Clients online.
-
Hi all I have had my fog server running well for a couple of years. Today on a test machine I enabled the windows firewall. The fog server can no longer ping the client. I have created a firewall rule to allow ping and can ping the client from another workstation.
If I turn the firewall of back to working again. Anyone know what other rules / ports I need to allow.Thanks in advance.
-
Net bios rules need to be enabled as I believe it pings by hostname, not by IP address. As the firewall disables the netbios name, and other elements as well, your results may vary.
-
Sorry to reopen a couple month old thread, but I figured it’s better to making a new one if something close already exists.
I’m running FOG 0.33 on Ubuntu Server 14.04.
When you say NetBios rules need to be enabled, is that on the linux or windows side?
I’m trying to find a way for FOG to resolve the netBios name instead of the hostname, specifically in the web interface under host management. Currently fog can’t resolve any of the hostnames because the hostnames are defined by each ip addresss on our DHCP server with . I can add a host name to a ip and mac address for each computer, but to do that and maintain it on top of the FOG inventory would be rather tedious. I did discover in that same dhcp server interface I can add dhcp options like next-server and filename to individual ip addresses, but that’s the extent of my access to the dhcp server settings.
So I have got the server to ping a client with its netBios name, but it shows the dhcp’s temporary hostname as where the packets are received from. I did this by installing the samba and libnss-winbind packages with sudo apt-get install and editing the /etc/samba/smb.conf file to have
workgroup = WORKGROUP uncommented and adding the line
name resolve order = wins bcast host
also edited /etc/nsswitch.conf by changing the hosts: line to
hosts: files dns wins
Those changes get the Fogserver to ping by netBios and to get the first half of a nslookup too.Is there any setting somewhere for us poor users under a separate dhcp dictatorship to use the Fog given hostnames when inventoried that are actually NetBios names?
Hopefully that wasn’t too much information and it made sense, let me know if I need to simplify or clarify my question.
Thanks,
-JJ -
Or you could just turn off the Windows Firewall?
-
I would encourage you to leave windows firewall if its the only one installed
Pinging works for me
-
Turning off windows firewall doesn’t change anything. The only windows firewall issue is the stealth mode, which is why I made a .reg file that I run with the fog service installer on each computer, and when the hostname on the dhcp server and the netBios/computer name match it does show the host as up, so I’ve ruled out windows firewall. Not to mention, the security people above me wouldn’t be fans of no firewalls on our computers.
Let me try to break down my problem better.
- I want to name my computers based on what building and room it’s in and I want to be able to change that hostname by only changing the computer name with FOG when it moves to another room or elsewhere in the room.
- The dhcp server gives a hostname based on the ip address it gives the computer, which can change when its lease ends.
- For example, I have a computer named b34-20, the dhcp server gives it the ip 10.2.114.179 and assigns it the hostname of tmplab-114-179.
- If I ping b34-20 from the fog server, I get a reply from the tmplab hostname, which I believe has to do with the dns server in some way.
- When I ping b34-20 I get a reply from an ipv6 address (If I turn ipv6 off on the computer I get the ipv4 address). And I can remote in to the computer in remote desktop with the b34-20 name.
- When I do a nslookup, from windows or linux, on b34-20 I get an answer with the dns server name and address but not a fully qualified answer, it just says the dns server can’t find that hostname.
- It currently only works when I have a set name on the dhcp server with a matching netBios/computer name. I did try changing the hostname in just the fog host management entry for testing, but that didn’t do the trick. Even though setting hostnames to each computer would work, I’d like to avoid the extra maintenance of having two inventory systems, because if someone forgets to put a ip’s entry on the dhcp server back that ip won’t go to anyone and it can cause other ip conflicts when the mac address of a leftover computer is on the same subnet. So looking for a different work around, because being able to see in one spot whether or not any host on the network is up or not would be extremely useful.
I’d try using the FOG dhcp, as that would likely fix the problem, but that would be rather complicated to get working properly with an existing DHCP server connected to switches in the ceilings and walls I don’t have access to, it would probably break the network and such.
Sorry that this is such a complicated problem and thanks for the help. Once this is conquered I can try more on my next desire of getting the ipxe boot to boot to computers on the different subnets in different buildings that are on the same network/domain. Setting the dnsmasq/ltsp.conf dhcp-range to an address and netmask that would see all the addresses 10.2.112.x - 10.8.33.x doesn’t due the trick. i.e. 10.0.0.0,proxy,255.240.0.0 I also tried 255.0.0.0, the actual dhcp server address, the gateway of the fog server, the ip of the fog server, and a bunch of other stuff too. But that’s a problem for another day, unless fixing that somehow helps this other problem, which is possible because it has some to do with dhcp.
Thanks,
-JJ -
Why do you have this
The dhcp server gives a hostname based on the ip address it gives the computer, which can change when its lease ends.
-
I didn’t set that up, it’s just the way the network administrators set it up at the university many years ago before I was even here.
But, it looks like none of that matters now. After updating FOG to the most recent update it magically works the way it is. Because someone, most likely Tom Elliott, is a super hero magician server fixing machine and did something in the most recent commit that fixed my problem.
Now onto my subnet and snapin adventures.
Thanks for all the help
-JJ
