@george1421 I found a solution. I am not totally sure why the problem occur, but now i know what i have to do to get the PXE boot running. There is selfbulid captive portal running on 10.0.2.2 that uses IPTABELS to allow access to the internet. By logging on captive portal an other rule is added to the IPTABELS PREROUTING nat chain
ACCEPT all -- anywhere anywhere MAC 44:37:E6:B8:85:78
In this chain there are some standard rules on top and bottom.
DNAT tcp -- anywhere anywhere tcp dpt:domain to:10.0.2.2
DNAT tcp -- anywhere anywhere tcp dpt:domain to:10.0.2.2
ACCEPT all -- anywhere anywhere MAC 44:37:E6:B8:85:78
ACCEPT all -- anywhere 10.255.255.255
ACCEPT all -- anywhere 224.0.0.252
NFLOG all -- anywhere anywhere
DOCKER all -- anywhere anywhere ADD RTYPE match dst-type LOCAL
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
DNAT tcp -- anywhere anywhere tcp dpt:https to:10.0.2.2:443
DNAT tcp -- anywhere anywhere to: 10.0.2.2:80
DNAT udp -- anywhere anywhere to: 10.0.2.2:42
Usually it is not a problem to reach IP addresses in the LAN if you are not logged in to the captive portal. I explicitly tested it today. If I am in windows and am not logged in to the captive portal, I can access all other websites in the LAN in the browser, except the FOG management portal on 10.0.32.180.
It looks the same with the boot process. If the computer is logged on to the captive portal then the PXE boot works without any problems.
If the computer is not registered on the captive portal then I always get the “TFTP timend out” message.
I just didn’t get the captive portal to play a role in this.
Many thanks to george1421 und Sebsatian Roth for the help.