Unsolved proxyDHCP Issue

Exig3nci

Hello,
I’m created a virtual mahine with Ubunutu Server (12.04.5) I’ve got the FOG software installed, now I’m trying to setup dnsmasq.
I’ve set the ltsp.conf file with the following, let’s say the ip for the server is 10.10.8.55

port=0
tftp-boot=\tftpboot
dhcp-option=undionly.kpxe,10.10.8.155,10.10.8.155
dhcp-option=17,/images
dhcp-option=vendor:PXEClient,6,2b
dhcp-o-override
pxe-prompt="Press F8 for boot menu", 3
pxe-service=X86PC, "Boot from network", undionly.kpxe
pxe-service=X86, "Boot fom local hard disk", 0
dhcp-range=10.10.8.155,proxy

I try to run “sudo service dnsmasq restart,” and it spits out: * Restarting DNS forwarder and DHCP server configuration syntax check [fail]
I also try to run “sudo dnsmasq -d,” but I get another error saying port 53 is already in use.
Is there something I’m missing?

Mod edited to use code box.

Wayne Workman

@Exig3nci said:

@Wayne-Workman Yes.
I’m running tcpdump on the Ubuntu vm, getting the file to my host machine through tftp, then opening it in Wireshark,

If you’re only getting three packets from TCPDump for the entire time that you’re attempting to network boot the target host, then you have a network communications issue with your VM and the target host.

Perhaps it’s a VM configuration, or a switch configuration, a DHCP Helper address configuration, or a DHCP configuration. But something is very wrong somewhere.

You should be seeing TONs of traffic, you should be seeing hundreds of packets.

To further troubleshoot this using TCPDump, we need to see what the target host is doing. For this, you will require a network hub (not a switch, a hub).

Place the hub between the target host and whatever network device it connects to. Then attach a laptop or something to the hub and boot a Live Linux CD on that computer and run TCPDump as you have before. Because the hub replicates all packets to all ports, the extra computer on the hub will be able to see all traffic coming and going to the target host.

If you use a graphical Live Linux distribution, you can even install wireshark directly on it and open the PCAP files right there or alternatively transfer them using a flash drive to a PC with wireshark on it.

Doing this will allow us to see what the client is receiving from DHCP and what - if anything - from dnsmasq.

Exig3nci

@Wayne-Workman Yes.
I’m running tcpdump on the Ubuntu vm, getting the file to my host machine through tftp, then opening it in Wireshark,

Wayne Workman

@Exig3nci Do you only get three packets?? Are you getting this pcap file from the FOG server itself?

Exig3nci

@Wayne-Workman Ah, attention to detail… sorry about that.
I’m assuming I have to look at the first one.

I’m not too sure how to read the packets.

Wayne Workman

@Exig3nci Can you try filtering using the target host’s MAC address using this method please?

eth.dst == 00:0C:CC:76:4E:07 || eth.src == 00:0C:CC:76:4E:07

Please replace the MAC with the target host’s MAC.

Exig3nci

@Wayne-Workman I’m only getting one piece of info when filtering the mac address:

Am I doing something wrong?

Wayne Workman

@Exig3nci said:

@Wayne-Workman So I got the issue.pcap file to work. It was a matter of putting
tftp -i 10.10.8.155 get issue.pcap instead of
tftp 10.10.8.155 get issue.pcap (Aiii yaaaa )
I’m not seeing any tftp protocols in the wireshark GUI, I’m assuming that it means my tftp config file isn’t setup properly.

Use the filter found here:
https://wiki.fogproject.org/wiki/index.php/TCPDump

Also, begin the TCPDump RIGHT BEFORE you turn on the target machine, and end the dump RIGHT AFTER you see the error.

Then examine the pcap file.

Exig3nci

@Wayne-Workman Also, I was able to get the undionly.0 file through tftp on my windows 7 machine.

Exig3nci

@Wayne-Workman So I got the issue.pcap file to work. It was a matter of putting
tftp -i 10.10.8.155 get issue.pcap instead of
tftp 10.10.8.155 get issue.pcap (Aiii yaaaa )
I’m not seeing any tftp protocols in the wireshark GUI, I’m assuming that it means my tftp config file isn’t setup properly.

Wayne Workman

@Exig3nci Also,

Please load a Linux Live CD and try DHCPDump. I just found it through some searching and I think that this is exactly what you need to troubleshoot your issue.

http://www.cyberciti.biz/faq/linux-unix-dhcpdump-monitor-dhcp-traffic/

I found this in the WiKi, might be worth looking over… https://wiki.fogproject.org/wiki/index.php/Not_passing_PXE,_or_ProxyDHCP...NO_PROBLEM_Cisco#Original_Issue

Wayne Workman

None of this is making any sense anymore.

Please check to see if options 066 and 067 are already set on your switches that handle DHCP.

Please check for IP conflicts with your FOG server.

Exig3nci

@Wayne-Workman I’ve been following the website you forwarded to me, but I keep getting the 425 error with ftp.
I can exchange files via tftp just fine. I’m able to connect to ftp://ipaddress as well.
I’ve changed both the tftp conf file, the ftp conf file, changed permissions, and firewall is turned off, but I still get the same error.
Any advice?

Wayne Workman

@Exig3nci There is an example here: https://wiki.fogproject.org/wiki/index.php/Troubleshoot_TFTP#Ubuntu:

Exig3nci

@Wayne-Workman Yeah, still no luck.
Although I got another error message PXE-E32.
What does your tftp-hpa file look like?

Wayne Workman

@Exig3nci I’ve been thinking, and I think it would be worth the time to try to transfer the pcap file via FTP instead of TFTP just to see if it makes a difference or not.

Can you please place the pcap file inside of your /images directory and then try to get the file following the instructions found here: https://wiki.fogproject.org/wiki/index.php/Troubleshoot_FTP

Wayne Workman

@Exig3nci said:

@Wayne-Workman I’m also just trying to run WireShark on my VM nic cards from my Windows 7 machine, think that will work?

At this point, it’s worth a shot for sure.

Exig3nci

@Wayne-Workman I’m also just trying to run WireShark on my VM nic cards from my Windows 7 machine, think that will work?

Exig3nci

@Wayne-Workman So I have an older version of WireShark (1.10.4) I’ve set tftp in binary mode:
tftp
tftp> binary
Ran this command:
sudo tcpdump -w issue.pcap -i eth0 -c 65535
But I still get the same issue, The packet limit error on WireShark is capped at 65535, but the command in Ubuntu still runs.
Am I doing this correct? I have to break the command with Ctrl+C to get it to stop and it still goes over by many bytes.

Wayne Workman

@Exig3nci Try setting the maximum packet size via TCPDump to exactly what the error says…

262144

Then after you do a capture with that setting and put the file in the /tftpboot directory, make sure you use binary mode to transfer via TFTP.

You might also try some older versions of WireShark https://www.wireshark.org/download/win32/all-versions/