Re: [PacketFence-users] Still a problem with registration process

Tue, 07 Jun 2016 02:27:07 -0700 

Thanks Louis,
I’ll take a look at that patch. Personally my system is only in development, so 
future upgrades likely won’t affect me as I’m more likely to rebuild than 
upgrade, and I’ll possibly wait until 6.1 before pushing to production.

For Andrew, I believe he has active users on his system, but has implemented 
his own fix.

Cheers,
Andi

From: Louis Munro [mailto:[email protected]]
Sent: 06 June 2016 20:27
To: [email protected]
Subject: Re: [PacketFence-users] Still a problem with registration process



On Jun 6, 2016, at 11:05 , Morris, Andi 
<[email protected]<mailto:[email protected]>> wrote:

When setting the reverse proxy to forward the original IP the packetfence 
server doesn’t seem to respond to the incoming request.

Tcpdump output of the packetfence server shows:
16:01:51.644525 IP 
host86-176-129-66.range86-176.btcentralplus.com<http://host86-176-129-66.range86-176.btcentralplus.com/>.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 166613653, win 8192, 
options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:01:54.648694 IP 
host86-176-129-66.range86-176.btcentralplus.com<http://host86-176-129-66.range86-176.btcentralplus.com/>.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 166613653, win 8192, 
options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:02:00.654695 IP 
host86-176-129-66.range86-176.btcentralplus.com<http://host86-176-129-66.range86-176.btcentralplus.com/>.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 166613653, win 65535, 
options [mss 1460,nop,nop,sackOK], length 0
16:02:12.668769 IP 
host86-176-129-66.range86-176.btcentralplus.com<http://host86-176-129-66.range86-176.btcentralplus.com/>.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 3670114485, win 8192, 
options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:02:15.677516 IP 
host86-176-129-66.range86-176.btcentralplus.com<http://host86-176-129-66.range86-176.btcentralplus.com/>.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 3670114485, win 8192, 
options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:02:21.683543 IP 
host86-176-129-66.range86-176.btcentralplus.com<http://host86-176-129-66.range86-176.btcentralplus.com/>.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 3670114485, win 8192, 
options [mss 1460,nop,nop,sackOK], length 0
16:02:33.697445 IP 
host86-176-129-66.range86-176.btcentralplus.com<http://host86-176-129-66.range86-176.btcentralplus.com/>.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 317933843, win 8192, 
options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:02:36.706367 IP 
host86-176-129-66.range86-176.btcentralplus.com<http://host86-176-129-66.range86-176.btcentralplus.com/>.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 317933843, win 8192, 
options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:02:42.712373 IP 
host86-176-129-66.range86-176.btcentralplus.com<http://host86-176-129-66.range86-176.btcentralplus.com/>.51863
 > pfguestdev.internal.uwic.ac.uk.https: Flags [S], seq 317933843, win 8192, 
options [mss 1460,nop,nop,sackOK], length 0

So the https request is reaching the server, however there is nothing at all in 
the packetfence.log




Hi Andy,
This looks like a possible case of iptables dropping the packets wouldn’t you 
say?



There’s an upcoming fix for this issue (#1522 on github) in the current devel 
branch (which will in time become 6.1):

If your are running 6.0.x it might be worth looking into.
This code will end up being part of your PF whenever you upgrade.

Be carefull to take a look at “db/upgrade-X.X.X-X.Y.Z.sql”.
We had to alter the “activation” table.

If you do apply this, you’ll have to remember to comment that one change in the 
database upgrade script on the day you move to 6.1 for real.
Mysql will not let you apply the same change twice.

Regards,
--
Louis Munro
[email protected]<mailto:[email protected]>  ::  
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and 
PacketFence (www.packetfence.org<http://www.packetfence.org>)

________________________________

[Cardiff Metropolitan University - Queens Anniversary Prizes 
2015]<http://www.cardiffmet.ac.uk/news/Pages/Cardiff-Met-research-recognised-in-Queens-Anniversary-Prizes-for-Higher-and-Further-Education.aspx>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to