• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

DHCP works but no internet to clients

Scheduled Pinned Locked Moved Solved
Linux Problems
dhcp server
3
27
3.4k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    davidka
    last edited by Sebastian Roth Oct 30, 2019, 9:58 AM Oct 30, 2019, 2:34 PM

    okay I got fog set up, DHCP is giving out IP and booting to the fog menu. I’m using a server with two NICs
    one is connected to my work network for internet, the second is on a separate switch to provide imaging and internet to client machines ( we use an isolated network for imaging of new machines)
    I can ping from and remote in tothe server so I know its getting a network connection, just for whatever reason its not serving the connection through the second NIC along with the DHCP. I Feel like there needs to be something else in the DHCP config file, I just cant figure out what to put in there. This is on Fedora 30 with the latest Fogserver from github. (as of Oct 25 2019)

    This is my current DHCPD config

    # DHCP Server Configuration file\n#see /usr/share/doc/dhcp*/dhcpd.conf.sample
    # This file was created by FOG
    #Definition of PXE-specific options
    # Code 1: Multicast IP Address of bootfile
    # Code 2: UDP Port that client should monitor for MTFTP Responses
    # Code 3: UDP Port that MTFTP servers are using to listen for MTFTP requests
    # Code 4: Number of seconds a client must listen for activity before trying
    #         to start a new MTFTP transfer
    # Code 5: Number of seconds a client must listen before trying to restart
    #         a MTFTP transfer
    option space PXE;
    option PXE.mtftp-ip code 1 = ip-address;
    option PXE.mtftp-cport code 2 = unsigned integer 16;
    option PXE.mtftp-sport code 3 = unsigned integer 16;
    option PXE.mtftp-tmout code 4 = unsigned integer 8;
    option PXE.mtftp-delay code 5 = unsigned integer 8;
    option arch code 93 = unsigned integer 16;
    use-host-decl-names on;
    ddns-update-style interim;
    ignore client-updates;
    # Specify subnet of ether device you do NOT want service.
    # For systems with two or more ethernet devices.
    # subnet 136.165.0.0 netmask 255.255.0.0 {}
    subnet 192.168.1.0 netmask 255.255.255.0{
        option subnet-mask 255.255.255.0;
        range dynamic-bootp 192.168.1.10 192.168.1.254;
        default-lease-time 21600;
        max-lease-time 43200;
       # option routers 192.168.1.1
        option domain-name-servers 8.8.8.8;
        next-server 192.168.1.1;
        class "Legacy" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:>
            filename "undionly.kkpxe";
        }
        class "UEFI-32-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:>
            filename "i386-efi/ipxe.efi";
     }
        class "UEFI-32-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:>
            filename "i386-efi/ipxe.efi";
        }
        class "UEFI-64-1" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:>
            filename "ipxe.efi";
        }
        class "UEFI-64-2" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:>
            filename "ipxe.efi";
        }
        class "UEFI-64-3" {
            match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:>
            filename "ipxe.efi";
        }
        class "SURFACE-PRO-4" {
            match if substring(option vendor-class-identifier, 0, 32) = "PXEClient:>
            filename "ipxe.efi";
     }
        class "Apple-Intel-Netboot" {
            match if substring(option vendor-class-identifier, 0, 14) = "AAPLBSDPC/>
            option dhcp-parameter-request-list 1,3,17,43,60;
            if (option dhcp-message-type = 8) {
                option vendor-class-identifier "AAPLBSDPC";
                if (substring(option vendor-encapsulated-options, 0, 3) = 01:01:01)>
                    # BSDP List
                    option vendor-encapsulated-options 01:01:01:04:02:80:00:07:04:8>
                    filename "ipxe.efi";
                }
            }
        }
    }
    #END OF DHCPD.conf
    

    #AND this is my current NIC config(I stared out part of the IP because its my works IP from our ISP and you know, I don’t want to be the guy that gave the IP to the world.)

    #This is the connection that gets internet from the network and allows remote connection for managing the server

    eno1: connected to eno1
            "Intel 82579V"
            ethernet (e1000e), *C:*2:*9:20:CE:B0, hw, mtu 1500
            ip4 default
            inet4 ***.***.215.106/24
            route4 ***.***.215.0/24
            route4 0.0.0.0/0
            inet6 fe80::c**f:c9dd:**6f:d2bd/64
            route6 fe80::/64
            route6 ff00::/8
    

    #This is the connection that DHCP is served to

    enp3s0: connected to enp3s0
            "Intel 82574L"
            ethernet (e1000e), **:0*:CA:2C:5D:45, hw, mtu 1500
            inet4 192.168.1.1/24
            route4 192.168.1.0/24
            inet6 fe80::f111:****:3679:****/64
            route6 fe80::/64
            route6 ff00::/8
    
    lo: unmanaged
            "lo"
            loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536
    
    DNS configuration:
            servers: ***.***.37.20
            interface: eno1
    
            servers: ***.***.37.20
            interface: enp3s0
    1 Reply Last reply Reply Quote 0
    • S
      Sebastian Roth Moderator
      last edited by Oct 30, 2019, 3:57 PM

      @davidka Dual-NIC setups are advanced. You can make it work but it’s not something we support by default because every setup is somewhat different and it’s very hard to try and suite for all.

      just for whatever reason its not serving the connection through the second NIC along with the DHCP.

      Please explain what you mean by that. The config and information you posted seems ok so far.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      1 Reply Last reply Reply Quote 0
      • G
        george1421 Moderator
        last edited by Oct 30, 2019, 5:37 PM

        Ah I see what you are trying to do. What, do you think the fog server can be a router too?

        The short answer is, YES you can do that.

        You will need to update the dhcp server to tell to push the default route is the imaging network’s LAN interface on the fog server.

        Then what you need to do is set a kernel parameter to allow forwarding between your network interfaces. I suggest that you google “linux kernel ip forwarding” to better understand what you are doing but the quick answer is this.
        cat /proc/sys/net/ipv4/ip_forward
        should return 0 so not forwarding.

        echo 1> /proc/sys/net/ipv4/ip_forward
        then
        cat /proc/sys/net/ipv4/ip_forward
        should return 1 so do IP forwarding.

        To make it persistent (survive fog server reboots) you need to update /etc/sysctl.conf and add in as the last line net.ipv4.ip_forward = 1 On a line by itself.

        Lastly if you need to send data back to your imaging network from your business lan, you will need to create a static route in the default router for your business lan describing the imaging network IP address and how to get there via the Business LAN interface of your fog server.

        Understand this request has nothing to do with fog, but more to do with using linux as a router and pure IP routing.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

        1 Reply Last reply Reply Quote 1
        • D
          davidka
          last edited by Nov 5, 2019, 5:18 PM

          I got it figured out. had to setup routes through iptable etc. Thanks.

          G 1 Reply Last reply Nov 5, 2019, 5:45 PM Reply Quote 0
          • G
            george1421 Moderator @davidka
            last edited by Nov 5, 2019, 5:45 PM

            @davidka said in DHCP works but no internet to clients:

            had to setup routes through iptable

            I guess I can say OK to that, but iptables shouldn’t be involved here unless you are doing NAT. But if you have it working, great.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

            D 1 Reply Last reply Nov 5, 2019, 5:51 PM Reply Quote 0
            • D
              davidka @george1421
              last edited by Nov 5, 2019, 5:51 PM

              @george1421 Yes NAT got involved. lol.

              now I’m having issues with capturing the images. all signs are pointing to tftp but nothing I’ve tried has worked.) Its saving the images to /images/dev using the client MAC as the folder name. It just never finishes the process so it wont restore the images.

              G 1 Reply Last reply Nov 5, 2019, 5:57 PM Reply Quote 0
              • G
                george1421 Moderator @davidka
                last edited by Nov 5, 2019, 5:57 PM

                @davidka said in DHCP works but no internet to clients:

                …all signs are pointing to tftp but nothing I’ve tried has worked.) Its saving the images to /images/dev using the client MAC as the folder name.

                If this is the case then its not a tftp issue. If the files are being created in /images/dev FOS Linux is running at this point. TFTP is only used to deliver iPXE (FOG Menu) to the target computer.

                It just never finishes the process so it wont restore the images.

                What error is it giving you at this point. The upload is done. Do you see an error regarding FTP? A screen shot of the error should help us decide where to look next.

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                D 1 Reply Last reply Nov 5, 2019, 6:45 PM Reply Quote 0
                • D
                  davidka @george1421
                  last edited by Nov 5, 2019, 6:45 PM

                  @george1421 83d56c56-fa15-4639-9ac6-9ce6b61cb387-image.png I get that right after it gets done cloning. I recored that as a video its on my google drive https://drive.google.com/open?id=18fwBwbhZ34qPPnrlWwQA_EDyTevForsg I’ve got a couple guys on k-12 Technition suport group discord looking at with me too. (I found out about from the network admin at another school. I work at a college I’m trying to show my sysadmin we need to use FOG lol.)

                  1 Reply Last reply Reply Quote 0
                  • S
                    Sebastian Roth Moderator
                    last edited by Nov 5, 2019, 7:49 PM

                    @davidka This Type: 1024 error is probably caused by a connection issue. We often have people post a similar picture but with authentication error. Here I guess it’s a connection thing. From the network where you have your hosts can you open a FTP connection from any of the clients (e.g. use WinSCP or FileZilla)? Username is fogproject and the password you find in /var/www/html/fog/lib/fog/config.class.php on your FOG server.

                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                    D 1 Reply Last reply Nov 5, 2019, 8:42 PM Reply Quote 0
                    • D
                      davidka @Sebastian Roth
                      last edited by Nov 5, 2019, 8:42 PM

                      @Sebastian-Roth when I try to connect using an ftp client (coreftp) it gives me this:```

                      Connect socket #1904 to ***.***.215.106, port 22...
                      Can't establish connection --> ***.***.215.106:22 @ Tue Nov 05 14:38:50 2019   (0-38)
                      Connection Failed
                      

                      I started out the first part of my IP as that is a a private IP for our school.

                      G 2 Replies Last reply Nov 5, 2019, 9:01 PM Reply Quote 0
                      • G
                        george1421 Moderator @davidka
                        last edited by george1421 Nov 5, 2019, 3:01 PM Nov 5, 2019, 9:01 PM

                        @davidka Hmmm did someone play (test) with iptables that may be blocking ftp access? </snark>

                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                        1 Reply Last reply Reply Quote 0
                        • S
                          Sebastian Roth Moderator
                          last edited by Nov 5, 2019, 9:01 PM

                          @davidka said in DHCP works but no internet to clients:

                          Connect socket #1904 to ..215.106, port 22…

                          Port 22 is SSH/SCP not FTP?!

                          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                          D 1 Reply Last reply Nov 5, 2019, 9:09 PM Reply Quote 0
                          • G
                            george1421 Moderator @davidka
                            last edited by Nov 5, 2019, 9:03 PM

                            @davidka From your windows computer, can you ftp to 192.168.1.1 (your fog server I guess) with the user name of fogproject and the password found in /opt/fog/.fogsettings ? it will be a random long password. If you can connect via FTP from a windows computer then we have something else going wrong.

                            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                            D 1 Reply Last reply Nov 5, 2019, 9:13 PM Reply Quote 1
                            • D
                              davidka @Sebastian Roth
                              last edited by Nov 5, 2019, 9:09 PM

                              @Sebastian-Roth 22 is just was in the blank be default. I’m not sure what port it should be.

                              1 Reply Last reply Reply Quote 0
                              • D
                                davidka @george1421
                                last edited by Nov 5, 2019, 9:13 PM

                                @george1421 I’ve changed that password in all its locations to a custom password. (but it was messing up before I did that though) and no it doesn’t connect.

                                Okay so I changed it to port 21 and got this

                                Connect socket #1760 to ***.***.215.106, port 21...
                                500 OOPS: tcp_wrappers is set to YES but no tcp wrapper support compiled in  
                                Can't establish connection --> ***.***.215.106:21 @ Tue Nov 05 15:12:53 2019   (0-
                                

                                the 192.168.1.1 is my DHCP pool the server IP is different. it ends in 215.106

                                G 1 Reply Last reply Nov 5, 2019, 9:31 PM Reply Quote 0
                                • G
                                  george1421 Moderator @davidka
                                  last edited by Nov 5, 2019, 9:31 PM

                                  @davidka said in DHCP works but no internet to clients:

                                  the 192.168.1.1 is my DHCP pool the server IP is different. it ends in 215.106

                                  You are going to have to explain how you have things setup, because from your picture the client is trying to connect to 192.168.1.1

                                  I’m also concerned about this statement

                                  I’ve changed that password in all its locations to a custom password

                                  What does that mean? The fogproject service account is owned and managed by the fog installer. Its password shouldn’t be touched.

                                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                  D 1 Reply Last reply Nov 5, 2019, 9:42 PM Reply Quote 0
                                  • D
                                    davidka @george1421
                                    last edited by davidka Nov 5, 2019, 3:51 PM Nov 5, 2019, 9:42 PM

                                    @george1421 I went into all the config files and changed it. didnt realize it was a big deal. But it was messing up even before I did that. do I need to run the fog installer again ?

                                    I’ve got two NICs one is 192.168.1.1 for DHCP on an isolated network the other is ..215.106 this one has access to the rest of the schools network and assigned by my sysadmin. I needed to be able to remote into the server and supply intert the clients at the same time, so I have it configured to route the traffic from 192.168.1.1 through IP tables and NAT to the 215.106 interface.

                                    My sysadmin does not want DHCP to the rest of the network, hence the utterly complex setup i’m trying to pull off. I’ve tryed to explain to him that FOG wants to be part of the main network, and is expecting a DHCP server to already be setup, etc. But at this time he don’t want that. Its a whole other rant for another time… (we are manually updating everything, not using SCCM or any thing…)

                                    G 1 Reply Last reply Nov 5, 2019, 9:47 PM Reply Quote 0
                                    • G
                                      george1421 Moderator @davidka
                                      last edited by george1421 Nov 5, 2019, 3:47 PM Nov 5, 2019, 9:47 PM

                                      @davidka Well there is a tutorial I have on resyncing all of the password locations that you can run through. You can change the password to what ever you like as long as its secure and consistent. https://forums.fogproject.org/topic/11203/resyncing-fog-s-service-account-password

                                      Looking at your other posts it appears you do have the imaging lan nic set to 192.168.1.1 (at least in your OP).

                                      From your fog server you can run this command to see if the ftp server is running. netstat -an | grep ":21" should show you the ftp server is up and running.

                                      From either the imaging network or from your business network you should be able to connect to the ftp server on the FOG server using a windows computer and the ftp command line client. Again the password will be what is found in /opt/fog/.fogsettings file once you resync all of the passwords. If you can log in via ftp to the fog server then we will dig elsewhere.

                                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                      D 1 Reply Last reply Nov 5, 2019, 10:18 PM Reply Quote 0
                                      • D
                                        davidka @george1421
                                        last edited by Nov 5, 2019, 10:18 PM

                                        @george1421

                                        tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN
                                        

                                        thats what that gave me.

                                        and this

                                        ftp> open ***.***.215.106
                                        Connected to ***.***.215.106.
                                        500 OOPS: tcp_wrappers is set to YES but no tcp wrapper support compiled in
                                        Connection closed by remote host.
                                        
                                        G 2 Replies Last reply Nov 5, 2019, 10:20 PM Reply Quote 0
                                        • G
                                          george1421 Moderator @davidka
                                          last edited by Nov 5, 2019, 10:20 PM

                                          @davidka said in DHCP works but no internet to clients:

                                          500 OOPS: tcp_wrappers is set to YES but no tcp wrapper support compiled in

                                          what is the OS distro FOG is running on?

                                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                          D 1 Reply Last reply Nov 5, 2019, 10:22 PM Reply Quote 0
                                          • 1
                                          • 2
                                          • 1 / 2
                                          1 / 2
                                          • First post
                                            16/27
                                            Last post

                                          199

                                          Online

                                          12.1k

                                          Users

                                          17.3k

                                          Topics

                                          155.2k

                                          Posts
                                          Copyright © 2012-2024 FOG Project