Yes another TFTP issue..



  • Hey peeps. I am beating my head against a brick wall trying to figure this out.

    3 different installs of FOG from Ubuntu 14.4, 12.04, and now Debian 7.
    Running in Virtual Box, bridged adapter.
    None of them are working with regards to TFTP.
    Options have been set in DHCP (Kerio Control Firewall)

    Followed this article: http://www.fogproject.org/wiki/index.php/Tftp_timeout
    Not helping.

    I can run command from Fog Server:
    tftp -v 10.0.7.68 -c get undionly.kpxe
    Connected to 10.0.7.68 (10.0.7.68), port 69
    getting from 10.0.7.68:undionly.kpxe to undionly.kpxe [netascii]

    Received 103273 bytes in 0.5 seconds [1683856 bit/s]

    From a windows machine when I run I get a timeout. (currently either a separate machine or the host machine of this server)
    When trying to make virtual machine TFTP from inside Virtual box as well I get the same results, timeout.
    Seems to me like it would not be a switching issue being on the same bridged adapter, but I could be wrong.



  • Wanted to update that I have completly removed Kerio DHCP from the picture and using DHCP MAC filtering to run duel TFTP servers. One for phones and the other for fog works perfect here is config for DHCPd if anyone is interested:



  • Uncle Frank thank you so much for the 1on1 help with this. So that we have written documentation of the issue at hand.
    The customer has a Kerio Control Firewall (8.4.3 Build 3108) which as I suspected was causing the issues with “Next-Server” IP.
    The Customer DHCP server would assume control of this rather than Option 67.

    Uncle Frank found the article : http://forums.kerio.com/t/27905/dhcp-server-kerio-control-and-tftp
    Which suggests that Control does not support TFTP.
    Uncle Frank setup DHCP on the Fog server and it worked like a charm.
    Currently there is a ticket with Kerio about this issue. I will update when I find out more.
    Thanks Uncle Frank, enjoy your dinner out with the GF courtesy of sourceminer :-)


  • Senior Developer

    Is your FOG Server’s IP address set to 10.0.7.1? If this is the case, you could simply try adjusting the default.ipxe file directly to point to the proper 10.0.7.68 IP you’re expecting tftp to come from.



  • Ran a wire shark, seems to be coming from the Fog server itself. I just dont understand why this seems so hard to get this TFTP server to work. 4 Installs with different flavors and not a single one working. Im running out of time trying to get this project working. I have spent 24 hours researching and havent even started the imaging process. If anyone has some time today, I would be interested in paying someone who has experience with this to help me out. PM me if your interested.



  • Sorry to change the topic but its related to some degree. So I found the option to use Fog with an unmodifiable DHCP server.
    http://www.fogproject.org/wiki/index.php?title=Using_FOG_with_an_unmodifiable_DHCP_server/_Using_FOG_with_no_DHCP_server#Environment

    So I installed this DHCPProxy on my test server, good news is I am getting some action now. Bad news is still not getting the FOG boot menu.

    iPXE starts up and see’s the fog server at 10.0.5.240 attempts to boot to default.ipxe but says still the connection timed out.
    The WIki suggests 2 options but I am confused as to which one to use, doesnt seem to make clear when to use one or the other.
    Running the latest version of Fog I am to assume its the first ltsp.conf to create. Still no bueno.


  • Developer

    You can use wireshark to check which options are set in the DHCP answers…



  • @Uncle Frank, I did check the Fog Settings like you suggested and the Host IP is indeed set to the fog servers static IP.

    I wanted to include that I created a lab at my location instead of customer and was able to re-produce the issue with the variant of Kerio Control Firewall DHCP

    Confirmed that in my lab from my Mac machine I am able to communicate and receive the undionly.kpxe from the tftp client however from a PXE boot this is not the case same issue. Just called and reported an issue with Kerio Control. Halfway tempted to use another DHCP server but that may require more than I want to deal with right now.


  • Moderator

    Have you tried this FOG build on a regular machine? Like, a physical machine and not a VM?

    Can you walk over to the switch that FOG is using, and plug into (the same v-lan if you have them) a port using a laptop? Try to boot from network and see what happens?



  • Yes I realize that this seems to be an issue with option 66, as you can see above the DHCP server is sending the correct options.

    Will have to do a wireshark.


  • Moderator

    https://www.dropbox.com/s/co56w10cqkakfjy/2015-03-24_13-19-50.jpg?dl=0

    I guess I will have to do a wireshark.http://fogproject.org/wiki/index.php/Unable_to_connect_to_tftp_server

    Double check those fields are right…

    I also recommend WireShark, as Uncle Frank suggested.


  • Developer

    Seems like you have a setting wrong in the web gui… please check all the IP addresses in FOG settings in the web interface!

    Edit: See FOG Settings -> TFTP Server -> FOG_TFTP_HOST



  • Wayne, ran your commands and didnt change anything.
    What is interesting is the messaging from the PXE Boot next server: 10.0.7.1 (what happened to 10.0.7.68?)
    !https://www.dropbox.com/s/co56w10cqkakfjy/2015-03-24_13-19-50.jpg?dl=0

    I guess I will have to do a wireshark.


  • Developer

    I guess you are best of helping yourself with wireshark. Install it on whichever client you try to test the tftp command from and capture the packets to see what it really does.

    If you are really keen you can capture the packets on your server too. Best to use would be tcpdump writing the packets to a dump file, download it to your client and open it up with wireshark again…

    tcpdump -i eth0 -w tftp.pcap udp
    

    Note: the string ‘udp’ is a filter so that you don’t see all the SSH and HTTP traffic in you dump file (would be huge…).


  • Moderator

    Set permissions on you tftp boot directory:

    chmod 777 /tftpboot
    

    Restart the TFTP service on Debian:

    service tftpd-hpa restart
    

    Also, you might wanna check these files to be sure there’s no craziness going on in there:

    /etc/hosts.allow
    /etc/hosts.deny
    

    Have you tried to access the tftpboot directory from another client that has it’s firewall turned off?



  • Also verified that DHCP is indeed passing the correct options:
    [24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: <<<<<<<<<< option dump end
    [24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: generated options >>>>>>>>>>
    [24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: 053 Message type : 2
    [24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: 054 Server identifier : 10.0.7.1
    [24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: 051 Lease time : P4D
    [24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: 001 Subnet mask : 255.255.255.0
    [24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: 003 Default gateway : 10.0.7.1
    [24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: 006 DNS server : 10.0.7.1
    [24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: 066 TFTP server name : 10.0.7.68
    [24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: 067 Bootfile name : undionly.kpxe
    [24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: 255 DHO_END
    [24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: <<<<<<<<<< option dump end



  • I ran the commands as suggested in the wiki:

    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD ACCEPT


  • Senior Developer

    Have you ensured firewall is disabled?


Log in to reply
 

495
Online

38916
Users

10685
Topics

101363
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.