Yes another TFTP issue..
-
Hey peeps. I am beating my head against a brick wall trying to figure this out.
3 different installs of FOG from Ubuntu 14.4, 12.04, and now Debian 7.
Running in Virtual Box, bridged adapter.
None of them are working with regards to TFTP.
Options have been set in DHCP (Kerio Control Firewall)Followed this article: [url]http://www.fogproject.org/wiki/index.php/Tftp_timeout[/url]…
Not helping.I can run command from Fog Server:
tftp -v 10.0.7.68 -c get undionly.kpxe
Connected to 10.0.7.68 (10.0.7.68), port 69
getting from 10.0.7.68:undionly.kpxe to undionly.kpxe [netascii]Received 103273 bytes in 0.5 seconds [1683856 bit/s]
From a windows machine when I run I get a timeout. (currently either a separate machine or the host machine of this server)
When trying to make virtual machine TFTP from inside Virtual box as well I get the same results, timeout.
Seems to me like it would not be a switching issue being on the same bridged adapter, but I could be wrong. -
Have you ensured firewall is disabled?
-
I ran the commands as suggested in the wiki:[URL=‘http://www.fogproject.org/wiki/index.php/Tftp_timeout’][COLOR=#737373] http://www.fogproject.org/wiki/index.php/Tftp_timeout[/COLOR][/URL]
[COLOR=#000000][FONT=monospace]iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT[/FONT][/COLOR] -
Also verified that DHCP is indeed passing the correct options:
[24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: <<<<<<<<<< option dump end
[24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: generated options >>>>>>>>>>
[24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: 053 Message type : 2
[24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: 054 Server identifier : 10.0.7.1
[24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: 051 Lease time : P4D
[24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: 001 Subnet mask : 255.255.255.0
[24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: 003 Default gateway : 10.0.7.1
[24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: 006 DNS server : 10.0.7.1
[24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: 066 TFTP server name : 10.0.7.68
[24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: 067 Bootfile name : undionly.kpxe
[24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: 255 DHO_END
[24/Mar/2015 12:30:29] {dhcp_opt} DHCP option handler [Transaction ID 0x5947DC22]: <<<<<<<<<< option dump end -
Set permissions on you tftp boot directory:
[CODE]chmod 777 /tftpboot[/CODE]Restart the TFTP service on Debian:
[CODE]service tftpd-hpa restart[/CODE]Also, you might wanna check these files to be sure there’s no craziness going on in there:
[CODE]/etc/hosts.allow
/etc/hosts.deny[/CODE]Have you tried to access the tftpboot directory from another client that has it’s firewall turned off?
-
I guess you are best of helping yourself with wireshark. Install it on whichever client you try to test the tftp command from and capture the packets to see what it really does.
If you are really keen you can capture the packets on your server too. Best to use would be tcpdump writing the packets to a dump file, download it to your client and open it up with wireshark again…
[CODE]tcpdump -i eth0 -w tftp.pcap udp[/CODE]
Note: the string ‘udp’ is a filter so that you don’t see all the SSH and HTTP traffic in you dump file (would be huge…).
-
Wayne, ran your commands and didnt change anything.
What is interesting is the messaging from the PXE Boot next server: 10.0.7.1 (what happened to 10.0.7.68?)
[IMG]https://www.dropbox.com/s/co56w10cqkakfjy/2015-03-24_13-19-50.jpg?dl=0[/IMG] [url]https://www.dropbox.com/s/co56w10cqkakfjy/2015-03-24_13-19-50.jpg?dl=0[/url]I guess I will have to do a wireshark.
-
Seems like you have a setting wrong in the web gui… please check all the IP addresses in FOG settings in the web interface!
Edit: See FOG Settings -> TFTP Server -> FOG_TFTP_HOST
-
[quote=“sourceminer, post: 44331, member: 29126”]Wayne, ran your commands and didnt change anything.
What is interesting is the messaging from the PXE Boot next server: 10.0.7.1 (what happened to 10.0.7.68?)
[IMG]https://www.dropbox.com/s/co56w10cqkakfjy/2015-03-24_13-19-50.jpg?dl=0[/IMG] [url]https://www.dropbox.com/s/co56w10cqkakfjy/2015-03-24_13-19-50.jpg?dl=0[/url]I guess I will have to do a wireshark.[/quote]
the next-server should be the FOG server. That’s set with option 066 (i think) in Windows Server DHCP. There should only be a next-server if you’re using ProxyDHCP. (someone correct me if I’m wrong?) But, the DHCP options shouldn’t stop you from getting a file via tftp.
Maybe back to the basics…
[url]http://fogproject.org/wiki/index.php/Unable_to_connect_to_tftp_server[/url]Double check those fields are right…
I also recommend WireShark, as Uncle Frank suggested.
-
Yes I realize that this seems to be an issue with option 66, as you can see above the DHCP server is sending the correct options.
Will have to do a wireshark.
-
Have you tried this FOG build on a regular machine? Like, a physical machine and not a VM?
Can you walk over to the switch that FOG is using, and plug into (the same v-lan if you have them) a port using a laptop? Try to boot from network and see what happens?
-
@Uncle Frank, I did check the Fog Settings like you suggested and the Host IP is indeed set to the fog servers static IP.
I wanted to include that I created a lab at my location instead of customer and was able to re-produce the issue with the variant of Kerio Control Firewall DHCP
Confirmed that in my lab from my Mac machine I am able to communicate and receive the undionly.kpxe from the tftp client however from a PXE boot this is not the case same issue. Just called and reported an issue with Kerio Control. Halfway tempted to use another DHCP server but that may require more than I want to deal with right now.
-
You can use wireshark to check which options are set in the DHCP answers…
-
Sorry to change the topic but its related to some degree. So I found the option to use Fog with an unmodifiable DHCP server.
[url]http://www.fogproject.org/wiki/index.php?title=Using_FOG_with_an_unmodifiable_DHCP_server/_Using_FOG_with_no_DHCP_server#Environment[/url]So I installed this DHCPProxy on my test server, good news is I am getting some action now. Bad news is still not getting the FOG boot menu.
iPXE starts up and see’s the fog server at 10.0.5.240 attempts to boot to default.ipxe but says still the connection timed out.
The WIki suggests 2 options but I am confused as to which one to use, doesnt seem to make clear when to use one or the other.
Running the latest version of Fog I am to assume its the first ltsp.conf to create. Still no bueno. -
Ran a wire shark, seems to be coming from the Fog server itself. I just dont understand why this seems so hard to get this TFTP server to work. 4 Installs with different flavors and not a single one working. Im running out of time trying to get this project working. I have spent 24 hours researching and havent even started the imaging process. If anyone has some time today, I would be interested in paying someone who has experience with this to help me out. PM me if your interested.
-
Is your FOG Server’s IP address set to 10.0.7.1? If this is the case, you could simply try adjusting the default.ipxe file directly to point to the proper 10.0.7.68 IP you’re expecting tftp to come from.
-
Uncle Frank thank you so much for the 1on1 help with this. So that we have written documentation of the issue at hand.
The customer has a Kerio Control Firewall (8.4.3 Build 3108) which as I suspected was causing the issues with “Next-Server” IP.
The Customer DHCP server would assume control of this rather than Option 67.Uncle Frank found the article : [url]http://forums.kerio.com/t/27905/dhcp-server-kerio-control-and-tftp[/url]
Which suggests that Control does not support TFTP.
Uncle Frank setup DHCP on the Fog server and it worked like a charm.
Currently there is a ticket with Kerio about this issue. I will update when I find out more.
Thanks Uncle Frank, enjoy your dinner out with the GF courtesy of sourceminer
-
Wanted to update that I have completly removed Kerio DHCP from the picture and using DHCP MAC filtering to run duel TFTP servers. One for phones and the other for fog works perfect here is config for DHCPd if anyone is interested:
[CODE]ddns-update-style none;
default-lease-time 432000;
max-lease-time 432000;
authoritative;
log-facility local7;class “phones” {
match if binary-to-ascii(16,8,“:”,substring(hardware,0,4)) = “1:0:4:f2”;
}class “other” {
match if not(binary-to-ascii(16,8,“:”,substring(hardware,0,4)) = “1:0:4:f2”);
}subnet
subnet 10.0.7.0 netmask 255.255.255.0 {
option routers 10.0.7.1;
option domain-name-servers 10.0.7.1, 8.8.8.8;
pool {
range dynamic-bootp 10.0.7.45 10.0.7.155;
deny members of “phones”;
allow members of “other”;
next-server 10.0.7.68;
filename “undionly.kpxe”;
}
pool {
range 10.0.7.11 10.0.7.44;
allow members of “phones”;
deny members of “other”;
option tftp-server-name “http://phonepbx.url.com/epmcfg/”;
}
}[/CODE]
