Fog Server Setup With Two Network Cards For Isolation
-
@Zerpie Setting up the fog server with 2 interfaces should not be a problem.
The first thing you need to do is identify which interface you want for your imaging network. Then set that network interface with a static address on your imaging network. Set the IP address and subnet mask, but no gateway for this imaging network interface.
On the second interface you can either set it to dynamic or assign a static IP address, with an IP address and subnet mask for your business network, also define a default gateway on your business network. You for server needs internet access to install fog.
The last thing you need to know is the name of the imaging network, network adapter. Once you have this name, then install FOG. The FOG installer will ask you the name of the network adapter you want to use for imaging. Just enter the correct one if the installer guesses wrong.
Install fog. The web server will bind to all interfaces so you can get to the web ui via either network cards. The only thing the FOG application does not like is the host changing IP addresses after FOG is installed. That causes a number of problems when that happens.
-
@george1421 Thank you for that. When I’m installing Fog do I also want to specify the IP of the imaging network when it asks “What is the IP address to be used by this FOG Server?” Because it’s defaulting to the IP of the business network.
-
@Zerpie said in Fog Server Setup With Two Network Cards For Isolation:
“What is the IP address to be used by this FOG Server?”
You want to key in the static IP address for the imaging network in the question. The installer is guessing, but guessed wrong.
I can also tell you, that my preference is to use eth0 (or the first network interface) for imaging and eth1 for the business network. Doing it this way, will let the installer guess better. But there is no ‘right’ way to do it. You will just need to provide hits so the installer looks in the right places.
-
@george1421 Awesome! I gave that a try, but once again when it asks me to log into the web UI it is not reachable from the business network that I’m connected to.
I’m not sure if there’s something weird about how our network is setup that is not allowing me to reach out to it, but as you said, the web server will bind to all interfaces. Not sure what I might be missing.
I’ve also disabled the firewall on the Fog server because I’ve seen that mess with being able to access the web UI as well. Still no go, though. I appreciate all your help, George.
-
@Zerpie From your business network can you ping your fog server?
Can you connect to the web interface from the imaging network?
If you run the command
sudo netstat -an|grep -e ":80"does it show you something like this:sudo netstat -an|grep -e ":80" tcp6 0 0 :::80 :::* LISTENThis indicates that the web server is listening on all interfaces.
-
@george1421 said in Fog Server Setup With Two Network Cards For Isolation:
netstat -an|grep -e “:80”
I cannot ping the fog server from the business network. I ran that command and I got the exact same result that you show there. I will need to take my laptop to another part of the building to get onto the imaging network to see if I can reach the web UI for there. I’ll let you know.
-
@Zerpie said in Fog Server Setup With Two Network Cards For Isolation:
I cannot ping the fog server from the business network.
I would focus on this.
From your fog server can you ping devices on your network?
Did you disable the linux firewall on your FOG server?
Are you sure you removed the gateway from the imaging network interface.if you run the
ip routecommand, is the default route setup correctly? -
@george1421 I can ping devices on my network from the Fog server.
I did disable firewalld on the Fog server.
And yes, I removed the gateway from the imaging network interface. I checked on this by running the common “route” and it shows 0.0.0.0 for my imaging network interface, but it also shows 0.0.0.0 for the business network interface as well. Not sure if that’s an issue.Finally, I ran “ip route” and I’m not sure what all of this means. I censored the IPs of the business network. Not sure if that even matters.
default via x.x.x.254 (The ip of the gateway for the business network interface) dev ens224 proto static metric 101
x.x.x.0/24 (business network) dev ens224 proto kernel scope link src x.x.x.171 (ip of the business network interface) metric 101
153.86.19.0/24 (imaging network) dev ens192 proto kernel scope link src 153.86.19.10 metric 100I’m far from a networking expert or a Linux expert so I apologize if I’m making any glaring mistakes, but I’m eager to learn as much as I can. The task of finding a new imaging solution was kinda tossed my way after our old IT manager/sysadmin left.
-
@Zerpie said in Fog Server Setup With Two Network Cards For Isolation:
I can ping devices on my network from the Fog server.
This is interesting in that you can ping devices on your business network, yet your business network can not ping the business network interface of your fog server. This really smells like your firewall is enabled on your FOG server.
What linux distro is your FOG server running?
-
@george1421 I’m running it on Fedora Server 28.
-
@Zerpie If it helps, I followed the directions to a T from the Fedora Server 25 installation wiki https://wiki.fogproject.org/wiki/index.php?title=Fedora_25_Server
And then followed your directions from this thread once I got to the running the Fog installer portion at the bottom.
-
@Zerpie well we need to identify why your business network can not ping your fog server, where you fog server can ping your business network device.
There has to be two way communication because a ping consists of an outbound ping packet and then an inbound ping reply.
-
@george1421 Alright, so I’m able to ping the IP of the Fog server’s business network nic, just not the IP of the imaging network nic. And that’s the IP that the web interface is on. The imaging network is isolated which is why I originally asked how I will be able to reach the web interface if it’s on the isolated network’s IP.
-
@Zerpie Just for clarity, your fog server is configured for 2 network adapters. This is called a dual homed host. The apache web server is configured to bind to ALL network interfaces. So if there is a network interface on the FOG server, you should be able to reach that web gui from the interface connected to that lan. You didn’t use real examples before, so I can’t give you an exact url. But from the business network, you should be able to connect to the fog server IP on the business network /fog and get the fog’s webgui. The same goes for the imaging network, you have to connect to the fog server’s IP address on the imaging network /fog to get the web gui.
FOG is configured to only use the imaging network in your design. So you can only effectively pxe boot on the imaging network because isc-dhcp (what fog uses for dhcp services) should only be bound to ens192 of your imaging network.
-
@george1421 Yup that did it! It was a combination of the Fog server’s firewall as well as my trying to connect to the web interface using the imaging network’s IP instead of the business network IP. Once I disabled the firewall again and tried the other IP I was able to finally reach the web interface.
Thanks for the help!
