Quote:
Originally Posted by jggimi
Let's go step by step, please.
1. When your user is logged in to the authpf shell, does that user receive this message, "Hello <userid>. You are authenticated from host <ip address>" ? If yes, the authpf shell is active. If not, you have a configuration problem.
|
If i add the following lines to /etc/authpf/authpf.rules
Code:
pass in from any to any
Then yes the window will stay open and say you are now authenticated.
Quote:
Originally Posted by jggimi
2. While that user is logged in, what do you see when you issue this command on the gateway?
# pfctl -sr -a authpf/*
If you don't see rules, or, you see the wrong rules, you have a configuration problem.
|
the pf command returns nothing, just immediately back to the command prompt
Quote:
Originally Posted by jggimi
3. What message do you get while that user is logged in, when you have tcpdump running on the gateway with the following command, and you try to reach your destination?
# tcpdump -neti pflog0 action block
I want to know what traffic is being blocked.
---
1. This will tell us if you have an authpf shell or not.
2. This will tell us if you have applicable rules enabled through authpf
3. This will show us what traffic got blocked. We know its blocked; we will be able to see what type of traffic it is and determine why it does not match a pass rule.
|
tcpdump doesnt display anything related to the login. I do see blocks in athn0 on port 53
rule 0/(match) block in on athn0: 10.2.0.32.60596 > 4.4.4.4.53: 946+[|domain]