• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    TFTP port is closed is it normal?

    Scheduled Pinned Locked Moved
    FOG Problems
    tftp port close
    4
    15
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      symrex
      last edited by symrex

      Hello together,
      yesterday i installed a fresh 1.5.8 FOG server without any issues.
      Then setup a external DHCP Server (Nextserver IP; Bootfile= /tftpboot/undionly.kpxe).
      I tried to boot PXE from a pc, but no response. (looks like it have a connection but, abord it immediately)

      Firewall, iptables are disabled. (https://wiki.fogproject.org/wiki/index.php/Unable_to_connect_to_TFTP)

      After checking on the maschine

      ps aux | grep tftp
      /usr/sbin/in.tftpd --listen --user root --adress :69 -s /tftpboot
      

      TFTP is running and after a local GET command

      tftp localhost 
      verbose
      binary
      status
      get undionly.kpxe
      

      The right file is there. But from a external host i can’t reach the tftp service.

      And when i check the port on the host:

      nmap localhost -p 69
      
      69/tcp closed tftp
      

      Is it normal that on the FOG maschine tftp port (69) is normaly closed?

      What else could it be, that i can’t get a access from outside. Everything that i install (openvpn, ssh) have instant a open port and is accessible.

      Is there somewhere a config file that i forget to setup?

      Thanks for your time.

      PS:
      FOG is in a Proxmox VM
      PC is a Dell Optiplex 7010
      PXE-M0F is the error that occure
      I checked with Wireshark DHCP. Everything looks good. Nextserver-ip and bootfile are right.

      1 Reply Last reply Reply Quote 0
      • S
        symrex
        last edited by symrex

        https://forums.fogproject.org/topic/9673/when-dhcp-pxe-booting-process-goes-bad-and-you-have-no-clue

        tcpdump result:
        Bild Text

        chown fogproject:root -R /tftpboot
        chmod -R 777 /tftpboot

        1 Reply Last reply Reply Quote 0
        • S
          symrex
          last edited by symrex

          Ok, after several tests I would suspect that the tftp service does not respond correctly to external connections.

          tftp -v localhost -c get undionly.kpxe

          This command works fine on the host maschine.
          But on a another debian maschine there comes a timeout.

          tcpdump says: request arrives at the host, but he does not respond.
          FOG server send everytime the same data packet, maybe because the client does not acknowledge the packets?
          How should it look right?

          Bild Text

          1 Reply Last reply Reply Quote 0
          • george1421G
            george1421 Moderator
            last edited by

            First did you disable the ubuntu firewall on the FOG host server?

            Second, install the tftpclient role on a windows 10 computer. Drop the windows 10 firewall, then key in to a cmd window tftp <fog_server_ip> GET undionly.kpxe . We only need to test to see if the file downloads, if yes then go to Third.

            Third, ensure you know what device is pxe booting. The undionly.kpxe boot loader is only for bios based computers. The uefi boot loader is ipxe.efi. You can’t mix boot loaders and hardware.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

            S 1 Reply Last reply Reply Quote 0
            • S
              symrex @george1421
              last edited by symrex

              @george1421 said in TFTP port is closed is it normal?:

              First did you disable the ubuntu firewall on the FOG host server?

              Debian 10.3
              Proxmox Global iptables disabled
              checked with pinging… after disabling, ICMP request comes through.

              Second, install the tftpclient role on a windows 10 computer. Drop the windows 10 firewall, then key in to a cmd window tftp <fog_server_ip> GET undionly.kpxe . We only need to test to see if the file downloads, if yes then go to Third.

              There’s the problem. It tries to download it, but does not get any confirmation. That’s why it only tries the first 512 bytes again and again from the beginning.

              Verbindungsanforderung fehlgeschlagen.  (Connection request failed.)
              

              Every “Data Packet” have the same content.

              Bild Text

              Third, ensure you know what device is pxe booting. The undionly.kpxe boot loader is only for bios based computers. The uefi boot loader is ipxe.efi. You can’t mix boot loaders and hardware.

              Yep, BIOS Legacy is right.

              1 Reply Last reply Reply Quote 0
              • S
                symrex
                last edited by

                Ok i have something.
                I tested right now connection between Proxmox Host xxx.yyy.zzz.116 and Proxmox Guest FOG xxx.yyy.zzz.120
                tftp file transfer is working fine without any issues.

                But the strange thing is that Windows 10 pc with tftp can connect to the FOG tftp service but can’t download the file successfully. First 512 bytes are working but the acknowledgement from windows client is missing. Thats why the same data is send from FOG everytime.

                Maybe the client from windows isn’t working properly?

                george1421G 2 Replies Last reply Reply Quote 0
                • george1421G
                  george1421 Moderator @symrex
                  last edited by

                  @symrex On the windows side you need to drop the firewall because tftp works much like ftp in that there is a command channel from the remote to the server and then a data channel from the server back to the remote. Both links are needed to get the file.

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                  1 Reply Last reply Reply Quote 1
                  • george1421G
                    george1421 Moderator @symrex
                    last edited by

                    @symrex said in TFTP port is closed is it normal?:

                    I tested right now connection between Proxmox Host xxx.yyy.zzz.116 and Proxmox Guest FOG xxx.yyy.zzz.120
                    tftp file transfer is working fine without any issues

                    So this has tested and ruled out the FOG server as not functioning with tftp. Because you are able to connect using the built in vSwitch on the hypervisor but its not reaching outside of the hypervisor?

                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                    S 1 Reply Last reply Reply Quote 0
                    • S
                      symrex @george1421
                      last edited by

                      @george1421 Yeap looks like that.
                      But this .pcap is from the perspective of Windows client.

                      Client is sending information about name, size, type
                      Server is responding right: tsize, blksize, timeout

                      But client will not responde to this information.
                      While I was using the win10 tftp client, I look with wireshark on his actions.
                      Bild Text

                      And firewall is a good idea but; the bios legacy PXE have no firewall so there should be no restrictions.
                      Sadly that i can’t check with wireshark while the pc is booting PXE 😕

                      george1421G 1 Reply Last reply Reply Quote 0
                      • S
                        Sebastian Roth Moderator
                        last edited by

                        @symrex said in TFTP port is closed is it normal?:

                        Sadly that i can’t check with wireshark while the pc is booting PXE 😕

                        You actually can if you know how to configure a monitoring/mirroring port on your switch.

                        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                        S 1 Reply Last reply Reply Quote 0
                        • george1421G
                          george1421 Moderator @symrex
                          last edited by

                          (some of this info is derived from a chat dialog I had with the OP)

                          @symrex I was thinking about this a bit, since you can TFTP on the VM host server, what would happen if you spun up a new VM on the VM host server and tried to pxe boot into the fog iPXE menu. This would test if the FOG server was operational, then all you would need to focus on is why is it communicating off the VM Host server to the network. The next step is getting a test computer connected to the same network switch as the VM Host server. The connection has to be failing at some point in the booting process. We just need to find out where its working and then when it first stops.

                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                          1 Reply Last reply Reply Quote 0
                          • E
                            EZY4
                            last edited by

                            Hi,
                            I also encounter a TFTP problem with a fresh installation of FOG 1.5.8.

                            System: Debian 10

                            When starting PXE on the client machine, it asks me to enter the IP of the TFTP server, but that does not change anything.

                            I have 3 DHCP on my network, but the 3 broadcast the 66, 67 from my fog server.

                            Capturefog.PNG

                            Were you able to solve your problem?

                            1 Reply Last reply Reply Quote 0
                            • S
                              symrex @Sebastian Roth
                              last edited by

                              @Sebastian-Roth said in TFTP port is closed is it normal?:

                              @symrex said in TFTP port is closed is it normal?:

                              Sadly that i can’t check with wireshark while the pc is booting PXE 😕

                              You actually can if you know how to configure a monitoring/mirroring port on your switch.

                              Restricted area for me, have no physical access to those.
                              But you got a good point…

                              @george1421 said in TFTP port is closed is it normal?:
                              what would happen if you spun up a new VM on the VM host server and tried to pxe boot into the fog iPXE menu

                              Great idea… lets test it.
                              HEUREKA: DHCP was sending to much information… to be specific:

                              Next-Server: xxx.xxx.xxx.xxx
                              Bootfile: undionly.kpxe
                              Option 66: yyy.yyy.yyy.yyy
                              Option 67: boot\x86\wdsnbp.com

                              Since I don’t have access to the DHCP server, someone else set up a DHCP server (I gave him my required configuration), and these additional options(66/67) came from an early configuration(someone else). After their deletion, pxe is working flawlessly.
                              The Dell BIOS PXE interface doesn’t give me any feedback in this regard, but wireshark and vbox and with your help I was able to find out where the problem was. It looks like option 66/67 will be prioritized when it is set.

                              Thank you for your help!

                              george1421G 1 Reply Last reply Reply Quote 0
                              • george1421G
                                george1421 Moderator @symrex
                                last edited by

                                @symrex said in TFTP port is closed is it normal?:

                                Next-Server: xxx.xxx.xxx.xxx
                                Bootfile: undionly.kpxe
                                Option 66: yyy.yyy.yyy.yyy
                                Option 67: boot\x86\wdsnbp.com

                                It looks like someone setup a Windows Deployment server/SCCM server.

                                Just for clarity the next server and dhcp option need to be the same (exactly) the same goes for boot file and option 67.

                                The first part is in the ethernet header, that is for bootp the dhcp options are for dhcp. Some clients use bootp some use dhcp so they both need to be set correctly.

                                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                                S 1 Reply Last reply Reply Quote 1
                                • S
                                  symrex @george1421
                                  last edited by symrex

                                  @EZY4 I think we both have different problems.
                                  I would suggest that you open a new thread on this.

                                  As a tip: Install VirtualBox + ExtensionPack and set up the network boot only.
                                  VirtualBox has iPXE, which gives you more information.

                                  Furthermore you can use wireshark to check what exactly your machine receives from the dhcp-server.

                                  @george1421 Good to know. Thanks for the information and help!

                                  1 Reply Last reply Reply Quote 0
                                  • 1 / 1
                                  • First post
                                    Last post

                                  197

                                  Online

                                  12.0k

                                  Users

                                  17.3k

                                  Topics

                                  155.2k

                                  Posts
                                  Copyright © 2012-2024 FOG Project