RE: FOG delay then skip "Running post init scripts..." with UFW Enabled

@george1421 Ah so that is a dynamic port for both incoming and outgoing? Because I noticed in the logs that the outgoing kept changing but incoming 41257/tcp remained constant. I’ve read the NFSv4 tutorial and it does seem a bit involved. I have to study it further until I’m comfortable to move from v3 to v4.

THAT WAS IT!!!

I had to allow incoming 41257/tcp and now the postinit script runs and the customhostname script runs without delay!

@george1421 I found this after running netstat -anp | grep 41257

tcp        0      0 0.0.0.0:41257           0.0.0.0:*               LISTEN      903/rpc.mountd 

I will try to allow TCP 41257 incoming and report back.

@george1421 This is the log from ufw that I just pulled while trying it again, hopefully it shows something useful. I’m not sure what port is defined as here:

administrator@ncitimageserver:~$ sudo less /var/log/ufw.log | grep client_IP
May 31 18:28:39 ncitimageserver kernel: [598709.524681] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35279 DF PROTO=TCP SPT=848 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 18:28:40 ncitimageserver kernel: [598710.525640] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35280 DF PROTO=TCP SPT=848 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 18:28:42 ncitimageserver kernel: [598712.574205] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35281 DF PROTO=TCP SPT=848 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 18:28:46 ncitimageserver kernel: [598716.605686] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35282 DF PROTO=TCP SPT=848 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 18:28:54 ncitimageserver kernel: [598724.988583] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35283 DF PROTO=TCP SPT=848 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 18:29:10 ncitimageserver kernel: [598741.372912] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35284 DF PROTO=TCP SPT=848 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 18:29:43 ncitimageserver kernel: [598773.628034] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35285 DF PROTO=TCP SPT=848 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 18:30:49 ncitimageserver kernel: [598839.675855] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=51785 DF PROTO=TCP SPT=849 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 18:30:50 ncitimageserver kernel: [598840.824548] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=51786 DF PROTO=TCP SPT=849 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 18:31:04 ncitimageserver kernel: [598855.178580] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=51789 DF PROTO=TCP SPT=849 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 18:31:20 ncitimageserver kernel: [598871.418287] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=51790 DF PROTO=TCP SPT=849 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 18:59:54 ncitimageserver kernel: [600584.900335] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13454 DF PROTO=TCP SPT=763 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 18:59:55 ncitimageserver kernel: [600585.925221] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13455 DF PROTO=TCP SPT=763 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 18:59:57 ncitimageserver kernel: [600588.204615] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13456 DF PROTO=TCP SPT=763 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:00:02 ncitimageserver kernel: [600592.581160] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13457 DF PROTO=TCP SPT=763 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:00:10 ncitimageserver kernel: [600600.772906] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13458 DF PROTO=TCP SPT=763 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:00:26 ncitimageserver kernel: [600617.156694] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13459 DF PROTO=TCP SPT=763 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:00:59 ncitimageserver kernel: [600649.508087] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13460 DF PROTO=TCP SPT=763 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:02:04 ncitimageserver kernel: [600715.201279] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21317 DF PROTO=TCP SPT=856 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:02:05 ncitimageserver kernel: [600716.227064] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21318 DF PROTO=TCP SPT=856 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:02:07 ncitimageserver kernel: [600718.274352] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21319 DF PROTO=TCP SPT=856 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:02:20 ncitimageserver kernel: [600730.818586] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21321 DF PROTO=TCP SPT=856 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:02:36 ncitimageserver kernel: [600747.201524] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21322 DF PROTO=TCP SPT=856 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:11:19 ncitimageserver kernel: [601269.871776] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6393 DF PROTO=TCP SPT=838 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:11:20 ncitimageserver kernel: [601270.912073] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6394 DF PROTO=TCP SPT=838 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:11:22 ncitimageserver kernel: [601272.961468] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6395 DF PROTO=TCP SPT=838 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:11:26 ncitimageserver kernel: [601276.994434] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6396 DF PROTO=TCP SPT=838 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:11:35 ncitimageserver kernel: [601285.507050] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6397 DF PROTO=TCP SPT=838 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:11:51 ncitimageserver kernel: [601301.889730] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6398 DF PROTO=TCP SPT=838 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:12:23 ncitimageserver kernel: [601334.145989] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6399 DF PROTO=TCP SPT=838 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:13:29 ncitimageserver kernel: [601400.192804] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43619 DF PROTO=TCP SPT=968 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:13:30 ncitimageserver kernel: [601401.216466] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43620 DF PROTO=TCP SPT=968 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:13:32 ncitimageserver kernel: [601403.264053] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43621 DF PROTO=TCP SPT=968 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:13:45 ncitimageserver kernel: [601415.551448] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43623 DF PROTO=TCP SPT=968 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:14:01 ncitimageserver kernel: [601431.935066] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43624 DF PROTO=TCP SPT=968 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:17:46 ncitimageserver kernel: [601657.199314] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43876 DF PROTO=TCP SPT=985 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:17:47 ncitimageserver kernel: [601658.241876] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43877 DF PROTO=TCP SPT=985 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:17:49 ncitimageserver kernel: [601660.289097] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43878 DF PROTO=TCP SPT=985 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:17:53 ncitimageserver kernel: [601664.321116] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43879 DF PROTO=TCP SPT=985 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:18:01 ncitimageserver kernel: [601672.449556] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43880 DF PROTO=TCP SPT=985 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:18:18 ncitimageserver kernel: [601688.833380] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43881 DF PROTO=TCP SPT=985 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:18:50 ncitimageserver kernel: [601721.088681] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43882 DF PROTO=TCP SPT=985 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:19:51 ncitimageserver kernel: [601782.324070] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=15559 DF PROTO=TCP SPT=952 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:19:52 ncitimageserver kernel: [601783.342553] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=15560 DF PROTO=TCP SPT=952 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:19:54 ncitimageserver kernel: [601785.390980] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=15561 DF PROTO=TCP SPT=952 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:19:58 ncitimageserver kernel: [601789.423087] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=15562 DF PROTO=TCP SPT=952 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 19:20:07 ncitimageserver kernel: [601797.614190] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=15563 DF PROTO=TCP SPT=952 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 20:20:23 ncitimageserver kernel: [605414.476663] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=40747 DF PROTO=TCP SPT=679 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 20:20:24 ncitimageserver kernel: [605415.479902] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=40748 DF PROTO=TCP SPT=679 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 20:20:27 ncitimageserver kernel: [605417.535465] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=40749 DF PROTO=TCP SPT=679 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 20:20:31 ncitimageserver kernel: [605421.559523] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=40750 DF PROTO=TCP SPT=679 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 20:20:39 ncitimageserver kernel: [605429.751249] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=40751 DF PROTO=TCP SPT=679 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 20:20:55 ncitimageserver kernel: [605446.134847] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=40752 DF PROTO=TCP SPT=679 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 20:21:27 ncitimageserver kernel: [605478.399327] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=40753 DF PROTO=TCP SPT=679 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 20:22:19 ncitimageserver kernel: [605529.594905] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=26914 DF PROTO=TCP SPT=959 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 20:22:20 ncitimageserver kernel: [605530.609908] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=26915 DF PROTO=TCP SPT=959 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 20:22:22 ncitimageserver kernel: [605532.658072] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=26916 DF PROTO=TCP SPT=959 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 20:22:26 ncitimageserver kernel: [605536.690019] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=26917 DF PROTO=TCP SPT=959 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 20:22:34 ncitimageserver kernel: [605544.946503] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=26918 DF PROTO=TCP SPT=959 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 20:22:50 ncitimageserver kernel: [605561.329865] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=26919 DF PROTO=TCP SPT=959 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 
May 31 20:23:23 ncitimageserver kernel: [605593.584863] [UFW BLOCK] IN=eno1 OUT= MAC=90:b1:1c:26:98:ee:08:00:27:be:19:06:08:00 SRC=client_IP DST=fog_IP LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=26920 DF PROTO=TCP SPT=959 DPT=41257 WINDOW=64240 RES=0x00 SYN URGP=0 

I tried disabling the fog.customhostname postinit script, the delay is still there. I tried changing 8.8.8.8 in the script to our own internal DNS server, same result. I don’t know if this is a Linux or FOG issue, hopefully someone can shed some light, but I’ll keep digging.

@p4cm4n ipxe is loaded from the USB drive, EFI/BOOT/bootx64.efi. This file is actually the ipxe.efi kernel file taken from my FOG server in /tftproot/

@p4cm4n You know now that I think about it, if the remote DHCP server does not have the fog server IP set as the DHCP relay server, then this could be why ipxe process is asking for the tftp server.

@p4cm4n Yes there are managed firewalls, DHCP servers, switches between the FOG server and the client workstation in the screenshot above.

@p4cm4n Yes, the script runs without delay when UFW is disabled.

Here is a script that pulls the serialnumber from a device’s firmware and autopopulates it in the “Enter hostname for this computer:” field during Full Registration. The script is /images/postiniscripts/fog.customhostname. I can ping 8.8.8.8 from the FOG server so I don’t think UFW is blocking that. Important note, when UFW is disabled, there is no delay.

#!/bin/bash

zmyip=`ip route get 8.8.8.8 | awk 'NR==1 {print $NF}' | cut -d "." -f1-2`;

case "${zmyip}" in
     10.1)
         zsitecode="NYC";
         ;;
     10.2)
         zsitecode="LA";
         ;;
     *)
         # Default code for the unknowns
         zsitecode="CRP";
         ;;
esac

zchassis=`dmidecode -s chassis-type`;
zchassis="${zchassis%"${zchassis##*[![:space:]]}"}";  #Remove training space
zchassis="${zchassis,,}"; # Convert string to lower

if [ "$zchassis" == "laptop" ]; then
    zchtype="P";
elif [ "$zchassis" == "tablet" ]; then
    zchtype="T";
else
    # Everything else is a desktop
    zchtype="D";
fi

zserialno=`dmidecode -s chassis-serial-number`;
zserialno="${zserialno%"${zserialno##*[![:space:]]}"}";  # Remove trailing whitespace

# get the serial no from the baseboard if chassis doesn't give it up
if [ "$zserialno" == "" ]; then
    zserialno=`dmidecode -s baseboard-serial-number`;
    zserialno="${zserialno%"${zserialno##*[![:space:]]}"}";
fi

LEN=$(echo ${#zserialno});
if [ "$LEN" -gt 11 ]; then
    # get the right most characters of the serial number (usually the most
    # unique characters). Logic for 11 is Site(3)+HW(1)+Serial(11)=15 characters
    zserialno=${zserialno:(-11)};
fi

# default host name is returned to the fog.man.reg script
host_default_name="$zserialno";

Here are my UFW rules in /etc/ufw.user.rules:

### RULES ###

### tuple ### allow tcp 3306 0.0.0.0/0 any fogserver2 in
-A ufw-user-input -p tcp --dport 3306 -s fogserver2 -j ACCEPT

### tuple ### allow tcp 21,80,111,138,139,443,445,2049,20048 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp -m multiport --dports 21,80,111,138,139,443,445,2049,20048 -j ACCEPT

### tuple ### allow udp 66,67,68,69,111,137,4011 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p udp -m multiport --dports 66,67,68,69,111,137,4011 -j ACCEPT

This is the screen where there is a huge delay

then it skips the Post init script

I noticed that when I boot the FOG ipxe kernel from USB on a different subnet than where the FOG is I get asked to enter the tftp server address. This doesn’t happen on the same subnet. Is there something I need to adjust on the FOG server?

@chrisakak9
I think this is what you might need
https://forums.fogproject.org/topic/10944/using-fog-to-pxe-boot-into-your-favorite-installer-images/22

@george1421 Got it. I set up the rules using ufw with the ports from that list. I only tested a Full Reg and Inv so far. It hangs on Running Init Scripts for while then skips it, I think that is the script that pulls the serial number from the bios and auto-populates it as the hostname. I confirmed this when I disabled ufw and that step went right through without delay.

@george1421 Is there a document or list of ports/services that FOG requires to be allowed on a firewall?

@wayne-workman Thanks. Sorry about that.

@george1421 If I enable ufw, that means I would also have to define rules to allow other things such as ssh, nfs, and http right?

@george1421 Oh ok perfect! I’d do that on the primary FOG server right?

EDIT didnt see your example. Thanks!

@george1421 These are the commands that I run on my secondary to pull from the primary:

mysqldump --defaults-file=/root/.my.cnf -h fogserver -u fogstorage fog hosts hostMAC moduleStatusByHost --single-transaction > /root/fog_hosts.sql
mysqldump --defaults-file=/root/.my.cnf -h fogserver -u fogstorage fog images --single-transaction > /root/fog_images.sql

@george1421 We dont have Storage Nodes (yet). But I do run a cronjob on my secondary FOG server that pulls mysql db from the primary, basic backup job. Will locking down the mysql port prevent this function?