Routing and installation problem
-
ok as for the routing issue.
Can the FOG server (which is acting as a router) reach the internet?
From the FOG server make sure its default route points to router that has internet access, confirm that with traceroute.
Make sure the FOG server can ping both directions.
To turn a multi-homed (more than one nic) linux box into a router you need to enable the ip_forward kernel parameter. With the ip_forward set to 1 the linux computer will now pass traffic between its interfaces.
If the FOG server (acting as a gateway) can ping an internet device and it can ping devices on the lab LAN then I would check to see if (for some reason) the firewall has been enabled on the FOG server. the command
sudo iptables -L
should return 3 rules all with accept. If you have questions if the firewall is enabled post the output here and I will tell you.From a computer on your LAB LAN. Do a
tracert -d <ip_address_on_business_LAN>
to see where your data packets are really heading. -
@george1421 : Thanks for the prompt reply.
-
Yes,the FOG server can reach internet.
-
The FOG cannot ping both directions. I cannot ping a host in the lab
-
ip_forward is enable
-
Output of sudo iptables -L:
Chain INPUT (policy ACCEPT)
target prot opt source destinationChain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all – anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all – anywhere anywhere
LOG all – anywhere anywhere LOG level warningChain OUTPUT (policy ACCEPT)
target prot opt source destination- tracert -d will say destination host unreachable at first hop
-
-
@DZKeeper That forward chain is basically the default accept even though the default action is drop.
If you issue the following command
sudo service iptables stop
then rerun theiptables -L
All policies should be policy accept or it may give you the iptables is not running too. -
- tracert -d will say destination host unreachable at first hop
Then just to be clear the target computers on the LAB LAN can ping the FOG server, just not through it (that may be governed by the FORWARD chain)
-
@george1421 You are right, can ping but not trough.
As for the other command:
sudo service iptables stop
iptables: unrecognized service -
@DZKeeper Maybe Xubuntu is Systemd based and not SysV. (Sorry I’m a rhel guy, not debian/ubuntu)
sudo service firewalld stop
I just found these instructions too for ubuntu 14.04
sudo ufw disable
Sorry for the run around but rhel and ubuntu is just a bit different.
-
-
@DZKeeper ok how about iptables -F. ??
I want those firewall rules to have the default policy of accept to continue testing. The forward chain manages data passing through the Linux router.
-
xxx@fog-gateway:~$ sudo iptables -F
xxx@fog-gateway:~$ sudo iptables -LChain INPUT (policy ACCEPT)
target prot opt source destinationChain FORWARD (policy DROP)
target prot opt source destinationChain OUTPUT (policy ACCEPT)
target prot opt source destinationStill no go.
-
@DZKeeper That forward policy is still DROP
Lets try this one:
iptables -P FORWARD ACCEPT
That should change the forward policy to Accept and pass all data through your FOG/linux/router. -
@george1421 Done, all 3 to ACCEPT now, however, dont work.
BTW, I appreciate your time.
-
@DZKeeper OK now we can rule out forwarding (sorry about making this drawn out solving as thread discussions adds a certain amount of delay).
OK now that iptables is out of the way. From a computer on your LAB network, can you ping the business LAN interface (nic) of the FOG server from the lab network (this will test the on linux routing).
Also do the same from the business side, ping the LAB LAN network interface of your FOG server. I’ll assume from the business lan you can ping and get a response from the business LAN nic of your FOG server already.
Also from a computer on the LAB LAN computer, can you post here the output of
ipconfig /all
here? And also could you post the ip addresses of the FOG server both LAB LAN and business LAN? -
Ping No go from Lab -> business nic of FOG
Ping No go from Business -> lab nic of FOGYou assumed right.
FOG Server LAB IP: 192.168.22.99
Fog Server Business IP: 192.168.2.99PRetty hard for me to post the result of ipconfig /all from lab
-
@DZKeeper Well this is disappointing its still not working, it should be.
The reason why I wanted to see the ipconfig /all just to show that the default router for the LAB LAN is the LAB LAN nic interface of the FOG server.
Also from the business side I wanted to make sure there was a router to tell business computers about the computers beyond the FOG server. My intuition is telling me its a routing issue and not related directly to the FOG upgrade since FOG doesn’t mess with IP tables (actually one of the setup prerequisites is that you must disable the firewall all together as well as selinux).
If I had to listen to my intuition (assuming routing was working before you upgraded fog). I would almost suspect that the ip_forward setting was disabled. This command should return ( 1 ) enabled
cat /proc/sys/net/ipv4/ip_forward
You can confirmed that the IP address of the FOG server hasn’t changed for either NIC adapters?
-
@george1421 Your last comment on “default router” made me change the option router settings in dhcpd.conf, which changed the default gateway in my lab client… boom, I can ping 8.8.8.8
Something changed my option router setting back to 192.168.2.1 instead of 192.168.22.99
-
@DZKeeper said in Routing and installation problem:
Something changed my option router setting back to 192.168.2.1 instead of 192.168.22.99
I can see/understand the fog installer “could” do this if you told FOG to configure the dhcp server for you. Running the installer would have (possibly) reset the routing options.
Since we messed with iptables, (which only would impact in memory configuration). Please reboot your FOG server to restore IP tables and clear any dynamic changes that we made. Then test again to make sure everything is back to normal. Then you can call it resolved.
-
@george1421 How should I disable this option in FOG config file ?
-
I’m confident the installer doesn’t touch iptables or firewalld. The plainrouter and router and other stuff in .fogsettings is only for configuring DHCP. I think that DHCP is messed up.
If you modify
/opt/fog/.fogsettings
and change these fields:dodhcp='Y' bldhcp='1'
To:
dodhcp='N' bldhcp='0'
Then the FOG installer will never again touch the DHCP configuration or DHCP service. Then you can configure
/etc/dhcp/dhcpd.conf
the way it needs to be for your setup. Feel free to post this file to get help with configuring it if you need.