Re: [PacketFence-users] passthrough only opens ports 80 and 443 even if proto and port are defined

2017-08-08 Thread Cristian Mammoli via PacketFence-users 

I fixed it this but I'm not sure I'm breaking something else:

[root@srvpf pf]# diff -Naur sbin/pfdns.orig sbin/pfdns
--- sbin/pfdns.orig 2017-08-08 18:40:40.006571993 +0200
+++ sbin/pfdns  2017-08-08 18:42:53.040963724 +0200
@@ -448,7 +448,7 @@
 my $query_non_filtered = resolve_with_cache("A", $qname);
 my @ip_port_pairs;
 if ($query_non_filtered) {
-push @ip_port_pairs, 
format_query_to_ip_port($query_non_filtered, $HTTP_PORT, $HTTPS_PORT);
+push @ip_port_pairs, 
format_query_to_ip_port($query_non_filtered, $HTTP_PORT, $HTTPS_PORT, 
@$ports);

 push @ans, $query_non_filtered->answer;
 if (@ans) {
 $results{rcode} = "NOERROR";


Il 08/08/2017 17:44, Cristian Mammoli via PacketFence-users ha scritto:
Poking in the code I found that pfdns calls matches_passthrough in 
lib/pf/util/dns.pm which returns the following (with data dumper): 



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] passthrough only opens ports 80 and 443 even if proto and port are defined

2017-08-08 Thread Cristian Mammoli via PacketFence-users 
Poking in the code I found that pfdns calls matches_passthrough in 
lib/pf/util/dns.pm which returns the following (with data dumper):


1,
$VAR1 = [
  'tcp:8080'
];

But it does not work
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] passthrough only opens ports 80 and 443 even if proto and port are defined

2017-08-08 Thread Cristian Mammoli via PacketFence-users 
Hi, I don't know if I'm hitting a bug or I'm missing something. I'm 
using 7.2 (ZEN), enabled passthrough and configured it like this:


[root@srvpf ~]# grep ^passt /usr/local/pf/conf/pf.conf
passthrough=enabled
passthroughs=*.facebook.com,*.fbcdn.net,*.akamaihd.net,portquiz.net:tcp:8080

Notice that the last one has a port defined. Unfortunetely the only 
ports opened are 80 and 443:


[root@srvpf ~]# ipset list pfsession_passthrough
Name: pfsession_passthrough
Type: hash:ip,port
Revision: 2
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16592
References: 2
Members:
178.33.250.62,tcp:80
178.33.250.62,tcp:443

Where 178.33.250.62 is the ip address of portquiz.net

This is a log snippet of pfdns in TRACE mode

Aug  8 17:04:15 srvpf pfdns: pfdns(3121) DEBUG: [mac:[undef]] pfdns: 
caught SIGTERM - terminating (main::normal_sighandler)
Aug  8 17:04:15 srvpf pfdns: pfdns(3121) DEBUG: [mac:[undef]] pfdns: 
caught SIGTERM - terminating (main::normal_sighandler)
Aug  8 17:04:15 srvpf pfdns: pfdns(3121) DEBUG: [mac:[undef]] pfdns: 
caught SIGTERM - terminating (main::normal_sighandler)
Aug  8 17:04:15 srvpf pfdns: pfdns(3121) DEBUG: [mac:[undef]] pfdns: 
caught SIGTERM - terminating (main::normal_sighandler)
Aug  8 17:04:15 srvpf pfdns: pfdns(3121) DEBUG: [mac:[undef]] pfdns: 
caught SIGTERM - terminating (main::normal_sighandler)
Aug  8 17:04:15 srvpf pfdns: pfdns(3121) INFO: [mac:[undef]] stopping 
pfdns (main::END)
Aug  8 17:04:23 srvpf pfdns: pfdns(4628) DEBUG: [mac:[undef]] invalid 
IP:  from __ANON__ (pf::util::valid_ip)
Aug  8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory 
configuration is still valid for key resource::SwitchTypesConfigured in 
local cached_hash (pfconfig::cached::is_valid)
Aug  8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory 
configuration is still valid for key resource::SwitchTypesConfigured in 
local cached_hash (pfconfig::cached::is_valid)
Aug  8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory 
configuration is still valid for key resource::SwitchTypesConfigured in 
local cached_hash (pfconfig::cached::is_valid)
Aug  8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory 
configuration is still valid for key resource::SwitchTypesConfigured in 
local cached_hash (pfconfig::cached::is_valid)
Aug  8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory 
configuration is still valid for key resource::SwitchTypesConfigured in 
local cached_hash (pfconfig::cached::is_valid)
Aug  8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory 
configuration is still valid for key resource::SwitchTypesConfigured in 
local cached_hash (pfconfig::cached::is_valid)
Aug  8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory 
configuration is still valid for key resource::SwitchTypesConfigured in 
local cached_hash (pfconfig::cached::is_valid)
Aug  8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory 
configuration is still valid for key resource::SwitchTypesConfigured in 
local cached_hash (pfconfig::cached::is_valid)
Aug  8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory 
configuration is still valid for key resource::SwitchTypesConfigured in 
local cached_hash (pfconfig::cached::is_valid)
Aug  8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory 
configuration is still valid for key resource::SwitchTypesConfigured in 
local cached_hash (pfconfig::cached::is_valid)
Aug  8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory 
configuration is still valid for key resource::SwitchTypesConfigured in 
local cached_hash (pfconfig::cached::is_valid)
Aug  8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory 
configuration is still valid for key resource::SwitchTypesConfigured in 
local cached_hash (pfconfig::cached::is_valid)
Aug  8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory 
configuration is still valid for key resource::SwitchTypesConfigured in 
local cached_hash (pfconfig::cached::is_valid)
Aug  8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory 
configuration is still valid for key resource::SwitchTypesConfigured in 
local cached_hash (pfconfig::cached::is_valid)
Aug  8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory 
configuration is still valid for key resource::SwitchTypesConfigured in 
local cached_hash (pfconfig::cached::is_valid)
Aug  8 17:04:25 srvpf pfdns: pfdns(4628) TRACE: [mac:[undef]] Memory 
configuration is still valid for key resource::SwitchTypesConfigured in 
local cached_hash (pfconfig::cached::is_valid)
Aug  8 17:04:25 srvpf pfdns: pfdns(4628) DEBUG: [mac:[undef]] cache get 
for namespace='configfiles', key='/usr/local/pf/conf/pf.conf', 
cache='Redis:l1_cache', time='0ms': MISS (not in cache) 
(CHI::Driver::_log_get_result)
Aug  8 17:04:25 srvpf pfdns: pfdns(4628) DEBUG: [mac:[undef]] cache get 
for namespace='Default', key='HASH(0x3e4b210)', cache='RawMemory', 
time='0ms': MISS (not in cache)