackOK], length 0
> 16:02:12.668769 IP host86-176-129-66.range86-176.btcentralplus.com
> <http://host86-176-129-66.range86-176.btcentralplus.com/>.51863 >
> pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 3670114485, win 8192,
> options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
> 16:02:15.677516 IP host86-176-129-66.range86-176.btcentralplus.com
> <http://host86-176-129-66.range86-176.btcentralplus.com/>.51863 >
> pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 3670114485, win 8192,
> options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
> 16:02:21.683543 IP host86-176-129-66.range86-176.btcentralplus.com
> <http://host86-176-129-66.range86-176.btcentralplus.com/>.51863 >
> pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 3670114485, win 8192,
> options [mss 1460,nop,nop,sackOK], length 0
> 16:02:33.697445 IP host86-176-129-66.range86-176.btcentralplus.com
> <http://host86-176-129-66.range86-176.btcentralplus.com/>.51863 >
> pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 317933843, win 8192,
> options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
> 16:02:36.706367 IP host86-176-129-66.range86-176.btcentralplus.com
> <http://host86-176-129-66.range86-176.btcentralplus.com/>.51863 >
> pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 317933843, win 8192,
> options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
> 16:02:42.712373 IP host86-176-129-66.range86-176.btcentralplus.com
> <http://host86-176-129-66.range86-176.btcentralplus.com/>.51863 >
> pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 317933843, win 8192,
> options [mss 1460,nop,nop,sackOK], length 0
>
> So the https request is reaching the server, however there is nothing at all
> in the packetfence.log
Hi Andy,
This looks like a possible case of iptables dropping the packets wouldn’t you
say?
There’s an upcoming fix for this issue (#1522 on github) in the current devel
branch (which will in time become 6.1):
If your are running 6.0.x it might be worth looking into.
This code will end up being part of your PF whenever you upgrade.
Be carefull to take a look at “db/upgrade-X.X.X-X.Y.Z.sql”.
We had to alter the “activation” table.
If you do apply this, you’ll have to remember to comment that one change in the
database upgrade script on the day you move to 6.1 for real.
Mysql will not let you apply the same change twice.
Regards,
--
Louis Munro
[email protected] :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
