No route to host when trying to capture with fog 1.15.10 new install
-
@anwoke8204 How did we get from debian which uses ufw for the firewall, to firewalld which is typically used on centos? But that also explains why ping works but nfs does not.
First I would stop firewalld to see if that is the root of the problem. You can get nfs v3 to work with the firewall enabled there is just a few more ports that are needed than just ports 2049.
Here is a document that covers firewall requirements for FOG. https://forums.fogproject.org/topic/6162/firewall-configuration
-
@george1421 I uninstalled ufw/iptables because I prefer firewalld. I used to use Centos, but as centos is now EOL, im having to switch all of our servers over to debian, and firewalld is what im familiar with. but I can’t seem to open port 2049/udp in firewalld for some reason.
We have stopped firewalld for now, and imaging works as expected. I have shown above, I have tried inputing the port via webmin and via commandline and it says its there when I try to add it via command line, so it doesn’t add it again. I might have to bite the bullet and just go with ufw/iptables (they are the same right? I am not that familiar with ufw).
-
@anwoke8204 said in No route to host when trying to capture with fog 1.15.10 new install:
I uninstalled ufw/iptables because I prefer firewalld.
I as you have moved on from Centos/RHEL. I was in the RHEL camp starting in 1999. With them closing down Centos as we knew it, I made the switch to Debian about 2 years ago. To me Centos is dead to me.
I can only comment on firewalld and masking Debian because you are comfortable with the way RHEL worked. Eventually you will need to become familiar with the way Debian and to a lesser extend Ubuntu does things. IMO just bit the bullet and use ufw that way you can find support. The concepts are pretty much the same between firewalld and ufw because iptables runs under the hood for both. Now that you understand the concepts the rest is just syntax. You have to do what’s right for you and your business, don’t simply listen to some dude on the internet.
-
@george1421 ok, I have reinstalled ufw. and removed firewalld. will let you know how it goes. here are my rules, do these look ok?
let me know if there are any rules I need to delete or change.
-
@anwoke8204 The only one I don’t see is ftp.
Fog uses ssh, nfs, ftp. tftp, bootp/dhcp, http, https, rpc port mapper Make sure that stuff is enable. The rest looks good.
-
@george1421 ok, I have added that port. I am not onsite, as i remote in so I am waiting to see if someone onsite can test and get back to me.
-
@george1421 ok, it halts at tftp and times out.
here are the firewall rules I have. which ones do i need to change or fix?
-
@george1421 I redid all of the rules and just put in the fog ports, ssh, and webmin ports. ufw now looks like this:
is there any other ports or icmp requests I should open? sorry, I am not that familiar with ufw.
-
Cant seem to get it going, so im going to try bringing FOG online using rocky linux since its based off of RHEL, and thats what im more familiar with. I will let you know how it goes.
-
@george1421 ok, I have it up and running on Rocky Linux, but I am still having the firewald issue where when I create rule 2049/udp it doesn’t show, so when I try to add it manually in the xml file firewalld crashes. any idea how I can get the port to stick in firewalld?
-
@george1421 ok, I was able to get the port to stick, so here is a screenshot of all of the open ports now.
but we are still getting the no route to host. Is there a port I am missing? Any idea why its doing that? it has to be something with that port not working right or something. when we turn the firewall off, it works just fine, but when we turn the firewall on, we get no route to host.
-
@anwoke8204 In this article https://www.cherryservers.com/blog/how-to-configure-ubuntu-firewall-with-ufw There is a section about logging. It kind of indicates that the default deny policy logs blocked packets in /var/log/ufw* files. Lets see if there is something there regarding to what nfsv3 is trying to do. I don’t have ufw enabled on my fog servers so I have not run into this issue before.
It looks like you have all of the rules/ports enabled.
