Imaging works in VM and not on bare metal
-
@sebastian-roth Ok some progress today. I tried the following commands and it failed
mkdir /images
mkdir /images/dev
mount -o nolock,proto=tcp,rsize=32768,intr,noatime x.x.x.x:/images /images
mount -o nolock,proto=tcp,rsize=32768,intr,noatime x.x.x.x:/images/dev/ /images/devHowever the following command worked
mount -o nolock,proto=udp,rsize=32768,intr,noatime x.x.x.x:/images /images
mount -o nolock,proto=udp,rsize=32768,intr,noatime x.x.x.x:/images/dev/ /images/devI am able to list the files in the folder and it works correctly.
So now the issue is why TCP doesn’t work on the bare metal and does work on the VM.
Suggestions?
Claw
-
@claw22000 so I presume there is a firewall between the fog server vm and the bare metal machines.
The reason vm to vm works is because they reside on the same side of the switch within the same subnet that the fog vm does. Your firewall likely allows port 80/443 from bare metal to the fog vm network. UDP may be fully allowed on the firewall? Not 100% sure of the network layout but this seems like a firewall issue. The only reason I think udp is working is because maybe an assumption was made that the fog server needed multicast capabilities?
-
I appreciate the help. When you say firewall are you talking about my PFsense Box or are we talking about something that resides in the FogServer?
Claw
-
@claw22000 said in Imaging works in VM and not on bare metal:
I appreciate the help. When you say firewall are you talking about my PFsense Box or are we talking about something that resides in the FogServer?
From what you posted so far (Debian 10 and output iptables command) I would not think this is an issue on the FOG server itself.
While I would not think the SG 200-08 (Cisco, right?) or the Netgear JGS516 do block such traffic it’s still worth to try and rule those out one by one. Please connect one of the bare metal machines directly to the SG 200-08 and see if that makes a difference. If NFS in TCP mode still doesn’t work, then could you take out the Cisco switch of the setup by connecting the Netgear uplink cable to your ESXi directly - just for a quick test I mean.
-
@claw22000 The unfortunate part is we don’t know. Could it be the PFSense box? Yes. Could it be a switch misconfiguration? Possibly.
Based on the information you’ve given us so far, though, it really seems to be a firewall type thing. Does this mean it absolutely is? No. As @sebastian-roth has alluded to, we have to take out and replace variables to more definitively get to the root of the issue.
-
@Tom-Elliott From the description so far I wouldn’t think that pfSense is connected in between.
-
@sebastian-roth Great info guys I ordered an unmanaged switch to replace the managed on to see if that corrects the issue. I don’t use any of its features since Its just My family and I. I just like to nerd out and this was a gift to play with. Haven’t change a thing on it since the day I received it. I will report back as soon as I am able to test. Should be here Tuesday.
Claw
-
@sebastian-roth Great news the unmanaged switch showed up and its solved the issue I was having. I have had that thing for going on a decade and never had an issue with it. Well I learned a big lesson if you don’t need a managed switch and your not using VLANs your better off with an unmanaged switch.
Crazy thing is never had any other issues with it.
Thank you all for helping me trouble shoot this. If any one comes across this a cheap Netgear unmanaged switch from amazon will let you test to see if this was also your issue!
Claw
-
@Claw22000 Great to hear!! So did swapping out the Cisco or the Netgear switch solve the issue? You saying better use an unmanaged is somehow confusing.
-
@sebastian-roth Sorry about the confusion. The Cisco is managed and the new Netgear is unmanaged. taking the Cisco out of the mix fixed the issue.
Claw
-
@Claw22000 So probably the Cisco SG 200-8 has some kind of upper network layer “security” features that prevent NFS over TCP. Strange but good to know.
