Problem with deployment in a physical machine / connection timeout

george1421

@Andre This is not logical.

back on the fog server can you execute this command:

cat /etc/exports

You should get something that looks like this

/images *(ro,sync,no_wdelay,no_subtree_check,insecure_locks,no_root_squash,insecure,fsid=0)
/images/dev *(rw,async,no_wdelay,no_subtree_check,no_root_squash,insecure,fsid=1)

The key to look for is the space, star ( * ) right after the share name. This restricts nfs access to specific hosts. The start means everyone.

Andre

@georgI have the same lines as you

george1421

@Andre Well then…

On the fog server can you run this command

rpcinfo -p
You will get an output like this

   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100227    2   tcp   2049
    100227    3   tcp   2049
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100227    2   udp   2049
    100227    3   udp   2049
    100021    1   udp  44805  nlockmgr
    100021    3   udp  44805  nlockmgr
    100021    4   udp  44805  nlockmgr
    100021    1   tcp  39255  nlockmgr
    100021    3   tcp  39255  nlockmgr
    100021    4   tcp  39255  nlockmgr
    100005    1   udp  37435  mountd
    100005    1   tcp  45499  mountd
    100005    2   udp  40066  mountd
    100005    2   tcp  33852  mountd
    100005    3   udp  59675  mountd
    100005    3   tcp  33362  mountd

The keys are to ensure that you have at least one portmapper and nfs and nfslockmgr entry.

And then please run this command
sudo ipables -L
The output should look like this:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination     

The last check is to ensure selinux has been set to permissive. The key is current mode == permissive.
sestatus
output:

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          permissive
Policy version:                 21
Policy from config file:        targeted

Andre

@george1421 Ok, for the first command I have this :

For the second command (sudo ipables -L), it says command not found

And for the third command (sestatus). I have to install “policycoreutils” and I have do this. And the result of the command “sestatus” :

Tom Elliott

@Andre This still sounds, very much, like a “NAT” vs. “Bridged” network problem.

I say this BECAUSE the connection is allowed from virtual space, but not a real machine.

Particularly your FOG Server is IP Address 192.168.230.10.

What’s the IP address your physical machines are pickin gup.

Andre

@Tom-Elliott The IP address of my physical machine is 192.168.230.23. I can ping my server FOG and my server FOG can ping my physical machine.

Tom Elliott

@Andre From the Physical machine can you please run:

passwd

Set a simple password
Hit me in chat
I want to remote in and help if at all possible via AnyDesk.

Andre

@Tom-Elliott where I run this command ?
And my network is a local network. I don’t have access to internet.

Tom Elliott

The passwd command would be on the machine you’re trying to image from.

If your machine that IS connected to the internet is able to communicate to your fogserver and your computer trying to be imaged, then the local network doesn’t need internet.

Andre

@Tom-Elliott I can’t run this command in my physical machine in cmd. My physical machine turns on Windows 10

Tom Elliott

@Andre You’re trying to image it? You would boot it like you’re doing an imaging task.

Make the task a debug by checking the “Schedule as Debug” before confirming the tasking.

Andre

@Tom-Elliott ok, but if you want to remote, I must have access to internet in my physical machine.

Tom Elliott

@Andre NO internet is not required. As long as the machine you’re talking to me with here has internet AND can communicate with the FOG Server at the same time, the physical machine does not need internet.

george1421

@Andre OK I’m getting lost here (sorry only one small cup of coffee so far).

Lets get some terminology defined here so I can understand what is going on.

We have a FOG server that is running on a vm. That shall be called the FOG or fog server.

We have a target computer that is what we are wanting to capture and deploy from. That shall be call FOS or the target computer (I don’t care if its physical, virtual or imaginary).

What is confusing is that we have an original fog server that I think keeps getting mixed into the conversation.

george1421

@Andre said in Problem with deployment in a physical machine / connection timeout:

For the second command (sudo ipables -L), it says command not found

For this command you are missing a letter. Its sudo iptables -L This one is important to know because this is the firewall on the fog server.

Your other commands are showing that nfs is up and operational on the FOG server.

And selinux is disabled. So we’ve almost ruled out the FOG server for being at fault here.

Looking at the IP addresses involved here, the FOG server is at IP address 192.168.230.10 and the target computer is at 192.168.230.23. So they are on the same subnet which rules out some kind of screening router between the two devices (FOG and FOS-target).

Andre

@george1421 Ok I do the command (sudo iptables -L) and I have the same as you

Quazz

@Andre What OS is the physical computer that hosts the virtual FOG server running?

Tom Elliott

@Quazz Windows 10.

The Virtual Host is VMWare Workstation.

The VMWare VM is Running, now, Ubuntu 16.04 (or should be last I talked.)

The problem is something specific to NFS based on my troubleshooting.

To test, I actually simply disabled the nfs service and tested, Immediately the System fails to connect. Other virtual machines have no problem communicating, just physical machines seem to not be able to get through.

We’ve turned off the firewall on the machine entirely so Windows is not blocking the connections. The network was tested with Host-only->Bridged, and NAT. Bridged is the appropriate thing to use, but while we were testing it was worth the extra effort.

I suspect the problem is something with return to the physical machine rather than a problem with the VM, Windows OS or not. There is a switch that the devices communicate through and I’m suspecting it’s this causing our problems.

@Andre do you have a “dummy” switch you could place between the FOG Server nic and the Main machine? You’d likely want to change the VM Nic to use NAT and make sure it’s setting the same machine to the same IP as your fog server is expecting. Essentially I’d like to remove the current switch from the scene almost altogether as I suspect the switch is preventing back communication.

Andre

@Tom-Elliott Ok, I will try something Monday, and I say something

Thank you for your help

Andre

Ok, I tried something. I have just put a cable ethernet between my VMs and my physical machine. And it happens to mount the nfs system file. But now when it arrives in “mounting partition” it failed and say “operation not permitted”. There is a picture :