DHCP-PXE booting process problem with BIOS+UEFI computers simultaneously

PCrispim

SERVER AND NETWORK INFORMATION
The main FOG Server IP is 10.1.8.1 (interface enp12s0)
I have severall VLAN in my network.
I have two NICs in the FOG Server (one that resides in the Quarantine VLAN, which is the 10.1.8.0/23 network - the enp12s0 interface) and another which is in the 10.114.187.0/24 network).
After the image is deployed, hosts can only communicate with the 10.114.187.14 IP interface (that is the second IP of the FOG Server), because computers are no longer in the Quarantine VLAN, so the FOG Client can communicate with FOG.
All has been working until removing option 66 & 67 and trying to get dnsmasq to work.

FOG Server is latest stable version (1.5.9) and OS is CentOS 7.

FIREWALL
This is the output of the services and ports open - is anything missing?

• firewall-cmd --list-services
  dhcp dhcpv6-client dns ftp http https mountd mysql nfs proxy-dhcp rpc-bind samba ssh tftp
• firewall-cmd --list-ports
  49152-65532/udp 67/tcp 68/tcp 69/tcp 4011/tcp 80/tcp 443/tcp 69/udp 68/udp 67/udp 4011/udp 8099/tcp 22/tcp 22/udp

SITUATION
I cannot get both my BIOS and UEFI computers to image with FOG.
So far I only had BIOS comuters, and was using option 66 and 67 (equivalent settings in CISCO DHCP Server).
Then, I removed both those options and installed dnsmasq (according to https://forums.fogproject.org/topic/12796/installing-dnsmasq-on-your-fog-server).
I configured it exactly as stated there, replacing <fog_server_IP> with 10.1.8.1

RESULTS IN BIOS COMPUTER
I boot in PXE, and I get what appears in this video: https://drive.google.com/file/d/1htJ21EpTW17sGUcnlAOXbLdcQsP-cC1a/view?usp=sharing
After what you see in the video, it takes a long time (10 minutes or more) until appearing 3 times “PXE-E32: TFTP open timeout” and then “PXE-M0F: Exiting Intel Boot Agent.”
As it was doing the process of the video, I had tcpdump running (tcpdump -i enp12s0 -w output-BIOS.pcap - I used no filters so all traffic could be captured, because almost no other computers where active at the moment I captured this) which you can download from https://drive.google.com/file/d/1pQe0BpY1Y8f4F4vKXfzNdWtSov6sHvSw/view?usp=sharing

RESULTS IN UEFI COMPUTER
I boot in PXE, and I get what appears in this video:
https://drive.google.com/file/d/1NIzl-W_ZRmXf1aPPTaHypPpNszdjqsOQ/view?usp=sharing
(as you see, we only know it receives an IP, but no more messages until it returns to UEFI, from where I forced to boot in PXE).
As it was doing the process of the video, I had tcpdump running (tcpdump -i enp12s0 -w output-UEFI.pcap - once again, I used no filters so all traffic could be captured, because almost no other computers where active at the moment I captured this)
which you can download from https://drive.google.com/file/d/1QH3nHbLeCbNEwIsHB5Hk1sN6XzOuPIDX/view?usp=sharing

OTHER THINGS

• In https://forums.fogproject.org/topic/12796/installing-dnsmasq-on-your-fog-server is mentioned Option 93 in DHCP. Do I need to configure something in the CISCO DHCP server, regarding that option?
• We are a public secondary school, but the Network devices (CISCO Switches and Routers) are managed by a private enterprise that works for our Education Ministry, and it’s hard to tell them what we want to do.
  Any help would be really appreciated (school starts next tuesday and I still don’t have the computers with the images for this school year).

rollercoaster

Looks like you are having issue with TFTP. With recent firewalld, you have to have some mechanism for inter-zone traffic. I’m not sure if the one on CentOS 7 is covered. Also, you missed to show the zones of your interfaces.

I have these on my setup where the storage server has 3 interfaces serving diskless clients via iscsi:

For my external zone:

[root@san ~]# ip -4 addr ls xenbr0
6: xenbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.0.33/27 brd 192.168.0.63 scope global dynamic noprefixroute xenbr0
       valid_lft 3181sec preferred_lft 3181sec
[root@san ~]# 
[root@san ~]# firewall-cmd --get-zone-of-interface=xenbr0
external
[root@san ~]# firewall-cmd --zone=external --list-services
dhcp http https iscsi-target samba ssh tftp

And this is my internal zone

[root@san ~]# ip -4 addr ls xenbr10
7: xenbr10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default qlen 1000
    inet 192.168.10.1/24 brd 192.168.10.255 scope global noprefixroute xenbr10
       valid_lft forever preferred_lft forever
[root@san ~]# 
[root@san ~]# firewall-cmd --get-zone-of-interface=xenbr10
internal
[root@san ~]# firewall-cmd --zone=internal --list-services
dhcp http https iscsi-target postgresql samba ssh tftp

I have these firewalld rule to enable the inter-zone traffic:

 [root@san ~]# cat firewalld.txt
firewall-cmd --new-policy NAT_int_to_ext --permanent
firewall-cmd --permanent --policy NAT_int_to_ext --add-ingress-zone internal
firewall-cmd --permanent --policy NAT_int_to_ext --add-egress-zone external
firewall-cmd --permanent --policy NAT_int_to_ext --set-target ACCEPT

Finally, I test things out from one of my vms and tried to can grab a file over tftp

user@debian:~$ ip -4 addr ls virbr0
5: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default qlen 1000
    inet 192.168.10.15/24 brd 192.168.10.255 scope global dynamic virbr0
       valid_lft 2111sec preferred_lft 2111sec
user@debian:~$ 
user@debian:~$ tftp 192.168.10.1 -vc get ipxe.d/roms/undionly.kpxe
Connected to 192.168.10.1 (192.168.10.1), port 69
getting from 192.168.10.1:ipxe.d/roms/undionly.kpxe to undionly.kpxe [netascii]
Received 75436 bytes in 0.6 seconds [928658 bit/s]
user@debian:~$ ls -lh undionly.kpxe 
-rw-r--r-- 1 user user 74K Dec 12 10:25 undionly.kpxe