[PacketFence-users] Forwarding Inline wifi trafic to a dedicated interface

Wed, 08 Jun 2016 03:18:32 -0700 

Hi everyone,

We try to forward trafic from guest wifi to a dedicated interface (not the 
default management interface). It's a bit tricky :)

We have :

Eth0 : management interface
Eth1 : a dedicated interface for wifi traffic
Eth2.15 : guest wifi (inline interface on pf)
Eth2.16 : internal wifi (inline interface on pf)


Actually we did on our packetfence server :


*         Active forwarding on kernel on sysctl => net.ipv4.ip_forward=1



*         Create a routing rule => ip rule add from all fwmark 1 table wifi



Our /etc/iproute2/rt_tables



#

# reserved values

#

255     local

254     main

253     default

0       unspec

#

# local

#

#1      inr.ruhep

1       wifi



*         Add a default route on table wifi => ip route add default dev eth0 
table known



        root@packetfence:~# ip route show table 1

        default dev eth1  scope link





*         Use mangle table to mark all packet from eth2.15 interface => 
iptables -t mangle -A PREROUTING -s 192.168.15.0/24  -j MARK --set-mark 1



root@packetfence:~# iptables -L --table mangle

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination

MARK       all  --  192.168.15.0/24      anywhere             MARK set 0x1



Chain INPUT (policy ACCEPT)

target     prot opt source               destination



Chain FORWARD (policy ACCEPT)

target     prot opt source               destination



Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination



Chain POSTROUTING (policy ACCEPT)

target     prot opt source               destination



Chain postrouting-int-inline-if (0 references)

target     prot opt source               destination



Chain prerouting-int-inline-if (0 references)

target     prot opt source               destination





*         Our default routing table looks like this



root@packetfence:~# route

Table de routage IP du noyau

Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface

default         192.168.120.1   0.0.0.0         UG    0      0        0 eth0

192.168.15.0    *               255.255.255.0   U     0      0        0 eth2.15

192.168.16.0    *               255.255.255.0   U     0      0        0 eth2.16

192.168.17.0    *               255.255.255.0   U     0      0        0 eth1

192.168.120.0   *               255.255.255.0   U     0      0        0 eth0


It should work no ? actually it not ...

Regards.

Pierrick Prost

CNRS DR07



------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to