No route to host when trying to capture with fog 1.15.10 new install
-
I should also mention we had a working FOG server on 1.5.9 running Centos 7, but since the entire Centos distro line is now EOL, I am working to migrate all of our servers over to Debian 11. The DHCP server is a Windows Server 2016 server, but there shouldn’t be any changes needed there as it was working with the other server. All we did was change the OS to a different supported distro, and install the latest version.
-
@anwoke8204 OK I want you to schedule a new capture/deploy but tick the debug checkbox then schedule the task.
Now pxe boot the target computer. After a few screens of instructions that you need to clear with the enter key you will be dropped to the FOS Linux command prompt. From there see if you can ping the fog server.
The get target computer’s IP address with this command
ip a s
make sure the subnet mask and ip address is what you expect.On your debian server make sure that the firewall is not installed. On debian the firewall is ufw.
-
This post is deleted! -
@george1421 here are the results of the above:
here is the instructions
here is the ping to the fog server:
Here is the results of the ip a s command:
and then once typing fog to continue with the boot we are getting the following null error:
any idea where we go from here? the subnet is 255.255.255.0 or /24 cidr so it is correct
-
@george1421 We have narrowed it down to an issue with firewalld. no matter how I try to input the rule to allow port 2049/udp it doesn’t stick. I can look the user created rules in /etc/firewalld/zones/public.xml and I can see all of the other ones, but not the one for port 2049/udp. I have gried webmin as well as command line to allow port 2049/udp and it doesn’t seem to want to stick if I use webmin, and if I use commandline it says its already there. when I try to do it via command line I get the following error:
user@imaging:/etc/firewalld/zones# firewall-cmd --permanent --zone=public --add-port=2049/udp
Warning: ALREADY_ENABLED: 2049:udp
successbut when you view the xml file you can see its not listed. here is the contents of /etc/firewalld/zones/public.xml
<?xml version=“1.0” encoding=“utf-8”?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name=“ssh”/>
<service name=“dhcpv6-client”/>
<service name=“http”/>
<service name=“https”/>
<port port=“10000” protocol=“tcp”/>
<port port=“69” protocol=“udp”/>
<port port=“1024-65535” protocol=“udp”/>
<port port=“2049” protocol=“tcp”/>
<port port=“111” protocol=“tcp”/>
<port port=“111” protocol=“udp”/>
</zone>Any ideas on how I can get this to work?
-
@anwoke8204 How did we get from debian which uses ufw for the firewall, to firewalld which is typically used on centos? But that also explains why ping works but nfs does not.
First I would stop firewalld to see if that is the root of the problem. You can get nfs v3 to work with the firewall enabled there is just a few more ports that are needed than just ports 2049.
Here is a document that covers firewall requirements for FOG. https://forums.fogproject.org/topic/6162/firewall-configuration
-
@george1421 I uninstalled ufw/iptables because I prefer firewalld. I used to use Centos, but as centos is now EOL, im having to switch all of our servers over to debian, and firewalld is what im familiar with. but I can’t seem to open port 2049/udp in firewalld for some reason.
We have stopped firewalld for now, and imaging works as expected. I have shown above, I have tried inputing the port via webmin and via commandline and it says its there when I try to add it via command line, so it doesn’t add it again. I might have to bite the bullet and just go with ufw/iptables (they are the same right? I am not that familiar with ufw).
-
@anwoke8204 said in No route to host when trying to capture with fog 1.15.10 new install:
I uninstalled ufw/iptables because I prefer firewalld.
I as you have moved on from Centos/RHEL. I was in the RHEL camp starting in 1999. With them closing down Centos as we knew it, I made the switch to Debian about 2 years ago. To me Centos is dead to me.
I can only comment on firewalld and masking Debian because you are comfortable with the way RHEL worked. Eventually you will need to become familiar with the way Debian and to a lesser extend Ubuntu does things. IMO just bit the bullet and use ufw that way you can find support. The concepts are pretty much the same between firewalld and ufw because iptables runs under the hood for both. Now that you understand the concepts the rest is just syntax. You have to do what’s right for you and your business, don’t simply listen to some dude on the internet.
-
@george1421 ok, I have reinstalled ufw. and removed firewalld. will let you know how it goes. here are my rules, do these look ok?
let me know if there are any rules I need to delete or change.
-
@anwoke8204 The only one I don’t see is ftp.
Fog uses ssh, nfs, ftp. tftp, bootp/dhcp, http, https, rpc port mapper Make sure that stuff is enable. The rest looks good.
-
@george1421 ok, I have added that port. I am not onsite, as i remote in so I am waiting to see if someone onsite can test and get back to me.
-
@george1421 ok, it halts at tftp and times out.
here are the firewall rules I have. which ones do i need to change or fix?
-
@george1421 I redid all of the rules and just put in the fog ports, ssh, and webmin ports. ufw now looks like this:
is there any other ports or icmp requests I should open? sorry, I am not that familiar with ufw.
-
Cant seem to get it going, so im going to try bringing FOG online using rocky linux since its based off of RHEL, and thats what im more familiar with. I will let you know how it goes.
-
@george1421 ok, I have it up and running on Rocky Linux, but I am still having the firewald issue where when I create rule 2049/udp it doesn’t show, so when I try to add it manually in the xml file firewalld crashes. any idea how I can get the port to stick in firewalld?
-
@george1421 ok, I was able to get the port to stick, so here is a screenshot of all of the open ports now.
but we are still getting the no route to host. Is there a port I am missing? Any idea why its doing that? it has to be something with that port not working right or something. when we turn the firewall off, it works just fine, but when we turn the firewall on, we get no route to host.
-
@anwoke8204 In this article https://www.cherryservers.com/blog/how-to-configure-ubuntu-firewall-with-ufw There is a section about logging. It kind of indicates that the default deny policy logs blocked packets in /var/log/ufw* files. Lets see if there is something there regarding to what nfsv3 is trying to do. I don’t have ufw enabled on my fog servers so I have not run into this issue before.
It looks like you have all of the rules/ports enabled.