PacketFence - BTS - PacketFence | |||||||||||||||
| View Issue Details | |||||||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||||||||
| 0001374 | PacketFence | core | public | 2012-02-03 14:34 | 2012-04-18 10:00 | ||||||||||
| Reporter | obilodeau | ||||||||||||||
| Assigned To | dwuelfrath | ||||||||||||||
| Priority | normal | Severity | minor | Reproducibility | N/A | ||||||||||
| Status | closed | Resolution | fixed | ||||||||||||
| Platform | OS | OS Version | |||||||||||||
| Product Version | |||||||||||||||
| Target Version | 3.3.0 | Fixed in Version | 3.3.0 | ||||||||||||
| fixed in git revision | |||||||||||||||
| fixed in mtn revision | |||||||||||||||
| Summary | 0001374: Inline mode should work as VLAN mode regarding DNS blackholing | ||||||||||||||
| Description | Inline mode, as currently implemented, can be improved regarding DNS blackholing. Right now you choose in configuration, either: a) you use the portal in an IP-based way, and you provide a valid external DNS in b) you use the portal with DNS but you might provide a valid internal DNS and add an FQDN to PacketFence's IP inline interface It's more trouble to configure but also it causes problems because IP-based can't use an SSL-based portal and because of that configurable difference we have two different portal apache config. Inecting a DNAT rule to refer to the local DNS on an inline network when the user is unreg (or in violation) would fix that problem: when DNAT'ed DNS blackholing makes the redirection dance happening again otherwise if not DNAT'ed DNS goes to the real DNS which should work. Potential problem: named might not like to answer to the DNAT request or the client might refuse the reply from another IP (remember this is UDP.. thus rewriting source IP might be in order). Once fixed don't forget to: - drop the parameter regarding ip or dns based portal redirect from pf.conf - drop apache config duplication - update documentation accordingly | ||||||||||||||
| Steps To Reproduce | |||||||||||||||
| Additional Information | |||||||||||||||
| Tags | No tags attached. | ||||||||||||||
| Relationships |
| ||||||||||||||
| Attached Files | |||||||||||||||
| Issue History | |||||||||||||||
| Date Modified | Username | Field | Change | ||||||||||||
| 2012-02-03 14:34 | obilodeau | New Issue | |||||||||||||
| 2012-02-03 14:34 | obilodeau | Status | new => assigned | ||||||||||||
| 2012-02-03 14:34 | obilodeau | Assigned To | => dwuelfrath | ||||||||||||
| 2012-02-29 10:53 | obilodeau | Category | feature => core | ||||||||||||
| 2012-02-29 11:10 | obilodeau | Relationship added | related to 0001387 | ||||||||||||
| 2012-04-12 13:13 | dwuelfrath | Status | assigned => resolved | ||||||||||||
| 2012-04-12 13:13 | dwuelfrath | Resolution | open => fixed | ||||||||||||
| 2012-04-12 13:13 | dwuelfrath | Fixed in Version | => trunk | ||||||||||||
| 2012-04-16 11:24 | obilodeau | Relationship added | related to 0001423 | ||||||||||||
| 2012-04-18 09:49 | obilodeau | Target Version | => 3.3.0 | ||||||||||||
| 2012-04-18 09:50 | obilodeau | Fixed in Version | trunk => 3.3.0 | ||||||||||||
| 2012-04-18 09:59 | obilodeau | Note Added: 0002660 | |||||||||||||
| 2012-04-18 10:00 | obilodeau | Status | resolved => closed | ||||||||||||
| Notes | |||||
|
|
|||||
|
|
||||