Kickstart TFTP Machines Centos over different subnets?

gdizzle · 04-23-2013, 04:22 AM

Hi All,
The situation is I am trying to launch to kickstart a machine from one subnet to another.

The host server kvm01, runs KVM linux vm's, on it. On there is a one vm which runs spacewalk, this server is called centostemplate and kickstarts servers in the Vm Network.

KVM01 acts as a router, which connects 2 subnets 192.168.122.1/24 and 10.10.10.0/24 that can communicate fine.

So we have 2 LAN Subnets:

10.10.10.0/24 = Physical Machines
192.168.122.0/24 = Virtual Machines.

Sorry for the crap ascii art:

Host 192.168.122.30 (centostemplate) ------------ 192.168.122.1 -| KVM01 | - 10.10.10.1 -------------------- (host to build)

Code:

KVM01's dhcpd .conf:


# A slightly different configuration for an internal subnet.

subnet 10.10.10.0 netmask 255.255.255.0 {
range 10.10.10.31 10.10.10.254;
option domain-name-servers 10.10.10.1;
option domain-name "rap.local";
option routers 10.10.10.1;
option ntp-servers 10.10.10.1;
next-server 192.168.122.30;  #Points to the spacewalk server
filename    "/pxelinux.0";
default-lease-time 86400;
max-lease-time 86400;
}

As you can see packets are being forwarded to centostemplate: 192.168.122.30

Code:

[root@kvm01 ~]# tcpdump -i eth0 port 69 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:01:55.089539 IP 10.10.10.34.ah-esp-encap > 192.168.122.30.tftp:  28 RRQ "/pxelinux.0" octet tsize 0
19:01:57.121717 IP 10.10.10.34.acp-port > 192.168.122.30.tftp:  28 RRQ "/pxelinux.0" octet tsize 0
19:02:01.131196 IP 10.10.10.34.msync > 192.168.122.30.tftp:  28 RRQ "/pxelinux.0" octet tsize 0
19:02:07.117953 IP 10.10.10.34.gxs-data-port > 192.168.122.30.tftp:  28 RRQ "/pxelinux.0" octet tsize 0
19:02:15.081991 IP 10.10.10.34.vrtl-vmf-sa > 192.168.122.30.tftp:  28 RRQ "/pxelinux.0" octet tsize 0
19:02:25.024239 IP 10.10.10.34.newlixengine > 192.168.122.30.tftp:  33 RRQ "/pxelinux.0" octet blksize 1456
19:03:01.053704 IP 10.10.10.34.newlixconfig > 192.168.122.30.tftp:  33 RRQ "/pxelinux.0" octet blksize 1456
19:04:13.059581 IP 10.10.10.34.tsrmagt > 192.168.122.30.tftp:  33 RRQ "/pxelinux.0" octet blksize 1456
19:06:01.040937 IP 10.10.10.34.tpcsrvr > 192.168.122.30.tftp:  33 RRQ "/pxelinux.0" octet blksize 1456
19:08:24.997766 IP 10.10.10.34.idware-router > 192.168.122.30.tftp:  33 RRQ "/pxelinux.0" octet blksize 1456

On Centostemplate:

Code:

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1

sysctl -p

iptables -I POSTROUTING 1 -t nat -o eth0 -j MASQUERADE 

The INPUT TABLES is on ACCEPT and rules for tftp and dhcp are open:

iptables -I INPUT -p udp --dport 67:68 -j ACCEPT
iptables -I INPUT -p udp --dport 69 -j ACCEPT

It's not receiving the packets from KVM01....

By the time it fully times out on the laptop.

[root@centostemplate ~]# tcpdump -i eth0 port 69 : I have only seen packets here once so it feels like a timeout issue.. mostly centostemplate is not getting the packets.

Weird part is it can communicate and ping with the 10.10.10.0/24 network no issue..

Please note this is all working fine within the Virtual Network where the spacewalk box is (192.168.122.0/24) It's when we cross subnets, to the 10.10.10.0/24 subnet we have an issue.

FYI this is trying to build a Laptop (physical), the laptop get's this error:

PXE32: TFTP open timeout: which leads to this:

PXE32: TIMEOUT

CAUSE

The "PXE-E32" error indicates that the PXE did not get a reply from the TFTP server when sending a request to download its boot file. Possible causes for this problem are:

1. There is no TFTP server
2. The TFTP server is not running
3. TFTP and DHCP/BOOTP services are running on different machines , but the next-server (066) option was not specified

The NIC: Realtek pcie gbe family controller series v2.38 network card, have googled and cannot see anything really problemtic with it tftp wise.

As you can see I have the next-server option in the /etc/dhcp/dhcp.conf above pointing to the right host.

TFTPD is running:

Code:

nmap -sU 192.168.122.30 -p 69

PORT   STATE         SERVICE
69/udp open|filtered tftp

This is a xinetd "tftp" service on centostemplate.

If this all becomes to hard I will kickstart it from a dvd/cd , however it's got me wondering.... why it's timing out, on a local lan, and what's up with the setup?

Thanks!

jefro · 04-24-2013, 07:47 PM

Then try tftp from command line to test tftp.

gdizzle · 04-24-2013, 11:22 PM

Thanks for your reply jefro

Ok found an issue with the packets not forwarding from the 10.10.10.0/24 network were not able to reach 192.168.122.0/24 fixed that up so they could communicate fine.

Added on the centostemplate and kvm01:

Code:

vim /etc/sysconfig/iptables-config:
IPTABLES_MODULES="ip_conntrack_tftp"

Code:

service iptables restart

Spacewalk uses xinetd to serve tftp:

Code:

cat /etc/xinetd.d/tftp

service tftp
{
	disable	= no
	socket_type		= dgram
	protocol		= udp
	wait			= yes
	user			= root
	server			= /usr/sbin/in.tftpd
	server_args		= -s /var/lib/tftpboot
	per_source		= 11
	cps			= 100 2
	flags			= IPv4
}

Code:

netstat -tunap | grep -i 69

udp        0      0 0.0.0.0:69                  0.0.0.0:*                               20867/xinetd

Code:

[root@centostemplate tftpboot]# ll
total 304
drwxrwxrwx 2 root root   4096 Mar 16 21:45 etc
drwxrwxrwx 2 root root   4096 Mar 20 19:57 grub
drwxrwxrwx 3 root root   4096 Mar 20 19:57 images
-rwxrwxrwx 2 root root  25244 Feb 22 11:39 memdisk
-rwxrwxrwx 2 root root  39188 Apr 29  2009 menu.c32
drwxrwxrwx 2 root root   4096 Mar 16 21:45 ppc
-rwxrwxrwx 2 root root  14716 Apr 29  2009 pxelinux.0
drwxrwxrwx 2 root root   4096 Mar 20 19:57 pxelinux.cfg
drwxrwxrwx 2 root root   4096 Mar 20 19:57 s390x
-rwxrwxrwx 2 root root 198192 Apr 29  2009 yaboot

From the tftp client: 10.10.10.30 to 192.168.122.30 tftp client test:

Code:

[root@rheltemp ~]# tftp -v 192.168.122.30
Connected to 192.168.122.30 (192.168.122.30), port 69
tftp> get menu.c32
getting from 192.168.122.30:menu.c32 to menu.c32 [netascii]
Transfer timed out.

No difference:

Code:

tftp> binary
mode set to octet
tftp> get pxelinux.0
getting from 192.168.122.30:pxelinux.0 to pxelinux.0 [octet]
Transfer timed out.

Packets:

Server: Centostemplate: 192.168.122.30

Code:

[root@centostemplate ~]# tcpdump -i eth0  port 69
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
04:10:51.299940 IP 10.10.10.30.32861 > centostemplate.rap.local.tftp:  20 RRQ "menu.c32" netascii

Client:

Code:

[root@rheltemp ~]# tcpdump -i eth0 port 69
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:11:08.437288 IP rheltemp.rap.local.32861 > centostemplate.rap.local.tftp:  20 RRQ "menu.c32" netascii

On the client it rheltemp it transferred a very small part of the file:

-rw-r--r--. 1 root root 511 Apr 25 14:15 menu.c32

Tftp still works fine on the 192.168.122.0/24 subnet, so this is clearly network related...