Fog Server Setup With Two Network Cards For Isolation



  • Hi guys I posted on here like two years ago but got side tracked and never completed this project.

    Current Network setup we have a router which handles DHCP for the building on this network is a serva 32/64 box,
    Dishing out PXE support.

    I work for a charity that refurbishes donated computer hardware and figured I could put FOG to use for cloning similar
    hardware machines.

    I am not a network guru am comfortable with the Linux command line and have alot of times of my hands to dabble.

    Hardware wise I am using a HP proliant mini server with two network cards with Centos 7 as the base distro.

    The machine will have two network cards, I wan’t the primary interface to hook into our main network to allow outside access.

    The second interace I want to hook up directly to gigabyte switch and in theory this will be where the imaging happens,
    anything I plug into this switch will be able to touch base with the server and image completley avoiding the other
    Pxe Server on our network.

    I do not require a domain or any active directory access, I have no idea about serva 32/64 I have had a quick look at
    the configuration and can see the following:

    PROXYDHCP is selected, DHCP is unticked.

    ( DHCP is currently being handled by the router for the whole building )

    Lastly I am not a networking guru so do not mention VLAN’s and wizadry as it will go over my head :)

    But hey I have alot of time on my hands and with your help I can get this setup and will document / blog
    the whole process for future reference.

    so what is the best approach in creating this isolated setup?



  • @george1421 Yup that did it! It was a combination of the Fog server’s firewall as well as my trying to connect to the web interface using the imaging network’s IP instead of the business network IP. Once I disabled the firewall again and tried the other IP I was able to finally reach the web interface.

    Thanks for the help!


  • Moderator

    @Zerpie Just for clarity, your fog server is configured for 2 network adapters. This is called a dual homed host. The apache web server is configured to bind to ALL network interfaces. So if there is a network interface on the FOG server, you should be able to reach that web gui from the interface connected to that lan. You didn’t use real examples before, so I can’t give you an exact url. But from the business network, you should be able to connect to the fog server IP on the business network /fog and get the fog’s webgui. The same goes for the imaging network, you have to connect to the fog server’s IP address on the imaging network /fog to get the web gui.

    FOG is configured to only use the imaging network in your design. So you can only effectively pxe boot on the imaging network because isc-dhcp (what fog uses for dhcp services) should only be bound to ens192 of your imaging network.



  • @george1421 Alright, so I’m able to ping the IP of the Fog server’s business network nic, just not the IP of the imaging network nic. And that’s the IP that the web interface is on. The imaging network is isolated which is why I originally asked how I will be able to reach the web interface if it’s on the isolated network’s IP.


  • Moderator

    @Zerpie well we need to identify why your business network can not ping your fog server, where you fog server can ping your business network device.

    There has to be two way communication because a ping consists of an outbound ping packet and then an inbound ping reply.



  • @Zerpie If it helps, I followed the directions to a T from the Fedora Server 25 installation wiki https://wiki.fogproject.org/wiki/index.php?title=Fedora_25_Server

    And then followed your directions from this thread once I got to the running the Fog installer portion at the bottom.



  • @george1421 I’m running it on Fedora Server 28.


  • Moderator

    @Zerpie said in Fog Server Setup With Two Network Cards For Isolation:

    I can ping devices on my network from the Fog server.

    This is interesting in that you can ping devices on your business network, yet your business network can not ping the business network interface of your fog server. This really smells like your firewall is enabled on your FOG server.

    What linux distro is your FOG server running?



  • @george1421 I can ping devices on my network from the Fog server.
    I did disable firewalld on the Fog server.
    And yes, I removed the gateway from the imaging network interface. I checked on this by running the common “route” and it shows 0.0.0.0 for my imaging network interface, but it also shows 0.0.0.0 for the business network interface as well. Not sure if that’s an issue.

    Finally, I ran “ip route” and I’m not sure what all of this means. I censored the IPs of the business network. Not sure if that even matters.
    default via x.x.x.254 (The ip of the gateway for the business network interface) dev ens224 proto static metric 101
    x.x.x.0/24 (business network) dev ens224 proto kernel scope link src x.x.x.171 (ip of the business network interface) metric 101
    153.86.19.0/24 (imaging network) dev ens192 proto kernel scope link src 153.86.19.10 metric 100

    I’m far from a networking expert or a Linux expert so I apologize if I’m making any glaring mistakes, but I’m eager to learn as much as I can. The task of finding a new imaging solution was kinda tossed my way after our old IT manager/sysadmin left.


  • Moderator

    @Zerpie said in Fog Server Setup With Two Network Cards For Isolation:

    I cannot ping the fog server from the business network.

    I would focus on this.

    From your fog server can you ping devices on your network?
    Did you disable the linux firewall on your FOG server?
    Are you sure you removed the gateway from the imaging network interface.

    if you run the ip route command, is the default route setup correctly?



  • @george1421 said in Fog Server Setup With Two Network Cards For Isolation:

    netstat -an|grep -e “:80”

    I cannot ping the fog server from the business network. I ran that command and I got the exact same result that you show there. I will need to take my laptop to another part of the building to get onto the imaging network to see if I can reach the web UI for there. I’ll let you know.


  • Moderator

    @Zerpie From your business network can you ping your fog server?

    Can you connect to the web interface from the imaging network?

    If you run the command sudo netstat -an|grep -e ":80" does it show you something like this:

     sudo netstat -an|grep -e ":80"
    tcp6       0      0 :::80                   :::*                    LISTEN
    

    This indicates that the web server is listening on all interfaces.



  • @george1421 Awesome! I gave that a try, but once again when it asks me to log into the web UI it is not reachable from the business network that I’m connected to.

    I’m not sure if there’s something weird about how our network is setup that is not allowing me to reach out to it, but as you said, the web server will bind to all interfaces. Not sure what I might be missing.

    I’ve also disabled the firewall on the Fog server because I’ve seen that mess with being able to access the web UI as well. Still no go, though. I appreciate all your help, George.


  • Moderator

    @Zerpie said in Fog Server Setup With Two Network Cards For Isolation:

    “What is the IP address to be used by this FOG Server?”

    You want to key in the static IP address for the imaging network in the question. The installer is guessing, but guessed wrong.

    I can also tell you, that my preference is to use eth0 (or the first network interface) for imaging and eth1 for the business network. Doing it this way, will let the installer guess better. But there is no ‘right’ way to do it. You will just need to provide hits so the installer looks in the right places.



  • @george1421 Thank you for that. When I’m installing Fog do I also want to specify the IP of the imaging network when it asks “What is the IP address to be used by this FOG Server?” Because it’s defaulting to the IP of the business network.


  • Moderator

    @Zerpie Setting up the fog server with 2 interfaces should not be a problem.

    The first thing you need to do is identify which interface you want for your imaging network. Then set that network interface with a static address on your imaging network. Set the IP address and subnet mask, but no gateway for this imaging network interface.

    On the second interface you can either set it to dynamic or assign a static IP address, with an IP address and subnet mask for your business network, also define a default gateway on your business network. You for server needs internet access to install fog.

    The last thing you need to know is the name of the imaging network, network adapter. Once you have this name, then install FOG. The FOG installer will ask you the name of the network adapter you want to use for imaging. Just enter the correct one if the installer guesses wrong.

    Install fog. The web server will bind to all interfaces so you can get to the web ui via either network cards. The only thing the FOG application does not like is the host changing IP addresses after FOG is installed. That causes a number of problems when that happens.



  • I’m so glad that I’ve stumbled across this thread because this is exactly the type of setup I’m going for with my Fog server.

    The first issue I’m running into is how to reach the web interface from the business network if the web interface is hosted on the isolated network. Is that possible? Or will I need to set the Fog server up on a physical machine and log into the web UI at the actual machine? I’m currently trying to setup my server as a VM.



  • Hi Sorry for the late reply I think I have balls things up completely and have got into a confused mess.

    So I initially had the machine connected to the business lan with a static I.P address as I needed internet access to update the centos box and to install the required fog packages.

    I then proceeded to keep the static connection connected and ran the setup script, during the setup process I specifically told FOG to use the isolated network address,

    server ip address 192.168.22.3 ( isolated network)
    255.255.255.0
    using fog DHCP: yes
    DHCP router address:

    So the FOG server has a I.P address on the isolated network, and no DHCP router address,

    At the end of the installation It is asking me to access the management console with a web address the issue is I cannot access this address as it is on a different subnet from main network.

    Lastly When I check the status of the DHCP service.

    systemctl status dhcpd.service

    No subnet declaration for P4p1 ( 192.168.21.32)
    ignoring requests on p4p1. If this is not what you
    want pleae write a subnet declaration
    in your dhcpd.conf file for the
    network segement. to which interface
    p4p1 is attached…

    I don’t wan’t to use p4p1 for DHCP… more importantly I seem to missing a dhcpd.conf file I mean it’s just completely blank???

    Yep I need some help :) go easy on me people


    Update this is bizzare I restarted the server and I now have a dhcp configuration file in etc/dhcp

    I have hooked up a laptop to the isolated network card and have tested the PXE booting aspect this works fine, And this laptop is getting a I.P address in the .22 isolated range, So DHCP is working wahey.



  • Thank you I will give it a go and report back progress / difficulties. I will document my steps so you can easily troubleshoot or spot potential issues.


  • Moderator

    The dual network setup is not much more complicated than a traditional single network interface setup. What you are setting up is a imaging network with the fog server sitting between your business network and your imaging network. The first “key” bit of information you need is the name of the imaging network adapter in centos. My recommendation is to make the first network adapter on the server the imaging network adapter. It doesn’t have to be but for consistency the first adapter should be imaging network and the second adapter should be business/management network.

    In this setup your imaging network will be isolated from your main network. The fog server will need to have the dhcp server enabled, with a unique subnet for your network. The fog server imaging network adapter will need a static IP address on this imaging network. For example if you use the subnet 192.168.166.x, make the fog server 192.168.166.1 with NO default gateway. Then start your dhcp range at 192.168.166.10 to 192.168.166.100. You may need to hand tweak the isc-dhcp config file, but make your default gateway for you imaging network the fog server IP address on the imaging network (in case you DO need to route traffic to your business LAN for some reason).

    For the management network side, assign an ip address to your management interface that is static, with the default gateway pointing towards your ISP router. FOG needs internet access during the install only. With this setup if you do need to route traffic between your imaging network and your business network you only need to make 1 kernel change on your fog server and then create a static route on your ISP router, but for now lets not worry about that.


Log in to reply
 

354
Online

5.8k
Users

13.0k
Topics

123.1k
Posts