2 vlan using te same fog server

Gilberto Ferraz

Hello!

I use the ‘fog’ system in my work a long time.

I installed 2 ‘vlan’ (172.16.17. * and 172.16.16. *) and use the pfsense.

the fog server works perfectly on network 172.16.17. * with the ip 172.16.17.250

For safety reasons the traffic between the two vlan are blocked.

ie the network 172.16.16. * can not ping the server 172.16.17.250 fog, so far so good.

I created a rule in the 172.16.16 network. * to be able to ping the server to fog (172.16.17.250). problem solved already come to the server fog.

the problem is that the machines of the network 172.16.16. * can not get scheduled tasks on the server fog.

I will show pfsense settings of the network 172.16.17. * It works perfectly.

https://www.dropbox.com/s/secceut2ecwo3fh/imagem 1.png?dl=0

The network 172.16.16. * I can ping the ‘fog’ server with the rule I created this network.

the settings are these

https://www.dropbox.com/s/35c9p14o9oau5ef/imagem 2.png?dl=0

If you schedule a task in fog for a machine connected to the network 172.16.16. * The machine gives error in the DHCP starter ‘ipxe’.

ok I can understand the error. Ie the fog does not assign IP gateway’s because they use different 172.16.16.251 for the network 172.16.16. * And 172.16.17.251 for the network 172.16.17. *

I had an idea then. How have the fire installed in a virtual machine ‘VMWARE’ decided to allocate more a virtual network card to the network 172.16.16.250.

Now the network 172.16.16. * can ping the server and changed the settings for the pfsense

https://www.dropbox.com/s/htducvwark2zgk8/imagem 3.png?dl=0

Now the network machines already assigned IP address.
what happens is that now the machine gives two errors.

PXE-E53: in the boot filename received
PXE-M0F: Exiting Intel Boot Agent

If you change the fog of configurations using browser

https://www.dropbox.com/s/5klswz9r1r3xnkj/imagem 4.png?dl=0

For

https://www.dropbox.com/s/jua2tljgsur9eft/imagem 5.png?dl=0

Does not solve the problem.

settings of my /var/www/fog/lib/fog/Config.class.php file
are

private static function init_setting()
        {
                define('TFTP_HOST', "172.16.17.250");
                define('TFTP_FTP_USERNAME', "fog");
                define('TFTP_FTP_PASSWORD', "43df7b");
                define('TFTP_PXE_KERNEL_DIR', '/var/www/fog/service/ipxe/');
                define('PXE_KERNEL', 'bzImage');
                define('PXE_KERNEL_RAMDISK',127000);
                define('USE_SLOPPY_NAME_LOOKUPS',true);
                define('MEMTEST_KERNEL', 'memtest.bin');
                define('PXE_IMAGE', 'init.xz');
                define('PXE_IMAGE_DNSADDRESS', "172.16.17.251");
                define('STORAGE_HOST', "172.16.17.250");
                define('STORAGE_FTP_USERNAME', "fog");
                define('STORAGE_FTP_PASSWORD', "43df7b");
                define('STORAGE_DATADIR', '/images/');
                define('STORAGE_DATADIR_UPLOAD', '/images/dev/');
                define('STORAGE_BANDWIDTHPATH', '/fog/status/bandwidth.php');
                define('UPLOADRESIZEPCT',5);
                define('WEB_HOST', "172.16.17.250");
                define('WOL_HOST', "172.16.17.250");
                define('WOL_PATH', '/fog/wol/wol.php');
                define('WOL_INTERFACE', "eth0");
                define('SNAPINDIR', "/opt/fog/snapins/");
                define('QUEUESIZE', '10');
                define('CHECKIN_TIMEOUT',600);          define('USER_MINPASSLENGTH',4);
                define('USER_VALIDPASSCHARS', '1234567890ABCDEFGHIJKLMNOPQRSTUVWZXYabcdefghijklmnopqrstuvwxyz_()^!#-');
                define('NFS_ETH_MONITOR', "eth0");
                define('UDPCAST_INTERFACE', "eth0");
                define('UDPCAST_STARTINGPORT', 63100 );                                         // Must be an even number! recommended between 49152 to 65535
                define('FOG_MULTICAST_MAX_SESSIONS',64);
                define('FOG_JPGRAPH_VERSION', '2.3');
                define('FOG_REPORT_DIR', './reports/');
                define('FOG_UPLOADIGNOREPAGEHIBER',true);
                define('FOG_DONATE_MINING', "0");

It seems to me that the problem might be I have to use 2 DNSADDRESS

define ('PXE_IMAGE_DNSADDRESS “,” 172.16.17.251 "); to a network and 172.16.16.251 for another vlan.

Any idea ?

how I solve the problem?

2vlan is possible for the same fog? with different DNS?

Tom Elliott

What you’re running into is what I suppose could be called scope problems.

Your setup of separate vlan’s should work with a SINGLE DHCP server, which if i read everything is already the case.

However, the VLAN of the .16 network needs to know where to look at the DHCP server. This is most often done through the use of ip helpers on the switch. As you’ve allowed communication between the vlan’s, doing this should correct the problem for you.

You would need to set the ip helper to for the .16 vlan to redirect dhcp requests to the .17 vlan.

In the current state, the IP’s are being assigned, and you are defining the gateway’s (from what I can tell) appropriately for both vlan’s. The First issue you “fixed” was proof that it was initially a problem and is no longer a problem:

@Gilberto-Ferraz said:

If you schedule a task in fog for a machine connected to the network 172.16.16. * The machine gives error in the DHCP starter ‘ipxe’.

ok I can understand the error. Ie the fog does not assign IP gateway’s because they use different 172.16.16.251 for the network 172.16.16. * And 172.16.17.251 for the network 172.16.17. *

I had an idea then. How have the fire installed in a virtual machine ‘VMWARE’ decided to allocate more a virtual network card to the network 172.16.16.250.

Now the network 172.16.16. * can ping the server and changed the settings for the pfsense

https://www.dropbox.com/s/htducvwark2zgk8/imagem 3.png?dl=0

Now the network machines already assigned IP address.
what happens is that now the machine gives two errors.

Later on you go on to show the next issue (indicative that the .16 is not even reaching the DHCP server to get the associated next-server/Option 66 and filename/Option 67 parameters.

PXE-E53: in the boot filename received
PXE-M0F: Exiting Intel Boot Agent

Hopefully this helps and makes some sense.

george1421

I understand there may be a language issue here but this is what I see.

You have two subnets (I’m ignoring vlans since that fact is not important) which are 172.16.17. 0/24 and 172.16.16. 0/24. Your fog server is on the 172.16.17. 0/24 subnet. All devices within the 172.16.17. 0/24 subnet work perfectly with FOG.

The issue is your clients on the 172.16.16. 0/24 can not communicate with the fog server on the 172.16.17. 0/24 subnet. Your firewall is blocking the communications. You need to open a series of ports between your clients on 172.16.16. 0/24 and the fog server (more than just ping). To pxe boot you need to enable the tftp protocol and the nfs and ftp protocols between the subnets. Without this enabled your clients on the 172.16.16. 0/24 subnet will never be able to pick up the ipxe boot kernel or image any machine. While if you need the restrictions you can work out the exact rules needed. But, the easiest solution is to create a general rule on your firewall of:
source net 172.16.16. 0/24 to destination host 172.16.17.250 protocol any state allow
And then flip the rule to allow the FOG server to talk to the clients
source host 172.16.17.250 to destination net 172.16.16. 0/24 protocol any state allow

These rules will say all clients can talk to the fog server only across this firewall and the fog server can talk to the remote subnet only. This is allowed communications.

Unless I missed it, what device/network is hosting your DHCP server? You may have to setup the dhcp relay agent on your firewall/router to send the dhcp requests across your firewall

Gilberto Ferraz

Hello guys!

Thanks to your help and my friend at work

Problem solved finally get to boot with ipxe to my server ‘fog’ between different Vlans.

after following the suggested roles of george1421:

"source net 172.16.16. 0/24 to destination host 172.16.17.250 protocol allow any state
And Then flip the rule to allow the FOG server to talk to the clients
source to destination host 172.16.17.250 net 172.16.16. 0/24 protocol allow any state "

and the tone of suggestion
“the get the associated next-server / filename and Option 66 / Option 67”

It was enough to put in pfsense side vlan 172.16.16. *

Additional BOOTP / DHCP Options

Number type Value

66 IPAdresse or host 172.16.17.250

67 Text undionly.kpxe

Thank works in perfection all

They can close the topic as resolved to help more people

\GF

george1421

Good job getting this all to work. While its not hard to get it setup across multiple segments there are a few bits that need to be in place.

Marking this issue solved.

Wayne Workman

Can we summarize what was done? What config? What files? What networks? What interfaces?

george1421

@Wayne-Workman If I understand the OP’s post there were two actions that were needed.

Since there is a firewall between the two subnets, 2 rules needed to be crafted to allow communication between the devices on the subnet where the fog server was not.
On the subnet where the fog server was not he had to update the dhcp to include the next server and boot file settings. On this one I gather (guess) that each subnet has its own dhcp server.

2 vlan using te same fog server

183

11.6k

17.1k

154.6k