Two VLANs (Two IP ranges)

diegogyn · Dec 5, 2023, 1:13 PM

Hello everybody.

I have a doubt.
How do I make fog work on 2 different vlans?

I have pfSense as firewall and dhcp. And I have two vlans that must be separated for security reasons.

I installed my fog server on vlan 3601 (192.168.10.1) and I want it to also work on vlan 3600 (192.168.0.1).

I placed 2 network cards in it, each one in its respective LAN and I also created two Storage Nodes each for its VLAN. On vlan 3601 (192.168.10.1) it works perfectly.

I configured DHCP in pfsense, but when I boot into VLAN 3600 I have the following error:

(It finds the IP in TFPT but does not find the URL in HTTP)

What am I doing wrong?

george1421 · Dec 5, 2023, 6:11 PM

@diegogyn You need to have full routing working between the subnets. More precisely for this error you need to be able to reach the fog server’s web ui from the 3600 vlan. It looks like you have tftp setup because fog’s ipxe boot loader is running.

diegogyn · Dec 5, 2023, 8:25 PM

@george1421 I can access the fog http interface from both networks. On the 3600 network I access the web interface via IP 192.168.0.1.

In my view, the problem is that when starting the ipxe boot loader it pulls the IP from the other network (3601), when the correct thing is for it to pull the IP from the network where I am starting it.

Is it possible to configure the ipxe boot loader to try to download files from 2 different IP ranges?

george1421 · Dec 5, 2023, 9:38 PM

@diegogyn said in Two VLANs (Two IP ranges):

Is it possible to configure the ipxe boot loader to try to download files from 2 different IP ranges?

Fog is not designed to have/support multiple imaging network interfaces. If this is what you are trying to do, then that is your problem. You might need to setup an additional FOG server on the vlan 3600 subnet if there are filtering rules blocking access to the 192.168.10.1 IP address.

baovipboy156 · Dec 6, 2023, 3:08 AM

as your case, i have 3 solution:

create a rule on pfsense any IPv4 can see the fog server 192.168.10.ipfogserver
on the wan site aka upstream network, forward port to the fogserver, so all the internal can see the fog server
modify the fog client to use dns or inject custom code like

(if current ip ==192.168.10.x)
set ip fogserver 192.168.10.fogserver
else set ip fogserver 192.168.0.fogserver

diegogyn · Dec 6, 2023, 12:39 PM

I understand. I thought that with 2 network cards it would be possible to do this.

What I tried was to do the following and change the default.ipx file with the following line:

chain http://192.168.10.1/fog/service/ipxe/boot.php##params || chain http://192.168.0.1/fog/service/ipxe/boot.php##params || goto bootme

And I managed to boot on the other network. This way, it is possible to boot from the 2 network cards in different VLANs.

The problem is that, as @george1421 said, Fog doesn’t provide this type of support. (I believe that if the developers created an ID to identify the network and separated the files it would be possible to do this configuration, but I don’t know the feasibility of that.)

As @baovipboy156 suggested, I’ll try to do a forward port to the fogserver in pfSense, and let you know if it works.

Thanks for the help guys.

Two VLANs (Two IP ranges)

189

12.0k

17.3k

155.2k