Part 2 Pfsense Router setup

In this design, the pfSense router will perform 4 different functions.

Provide the dhcp addresses to the clients on the deployment network [192.168.23.0/24] Provide the necessary dhcp boot options to pxe boot the clients on the deployment network Act as a normal router to route traffic between the subnets Act as a IGMP route (via its built in IGMP Proxy server). The IGMP server will listen on its defined upstream interface [LAN] for any defined multicast streams and rebroadcast the stream on any of the defined downstream interfaces [WAN]. Please note I’m only using the concepts of LAN and WAN as interface names. I could have just as easily used em0 and em1, but inside pfSense they reference the logical names of LAN and WAN exclusively. To avoid confusion I’ll continue to use those labels through this document, just understand the are label and not based on functional intent.

I’m not going to go through the setup of the pfSense router since there are many fine examples of setting up pfSense as a basic router. I will go through the settings I changed to configure the igmp proxy setting.

In the graphic above I configured the pfSense router’s

Set the LAN interface address to 192.168.50.250/24
0_1495554662259_Interfaces_ LAN.png

Set the WAN interface address to 192.168.23.1/24
0_1495554685442_Interfaces_ WAN.png

Configured the dhcp server on the WAN interface to issue IP addresses from 192.168.23.10 to 192.168.23.250.
0_1495555318851_Services_ DHCP Server_WAN1.png

For the imaging network, the default route points to the pfSense WAN interface of 192.168.23.1
0_1495555352459_Services_ DHCP Server_WAN2.png

Configured the netboot section of the WAN’s dhcp server to send out the {next-server} of 192.168.50.100 with a bios {boot-file} of undionly,kpxe, ia32 uefi boot file of i386/ipxe.efi, and ipxe.efi for the x64 uefi boot file.
0_1495555364450_Services_ DHCP Server_WAN3.png

In pfSense Advanced Configuration I disabled all firewall rules. In this setup I want pfSense to act as a normal unrestricted router and not as a screening or firewall appliance.
0_1495556193981_System_ Advanced_ Firewall_NAT.png

You will need to go into the firewall rules and add one rule to each interface (LAN and WAN) that is an allow all to any
WAN rule
0_1495558034751_Firewall_ Rules_WAN1.png
LAN rule
0_1495558047051_Firewall_ Rules_ LAN1.png

With the static route configured on your FOG server and the pfSense router now setup on the network, you should be able to ping the deployment network’s router interface [WAN] from the fog server. If you can’t then something is setup incorrectly on the iP router side. Don’t proceed until you have basic IP routing working correctly.

@Tom-Elliott I’m currently spinning up a new FOG 1.4.0 server to test multicasting across subnets (and usb FOS booting it now appears). I’ll divert that setup to test FOG with a windows 2012 server setup as a storage node. I don’t have a centos template on this dev box so its going to take me some time to get up to speed. I do have a windows 2012 template so that one shouldn’t take too long.

I would still expect it to take until this evening before I can get to testing with my day job and everything…

Hi Wayne,

Just tried it but still getting TFTP… then it times out,

TFTP Picture

Timeout Picture

thanks a lot though for jumping in and helping out Wayne

it’s ok, this thing will never touch the internet, but I might jump into the issue if I make another fog server on a vm at home

Thanks Wayne,

I had to do a new fog setup this morning, I did it with the new version with the recommended steps you provided and everything worked out well.

I’ll submit a new post with the new title, thanks again 🙂

@Wayne-Workman I agree each current document needs to be vetted before its moved over.

I’m going to try this.

@Avaryan Awesome tutorial, thank you for giving back.

#wiki worthy

this worked great issue resolved.

@Junkhacker I did not know this…

@Tom-Elliott Thank you! It finally works…

@george1421 here is the error2_1488933685695_rsz_20170307_163040.jpg 1_1488933685695_rsz_20170307_163050.jpg 0_1488933685693_rsz_20170307_163106.jpg

@Wayne-Workman thanks, Wayne!

@Jaymes-Driver said in Debian 8 tutorial:

I am sorry for filling up your thread with these posts,

Nah, it’s fine.

I don’t think Ubuntu is a better fit for a novice really, not for use as a production-server. For end-user desktops & laptops yes absolutely I think Ubuntu is stronger there. But when it comes to fixing / manipulating things in the back-end, when it’s time to open the Terminal, a novice would have equal amounts of challenge whether the OS is Ubuntu or something else.

There’s not really a lot of differences between Ubuntu and Debian, and the differences between Ubuntu & something like CentOS are pretty short.

Off the top of my head… and these lists are missing most of the differences I’m sure but…

Ubuntu:
Security - apparmor & iptables.
update configurations - /etc/apt/sources.list
root login via ssh disabled by default inside /etc/ssh/sshd_config
to update - apt-get -y update;apt-get -y dist-upgrade;apt-get -y autoclean;apt-get -y autoremove
apache is called apache2
OS installer forces you to create a non-root user.
Network configuration is in /etc/network/interfaces

CentOS:
Security - firewalld & SELinux & optionally iptables if that’s your thing.
update configurations - /etc/yum.repos.d/
root login via ssh permitted by default inside /etc/ssh/sshd_config
to update - yum -y update;yum clean all
apache is called httpd
OS installer makes configuring non-root users optional.
Network configuration is in /etc/sysconfig/network-scripts/ifcfg-<interface name>

Similarities:
Both use /etc/ssh/sshd_config
Both use volume groups, logical volumes by default in their respectable installers.
Both have the same apache configuration files, same options available in there.
Both use /var/www/html as their default web root, - only recently.
Both use systemctl - only recently.
Service commands work on both still.
Ubuntu will be adopting firewalld in the future I think.
Both use /home as the user home directory.
Both use /root as the root user’s home directory.
standard linux commands exist on both such as sudo, ssh, mv, cp, rm, ls, crontab, useradd, userdel, realmd, ping, hostname, route, ip, ifconfig, ifdown, ifup, vi, a ton more.

What I’m getting at is - if you know an ounce of Linux - you will be able to work on any distribution without much effort besides some quick google searches to see what it is on this/that. And if you know zero linux you won’t have a easy time no matter the distribution - when it comes time to do work on a server.

End-user non-technical laptop/desktop usage where a person will never open terminal - well this is a different story and Ubuntu would be the best choice here.

@x23piracy Again, you should put this stuff into the wiki.

@sudburr This would do the same but give dates and no-longer active branches too. The count is adjustable. This is a snippet from something I’m working on.

git for-each-ref --count=10 --sort=-committerdate refs --format='%(committerdate:short)_%(refname:short)'