PXE boot -> PF-Sense + FOG on different networks

kofaki

Hello all,

i have installed PF-Sense (2.5.2-RELEASE) in my office as VM on ESXi VMWARE. The WAN of PF-Sense is public IP and the LAN is local network with DHCP server. The DHCP server is configured with PXE network boot. The FOG is on the VM too and have different public IP.

If i try PXE boot on local machine, then the TFTP cannot connect.

Here is tcpdump on FOG server :

root@fog:~# tcpdump udp port 69 -i any
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes

12:20:15.740899 IP brit.xxxxxxx.net.31036 > fog.xxxxxxx.org.tftp:  30 RRQ "undionly.kpxe" octet tsize 0
12:20:17.771258 IP brit.xxxxxxx.net.55391 > fog.xxxxxxx.org.tftp:  30 RRQ "undionly.kpxe" octet tsize 0
12:20:21.780906 IP brit.xxxxxxx.net.23899 > fog.xxxxxxx.org.tftp:  30 RRQ "undionly.kpxe" octet tsize 0
12:20:27.767852 IP brit.xxxxxxx.net.37547 > fog.xxxxxxx.org.tftp:  30 RRQ "undionly.kpxe" octet tsize 0
12:20:35.731962 IP brit.xxxxxxx.net.24267 > fog.xxxxxxx.org.tftp:  30 RRQ "undionly.kpxe" octet tsize 0
12:20:45.673735 IP brit.xxxxxxx.net.32330 > fog.xxxxxxx.org.tftp:  35 RRQ "undionly.kpxe" octet blksize 1456
12:21:21.704367 IP brit.xxxxxxx.net.51871 > fog.xxxxxxx.org.tftp:  35 RRQ "undionly.kpxe" octet blksize 1456
12:22:33.711617 IP brit.xxxxxxx.net.24793 > fog.xxxxxxx.org.tftp:  35 RRQ "undionly.kpxe" octet blksize 1456
12:24:21.694914 IP brit.xxxxxxx.net.16139 > fog.xxxxxxx.org.tftp:  35 RRQ "undionly.kpxe" octet blksize 1456
12:26:45.654249 IP brit.xxxxxxx.net.48324 > fog.xxxxxxx.org.tftp:  35 RRQ "undionly.kpxe" octet blksize 1456

Here is tftp test on different machine:

[root@kvm ~]# tftp 10.0.4.12 -c get undionly.kpxe
��-6

[root@kvm ~]# ls -la undionly.kpxe 
-rw-r--r-- 1 root root 0 Dec 28 08:45 undionly.kpxe

I checked firewall, but i have all protocol and ports between public IP’s allowed.

Can you please help me ?
Many thanks

george1421

@kofaki You have me a bit confused on your setup with the discussion about public IP addresses. FOG wasn’t designed to have its imaging interface connected directly to the public (internet) network. This is a security risk.

FOG does work with pfsense as the dhcp server very well. You need to make sure you have both the bios and uefi and uefi 32 bit fields filled out and it will switch and send the right boot file based on the pxe booting computer.

If you pxe boot a computer on the LAN side and have the fields set correctly in pfsense to point to the LAN interface of the FOG server it should boot into the iPXE menu. When you setup the FOG server you need to defined the LAN interface as the imaging network interface.

If I’ve incorrectly judged your setup, please explain your use case, or what you are trying to do here. That way we can understand what you want.

Sebastian Roth

@kofaki said in PXE boot -> PF-Sense + FOG on different networks:

brit.xxxxxxx.net.31036 > fog.xxxxxxx.org.tftp

What’s in between those two (public?) IPs/systems? More routers/firewalls?

PXE boot -> PF-Sense + FOG on different networks

202

11.6k

17.1k

154.6k