PXE boot -> PF-Sense + FOG on different networks


  • Hello all,

    i have installed PF-Sense (2.5.2-RELEASE) in my office as VM on ESXi VMWARE. The WAN of PF-Sense is public IP and the LAN is local network with DHCP server. The DHCP server is configured with PXE network boot. The FOG is on the VM too and have different public IP.

    If i try PXE boot on local machine, then the TFTP cannot connect.

    Here is tcpdump on FOG server :

    root@fog:~# tcpdump udp port 69 -i any
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
    
    12:20:15.740899 IP brit.xxxxxxx.net.31036 > fog.xxxxxxx.org.tftp:  30 RRQ "undionly.kpxe" octet tsize 0
    12:20:17.771258 IP brit.xxxxxxx.net.55391 > fog.xxxxxxx.org.tftp:  30 RRQ "undionly.kpxe" octet tsize 0
    12:20:21.780906 IP brit.xxxxxxx.net.23899 > fog.xxxxxxx.org.tftp:  30 RRQ "undionly.kpxe" octet tsize 0
    12:20:27.767852 IP brit.xxxxxxx.net.37547 > fog.xxxxxxx.org.tftp:  30 RRQ "undionly.kpxe" octet tsize 0
    12:20:35.731962 IP brit.xxxxxxx.net.24267 > fog.xxxxxxx.org.tftp:  30 RRQ "undionly.kpxe" octet tsize 0
    12:20:45.673735 IP brit.xxxxxxx.net.32330 > fog.xxxxxxx.org.tftp:  35 RRQ "undionly.kpxe" octet blksize 1456
    12:21:21.704367 IP brit.xxxxxxx.net.51871 > fog.xxxxxxx.org.tftp:  35 RRQ "undionly.kpxe" octet blksize 1456
    12:22:33.711617 IP brit.xxxxxxx.net.24793 > fog.xxxxxxx.org.tftp:  35 RRQ "undionly.kpxe" octet blksize 1456
    12:24:21.694914 IP brit.xxxxxxx.net.16139 > fog.xxxxxxx.org.tftp:  35 RRQ "undionly.kpxe" octet blksize 1456
    12:26:45.654249 IP brit.xxxxxxx.net.48324 > fog.xxxxxxx.org.tftp:  35 RRQ "undionly.kpxe" octet blksize 1456
    

    Here is tftp test on different machine:

    [root@kvm ~]# tftp 10.0.4.12 -c get undionly.kpxe
    ��-6
    
    [root@kvm ~]# ls -la undionly.kpxe 
    -rw-r--r-- 1 root root 0 Dec 28 08:45 undionly.kpxe
    

    I checked firewall, but i have all protocol and ports between public IP’s allowed.

    Can you please help me ?
    Many thanks

  • Moderator

    @kofaki said in PXE boot -> PF-Sense + FOG on different networks:

    brit.xxxxxxx.net.31036 > fog.xxxxxxx.org.tftp

    What’s in between those two (public?) IPs/systems? More routers/firewalls?

  • Moderator

    @kofaki You have me a bit confused on your setup with the discussion about public IP addresses. FOG wasn’t designed to have its imaging interface connected directly to the public (internet) network. This is a security risk.

    FOG does work with pfsense as the dhcp server very well. You need to make sure you have both the bios and uefi and uefi 32 bit fields filled out and it will switch and send the right boot file based on the pxe booting computer.

    If you pxe boot a computer on the LAN side and have the fields set correctly in pfsense to point to the LAN interface of the FOG server it should boot into the iPXE menu. When you setup the FOG server you need to defined the LAN interface as the imaging network interface.

    If I’ve incorrectly judged your setup, please explain your use case, or what you are trying to do here. That way we can understand what you want.

330
Online

9.1k
Users

15.7k
Topics

145.8k
Posts