The dreaded PXE-E32
-
I have recently install Ubuntu Server 10.04 and subsequently FOG on a Dell Optiplex GX520 and attempted to deploy her in an existing network which uses a single Firewall/DHCP device to handle business. I’ve got the DHCP options set up okay at this point but, as the title suggests, after all that hard work I am getting PXE-E32 when attempting to boot a PC to the network.
The fun bit - I have tested TFTP <ip> get pxelinux.0 on both a windows PC and a linux box.
The linux box grabbed the file without a single issue.
The windows PC timed out.Ideas?
-
When you say that you’ve tested TFTP. Do you mean through the OS, or you actually PXE booted the PC’s and the linux box could boot to the FOG menu and the Windows box couldn’t?
-
[quote=“Kevin, post: 1262, member: 3”]When you say that you’ve tested TFTP. Do you mean through the OS, or you actually PXE booted the PC’s and the linux box could boot to the FOG menu and the Windows box couldn’t?[/quote]
I tested TFTP through the OS.
Nothing is able to boot to the FOG menu at this moment. -
Is your FOG server isolated on its own network, or is it on a live network environment?
-
[quote=“Kevin, post: 1264, member: 3”]Is your FOG server isolated on its own network, or is it on a live network environment?[/quote]
She is on a live network right now. I have a FortiGate 80c set up as a firewall and DHCP server, it was a pain but options 66 and 67 are set there already, as well as a hold on 0.90 (The FOG server’s IP address) so that only the FOG server may have it. I do not have any other cloning servers here, though I do have one server set up for outside access - I can’t imagine it would be causing any trouble as it’s only laying claim to port 80. Note - the firewall has been set to allow all internal-to-internal traffic without interruption, regardless of port or IP address.
-
Ok, one last question before this really gets chipped away at. When you setup the FOG server, did you set it up to act as a DHCP server to assign IP’s to the PXE clients? Or did you setup FOG to point to your DHCP server to have your actual DHCP server assign IP’s to your PXE clients?
-
[quote=“Kevin, post: 1266, member: 3”]Ok, one last question before this really gets chipped away at. When you setup the FOG server, did you set it up to act as a DHCP server to assign IP’s to the PXE clients? Or did you setup FOG to point to your DHCP server to have your actual DHCP server assign IP’s to your PXE clients?[/quote]
Option number two, Mr.Kevin, FOG points to the already-in-place DHCP server to assign them IP addresses.
-
So, I may be wrong, but if you aren’t using a Windows server, it might not actually be ports 66 and 67 that you need to configure. Try to configure port 69 UDP on your FortiGate as this is that devices TFTP port.
Page 260 of this document:
-
Alrighty! I’ll have another crack at her on Monday - that’ll be the first thing I do.
Thank you very, very much![quote=“Kevin, post: 1268, member: 3”]So, I may be wrong, but if you aren’t using a Windows server, it might not actually be ports 66 and 67 that you need to configure. Try to configure port 69 UDP on your FortiGate as this is that devices TFTP port.
Page 260 of this document:
[URL=‘https://encrypted.google.com/url?sa=t&rct=j&q=allow tftp traffic fortigate&source=web&cd=1&ved=0CCYQFjAA&url=http%3A%2F%2Fdocs.fortinet.com%2Ffgt%2Fhandbook%2F40mr3%2Ffortigate-system-admin-40-mr3.pdf&ei=Y-I1T7mfD8angwfZu-znBQ&usg=AFQjCNEcUiMM5JstGxmRc9AAzBTvVXsmCw&sig2=28Eu3vcZ9-Gea-hmSQw0rA&cad=rja’]https://encrypted.google.com/url?sa=t&rct=j&q=allow tftp traffic fortigate&source=web&cd=1&ved=0CCYQFjAA&url=http://docs.fortinet.com/fgt/handbook/40mr3/fortigate-system-admin-40-mr3.pdf&ei=Y-I1T7mfD8angwfZu-znBQ&usg=AFQjCNEcUiMM5JstGxmRc9AAzBTvVXsmCw&sig2=28Eu3vcZ9-Gea-hmSQw0rA&cad=rja[/URL][/quote]
-
Keep us posted on what you find out and good luck!
-
Okay, so after double checking my work on the security protocol, I’m certain I’ve got that much right… I’m also halfway certain that 66 & 67 are set proper but I’m trying to find a code index to check that. At this point, no technical progress has been made, sadly. Back to the drawing board!
EDIT: That shouldn’t be effecting the ability of Windows to perform a tftp get command, though. If the port is open, what am I missing here?
-
I’m going to have a go at setting it up with an “unmodifiable DHCP server” a’la FOG setup guide.
-
G
[quote=“songnar, post: 1322, member: 480”]I’m going to have a go at setting it up with an “unmodifiable DHCP server” a’la FOG setup guide.[/quote]
Good news!
No, wait, bad news! That didn’t work out either. Nuts.I’ve gone back to my original plan, set up FOG to forward DHCP to the DHCP server which tells PXE booting clients where to find the pxelinux.0 file…
I still have not been able to get windows to successfully TFTP 192.168.X.X get pxelinux.0 to work either.
I’m fairly certain that the TFTP server is running as I can do TFTP get from-to the server in terminal.
I have blasted open ALL internal-to-internal ports. Still PXE-E32.Baffling.
-
Problem found!
We have a multi-system VoIP configuration on our network. It is using port 69.
Now…what’s plan B?
-
Okay, I’m going to try something stupid, maybe I’ll get lucky.
I am going to set up FOG to provide DHCP but it will have an IP range of 0.151 to 0.181, the fortigate is providing addresses from 0.1 to 0.150.
I will disable option 67 but leave option 66 on and pointing to the FOG server which will have an address within the 1-150 range.
Bets, anyone?
-
PROBLEM FOUND!
The ultimate issue in my system has been located.
Shame it’s not a cake in the manifold.I popped in gPXE into a machine and got some useful output… The bloody Fortigate isn’t passing option 66! It’s trying to use 0.254 (the gateway) as the TFTP server even though I have calm explained to it that the TFTP server is at 0.90!
What is a guy to do?
-
Had a similar problem. Option 66 is being passed but the next-server in the bootp wasn’t set. Try using the CLI on the fortigate to go in and edit the DHCP settings.
From the CLI:
FORT-310B # config vdom
FORT-310B (vdom) # edit <vdom name>
FORT-310B (<vdom name>) # config system dhcp server
FORT-310B (server) # edit 1 //Replace 1 with the number of the DHCP server id on the fortigate if more than one configured
FORT-310B (1) # [COLOR=#ff0000][B]set next-server 192.168.X.X[/B][/COLOR]
FORT-310B (1) # end