Hi, We are running pf 5.6.1 for our wifi segment, using NAT. The dns server on the NAT segment is set to our company dns server, which is also an Intrustion Protection System, filtering out suspicious/malicous dns queries.
Now, occasionally we're getting warnings from this IPS system about infected clients on the wifi. Of course the source ip/mac address is that of the packetfence (NAT gateway), and not the actual NATted wifi client. Hence our question: is it possible to log the dns queries flowing through packetfence, or use packetfence itself as dns server, in order get a log of all dns queries per client, so be would be able to lookup the ACTUAL client doing the malicious dns lookups? Best regards, MJ ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
