PacketFence
Bug Tracking System

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001374PacketFencecorepublic2012-02-03 14:342012-04-18 10:00
Reporterobilodeau 
Assigned Todwuelfrath 
PrioritynormalSeverityminorReproducibilityN/A
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target Version3.3.0Fixed in Version3.3.0 
Summary0001374: Inline mode should work as VLAN mode regarding DNS blackholing
DescriptionInline mode, as currently implemented, can be improved regarding DNS blackholing.

Right now you choose in configuration, either:
a) you use the portal in an IP-based way, and you provide a valid external DNS in
b) you use the portal with DNS but you might provide a valid internal DNS and add an FQDN to PacketFence's IP inline interface

It's more trouble to configure but also it causes problems because IP-based can't use an SSL-based portal and because of that configurable difference we have two different portal apache config.

Inecting a DNAT rule to refer to the local DNS on an inline network when the user is unreg (or in violation) would fix that problem: when DNAT'ed DNS blackholing makes the redirection dance happening again otherwise if not DNAT'ed DNS goes to the real DNS which should work.

Potential problem: named might not like to answer to the DNAT request or the client might refuse the reply from another IP (remember this is UDP.. thus rewriting source IP might be in order).

Once fixed don't forget to:
- drop the parameter regarding ip or dns based portal redirect from pf.conf
- drop apache config duplication
- update documentation accordingly
TagsNo tags attached.
fixed in git revision
fixed in mtn revision
Attached Files

- Relationships
related to 0001387closedobilodeau iptables forward filter customization 
related to 0001423resolvedfgaudreault Weird behavior with DNS and connection tracking in inline enforcement 

-  Notes
(0002660)
obilodeau (reporter)
2012-04-18 09:59

fix released in 3.3.0 last friday

- Issue History
Date Modified Username Field Change
2012-02-03 14:34 obilodeau New Issue
2012-02-03 14:34 obilodeau Status new => assigned
2012-02-03 14:34 obilodeau Assigned To => dwuelfrath
2012-02-29 10:53 obilodeau Category feature => core
2012-02-29 11:10 obilodeau Relationship added related to 0001387
2012-04-12 13:13 dwuelfrath Status assigned => resolved
2012-04-12 13:13 dwuelfrath Resolution open => fixed
2012-04-12 13:13 dwuelfrath Fixed in Version => trunk
2012-04-16 11:24 obilodeau Relationship added related to 0001423
2012-04-18 09:49 obilodeau Target Version => 3.3.0
2012-04-18 09:50 obilodeau Fixed in Version trunk => 3.3.0
2012-04-18 09:59 obilodeau Note Added: 0002660
2012-04-18 10:00 obilodeau Status resolved => closed


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker