Fog Boot Menu only works once

Tom Elliott

@TomBagley What’s the output of sestatus? What about iptables -L -n?

TomBagley

Hi Tom,

sestatus:

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

Output of iptables -L -n:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
INPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0
INPUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0
INPUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
FORWARD_direct  all  --  0.0.0.0/0            0.0.0.0/0
FORWARD_IN_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0
FORWARD_IN_ZONES  all  --  0.0.0.0/0            0.0.0.0/0
FORWARD_OUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0
FORWARD_OUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
OUTPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination
FWDI_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
FWDI_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination
FWDO_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
FWDO_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain FORWARD_direct (1 references)
target     prot opt source               destination

Chain FWDI_public (2 references)
target     prot opt source               destination
FWDI_public_log  all  --  0.0.0.0/0            0.0.0.0/0
FWDI_public_deny  all  --  0.0.0.0/0            0.0.0.0/0
FWDI_public_allow  all  --  0.0.0.0/0            0.0.0.0/0

Chain FWDI_public_allow (1 references)
target     prot opt source               destination

Chain FWDI_public_deny (1 references)
target     prot opt source               destination

Chain FWDI_public_log (1 references)
target     prot opt source               destination

Chain FWDO_public (2 references)
target     prot opt source               destination
FWDO_public_log  all  --  0.0.0.0/0            0.0.0.0/0
FWDO_public_deny  all  --  0.0.0.0/0            0.0.0.0/0
FWDO_public_allow  all  --  0.0.0.0/0            0.0.0.0/0

Chain FWDO_public_allow (1 references)
target     prot opt source               destination

Chain FWDO_public_deny (1 references)
target     prot opt source               destination

Chain FWDO_public_log (1 references)
target     prot opt source               destination

Chain INPUT_ZONES (1 references)
target     prot opt source               destination
IN_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
IN_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain INPUT_direct (1 references)
target     prot opt source               destination

Chain IN_public (2 references)
target     prot opt source               destination
IN_public_log  all  --  0.0.0.0/0            0.0.0.0/0
IN_public_deny  all  --  0.0.0.0/0            0.0.0.0/0
IN_public_allow  all  --  0.0.0.0/0            0.0.0.0/0

Chain IN_public_allow (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:21 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:137 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:138 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:139 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:445 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:111 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:111 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:20048 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:20048 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:2049 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:3306 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:69 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:4011 ctstate NEW

Chain IN_public_deny (1 references)
target     prot opt source               destination

Chain IN_public_log (1 references)
target     prot opt source               destination

Chain OUTPUT_direct (1 references)
target     prot opt source               destination

Thanks,
Tom

Quazz

@TomBagley Considering you have to enter tftp server address, it is likely you have another DHCP server on your network (likely your modem), which might be interfering.

TomBagley

@Quazz said in Fog Boot Menu only works once:

@TomBagley Considering you have to enter tftp server address, it is likely you have another DHCP server on your network (likely your modem), which might be interfering.

I understand your thoughts Quazz and although I do have another DHCP server I wouldn’t have expected it to not work so consistently if that was the case. I’d expect intermittent issues rather than it always working the first time and not the second.

Tom

Quazz

@TomBagley This will most likely be due to the dhcp leases that are handed out allowing the other DHCP server to reach it before FOG has a chance.

Wayne Workman

I understand your thoughts Quazz and although I do have another DHCP server I wouldn’t have expected it to not work so consistently if that was the case. I’d expect intermittent issues rather than it always working the first time and not the second.

Tom

Depends on your network setup. with IP Helpers - you wouldn’t notice any issues at all. If one DHCP server is set as authoritative and another is not, you wouldn’t notice any issues at all. And it too could be that the other DHCP server is just able to reply faster, consistently.

If two co-existing DHCP servers within the same broadcast domain are not properly configured to work with another present, it’ll only cause you issues.

TomBagley

@Quazz said in Fog Boot Menu only works once:

@TomBagley This will most likely be due to the dhcp leases that are handed out allowing the other DHCP server to reach it before FOG has a chance.

My networking manager has explained that the Fog Server and clients are on a Vlan completely separate from the rest of the network. Could this still be interfering?

Thanks Quazz,
Tom

Wayne Workman

@TomBagley said in Fog Boot Menu only works once:

@Quazz said in Fog Boot Menu only works once:

@TomBagley This will most likely be due to the dhcp leases that are handed out allowing the other DHCP server to reach it before FOG has a chance.

My networking manager has explained that the Fog Server and clients are on a Vlan completely separate from the rest of the network. Could this still be interfering?

Thanks Quazz,
Tom

Depends on if the totally seperated vlan is being served DHCP or not.

TomBagley

@Wayne-Workman said in Fog Boot Menu only works once:

@TomBagley said in Fog Boot Menu only works once:

@Quazz said in Fog Boot Menu only works once:

@TomBagley This will most likely be due to the dhcp leases that are handed out allowing the other DHCP server to reach it before FOG has a chance.

My networking manager has explained that the Fog Server and clients are on a Vlan completely separate from the rest of the network. Could this still be interfering?

Thanks Quazz,
Tom

Depends on if the totally seperated vlan is being served DHCP or not.

Got you thanks all for the rapid response it is much appreciated. Going to turn the Fog off and see how the client behaves. Will let you know how I get on.

Tom

TomBagley

@TomBagley said in Fog Boot Menu only works once:

@Wayne-Workman said in Fog Boot Menu only works once:

@TomBagley said in Fog Boot Menu only works once:

@Quazz said in Fog Boot Menu only works once:

@TomBagley This will most likely be due to the dhcp leases that are handed out allowing the other DHCP server to reach it before FOG has a chance.

My networking manager has explained that the Fog Server and clients are on a Vlan completely separate from the rest of the network. Could this still be interfering?

Thanks Quazz,
Tom

Depends on if the totally seperated vlan is being served DHCP or not.

That’s done it - solved! Thank you ever so much! Time to slap my network manager for not blocking the DHCP

Have a nice evening guys.

Tom

Wayne Workman

@TomBagley You could ask him to modify it to support fog. We have very detailed guides in the wiki. Please pass these two links to your network manager:

https://wiki.fogproject.org/wiki/index.php?title=Modifying_existing_DHCP_server_to_work_with_FOG

https://wiki.fogproject.org/wiki/index.php?title=BIOS_and_UEFI_Co-Existence

Wayne Workman

@Quazz Kudos to you for knowing what the issue was.