[root@PF conf]# cat pf.conf
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=il2k.net
#
# general.hostname
#
# Hostname of PacketFence system.  This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients.
hostname=pf
#
# general.dnsservers
#
# Comma-delimited list of DNS servers.  Passthroughs are created to allow queries to these servers from even "trapped" nodes.
dnsservers=8.8.8.8,4.2.2.2
#
# general.timezone
#
# System's timezone in string format. Supported list:
# http://www.php.net/manual/en/timezones.php
timezone=America/Indiana/Indianapolis

[network]
#
# network.interfaceSNAT
# Choose interface(s) where you want to enable snat for passthrough (by default it's the management interface)
interfaceSNAT=eth2

[trapping]
#
# trapping.range
#
# Comma-delimited list of address ranges/CIDR blocks that PacketFence will monitor/detect/trap on.  Gateway, network, and
# broadcast addresses are ignored.
range=10.100.7.10-10.100.7.250
#
# trapping.redirtimer
#
# How long to display the progress bar during trap release. Default value is
# based on VLAN enforcement techniques. Inline enforcement only users could
# lower the value.
redirtimer=3s
#
# trapping.whitelist
#
# Comma-delimited list of MAC addresses that are immune to isolation. In
# inline level 2 enforcement, the firewall is opened for them as if they were
# registered. This "feature" will probably be reworked in the future.
whitelist=50:60:28:56:da:c0,50:60:28:56:da:ff
#
# trapping.passthrough
#
# When enabled, pfdns will resolve the real IP addresses of passthroughs and add them in the ipset session to give access
# to trapped devices. Don´t forget to enable ip_forward on your server.
passthrough=enabled
#
# trapping.passthroughs
#
# Comma-delimited list of domains to be used as HTTP and HTTPS passthroughs to web sites.
#
passthroughs=accounts.google.com,graph.facebook.com,www.linkedin.com
#
# trapping.proxy_passthroughs
#
# Comma-delimited list of domains to be use for apache passthrough
proxy_passthroughs=accounts.google.com,graph.facebook.com,www.linkedin.com

[registration]
#
# registration.button_text
#
#
button_text=Register here please!!

[alerting]
#
# alerting.smtpserver
#
# Server through which to send messages to the above emailaddr.  The default is localhost - be sure you're running an SMTP
# host locally if you don't change it!
smtpserver=smtp.elkhart.net

[scan]
#
# scan.pass
#
# Password to log into scanning engine with.
pass=elk1net

[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence.
pass=elk1net

[services]
#
# services.httpd_mod_qos_maximum_users
#
# The maximum connections per device
httpd_mod_qos_maximum_connections_per_device=10

[inline]
#
# inline.ports_redirect
#
# Ports to intercept and redirect for trapped and unregistered systems.  Defaults to 80/tcp (HTTP), 443/tcp (HTTPS).
# Redirecting 443/tcp (SSL) will work, although users might get certificate errors if you didn't install a valid
# certificate or if you don't use DNS (although IP-based certificates supposedly exist)
# Redirecting 53/udp (DNS) seems to have issues and is also not recommended.
# We also have experimental IMAP and POP3 listeners which give fake emails telling users to open their browsers.
# Enable them via the ports.listeners parameter and add the IMAP (143/tcp) and POP3 (110/tcp) here.
ports_redirect=80/tcp
#
# inline.interfaceSNAT
# Choose the interface(s) you want to use to enable snat (by default it´s the management interface)
interfaceSNAT=eth2
# inline.accounting
#
# Should we handle accouting data for inline clients?
# This controls inline accouting tasks in pfmon.
accounting=enabled

[servicewatch]
#
# servicewatch.restart
#
# Should pfcmd service pf watch restart PF if services are not running?
# You must make sure to call the watch command. Installing it in the cron is the
# recommended approach:
# */5 * * * * /usr/local/pf/bin/pfcmd service pf watch
restart=enabled

[captive_portal]
#
# captive_portal.secure_redirect
#
# If secure_redirect is enabled, the captive portal uses HTTPS when redirecting
# captured clients. This is the default behavior.
secure_redirect=disabled

[provisioning]
#
# provisioning.autoconfig
#
# Enable or disable the XML mobile config generation for wireless on iPhones, iPods, and iPads
autoconfig=enabled

#
# interfaces
[interface eth0]
ip=10.100.1.138
type=management
mask=255.255.255.0

[interface eth1]
enforcement=inlinel3
ip=10.100.7.254
type=internal
mask=255.255.255.0
[root@PF conf]#