Routing and installation problem

DZKeeper

Server

• FOG Version: 1.3.0-RC-13
• OS: Xubuntu 14.04

Description

Not certain where to start, As I had my setup working great, but then try to upgrade from 1.3.0-RC-11 to 1.3.0-RC-13 and something is not working.

First thing first, when I did the procedure to upgrade, I did the following:

• cd /root/fogproject
• git pull
• cd bin
• ./installfog.sh

I got an error :

• Enabling FOGMulticastManager Service…Failed!

While Everything seemed to work fine, my clients dont have access to internet anymore (might not be related to fog ??). My Xubuntu/Fog box is a dual nic box that act as a router for the lab machine that need reimaging from time to time. I followed this guide to configure the router: https://help.ubuntu.com/community/Router

The clients have an ip assigned by dhcp, a gateway, but nothing goes trhu, ping etc…

Like said , I am not sure where to start for troubleshooting this.

Any help is appreicated.

george1421

ok as for the routing issue.

Can the FOG server (which is acting as a router) reach the internet?

From the FOG server make sure its default route points to router that has internet access, confirm that with traceroute.

Make sure the FOG server can ping both directions.

To turn a multi-homed (more than one nic) linux box into a router you need to enable the ip_forward kernel parameter. With the ip_forward set to 1 the linux computer will now pass traffic between its interfaces.

If the FOG server (acting as a gateway) can ping an internet device and it can ping devices on the lab LAN then I would check to see if (for some reason) the firewall has been enabled on the FOG server. the command sudo iptables -L should return 3 rules all with accept. If you have questions if the firewall is enabled post the output here and I will tell you.

From a computer on your LAB LAN. Do a tracert -d <ip_address_on_business_LAN> to see where your data packets are really heading.

DZKeeper

@george1421 : Thanks for the prompt reply.

• Yes,the FOG server can reach internet.

• The FOG cannot ping both directions. I cannot ping a host in the lab

• ip_forward is enable

• Output of sudo iptables -L:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all – anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all – anywhere anywhere
LOG all – anywhere anywhere LOG level warning

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

• tracert -d will say destination host unreachable at first hop

george1421

@DZKeeper That forward chain is basically the default accept even though the default action is drop.

If you issue the following command sudo service iptables stop then rerun the iptables -L All policies should be policy accept or it may give you the iptables is not running too.

george1421

• tracert -d will say destination host unreachable at first hop

Then just to be clear the target computers on the LAB LAN can ping the FOG server, just not through it (that may be governed by the FORWARD chain)

DZKeeper

@george1421 You are right, can ping but not trough.

As for the other command:

sudo service iptables stop
iptables: unrecognized service

george1421

@DZKeeper Maybe Xubuntu is Systemd based and not SysV. (Sorry I’m a rhel guy, not debian/ubuntu)

sudo service firewalld stop

I just found these instructions too for ubuntu 14.04
sudo ufw disable

Sorry for the run around but rhel and ubuntu is just a bit different.

DZKeeper

@george1421

Same thing for firewalld

as for ufw disable, I tried it, and rebooted, same problem.

george1421

@DZKeeper ok how about iptables -F. ??

I want those firewall rules to have the default policy of accept to continue testing. The forward chain manages data passing through the Linux router.

DZKeeper

@george1421

xxx@fog-gateway:~$ sudo iptables -F
xxx@fog-gateway:~$ sudo iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Still no go.

george1421

@DZKeeper That forward policy is still DROP

Lets try this one: iptables -P FORWARD ACCEPT That should change the forward policy to Accept and pass all data through your FOG/linux/router.

DZKeeper

@george1421 Done, all 3 to ACCEPT now, however, dont work.

BTW, I appreciate your time.

george1421

@DZKeeper OK now we can rule out forwarding (sorry about making this drawn out solving as thread discussions adds a certain amount of delay).

OK now that iptables is out of the way. From a computer on your LAB network, can you ping the business LAN interface (nic) of the FOG server from the lab network (this will test the on linux routing).

Also do the same from the business side, ping the LAB LAN network interface of your FOG server. I’ll assume from the business lan you can ping and get a response from the business LAN nic of your FOG server already.

Also from a computer on the LAB LAN computer, can you post here the output of ipconfig /all here? And also could you post the ip addresses of the FOG server both LAB LAN and business LAN?

DZKeeper

@george1421

Ping No go from Lab -> business nic of FOG
Ping No go from Business -> lab nic of FOG

You assumed right.

FOG Server LAB IP: 192.168.22.99
Fog Server Business IP: 192.168.2.99

PRetty hard for me to post the result of ipconfig /all from lab

george1421

@DZKeeper Well this is disappointing its still not working, it should be.

The reason why I wanted to see the ipconfig /all just to show that the default router for the LAB LAN is the LAB LAN nic interface of the FOG server.

Also from the business side I wanted to make sure there was a router to tell business computers about the computers beyond the FOG server. My intuition is telling me its a routing issue and not related directly to the FOG upgrade since FOG doesn’t mess with IP tables (actually one of the setup prerequisites is that you must disable the firewall all together as well as selinux).

If I had to listen to my intuition (assuming routing was working before you upgraded fog). I would almost suspect that the ip_forward setting was disabled. This command should return ( 1 ) enabled cat /proc/sys/net/ipv4/ip_forward

You can confirmed that the IP address of the FOG server hasn’t changed for either NIC adapters?

DZKeeper

@george1421 Your last comment on “default router” made me change the option router settings in dhcpd.conf, which changed the default gateway in my lab client… boom, I can ping 8.8.8.8

Something changed my option router setting back to 192.168.2.1 instead of 192.168.22.99

george1421

@DZKeeper said in Routing and installation problem:

Something changed my option router setting back to 192.168.2.1 instead of 192.168.22.99

I can see/understand the fog installer “could” do this if you told FOG to configure the dhcp server for you. Running the installer would have (possibly) reset the routing options.

Since we messed with iptables, (which only would impact in memory configuration). Please reboot your FOG server to restore IP tables and clear any dynamic changes that we made. Then test again to make sure everything is back to normal. Then you can call it resolved.

DZKeeper

@george1421 How should I disable this option in FOG config file ?

Wayne Workman

I’m confident the installer doesn’t touch iptables or firewalld. The plainrouter and router and other stuff in .fogsettings is only for configuring DHCP. I think that DHCP is messed up.

If you modify /opt/fog/.fogsettings and change these fields:

dodhcp='Y'
bldhcp='1'

To:

dodhcp='N'
bldhcp='0'

Then the FOG installer will never again touch the DHCP configuration or DHCP service. Then you can configure /etc/dhcp/dhcpd.conf the way it needs to be for your setup. Feel free to post this file to get help with configuring it if you need.