[K12OSN] LTSP server with 3 NICs? SOME SUCCESS!
Joseph Bishay
joseph.bishay at gmail.com
Thu Dec 25 00:49:58 UTC 2008
Hello everyone,
Thank you for pitching in with your comments. I'll try to go through
them all here.
1) dhcpd-k12ltsp.conf
Terrell, you are correct I forgot to paste it in -- my apologies. I
have pasted it in at the end to not make this message too messy.
2) iptables -L as root
I didn't actively change anything from the stock installation for the
iptables. Something, however, may have changed it inadvertently.
[root at LTSP ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ssh
REJECT all -- anywhere anywhere
reject-with icmp-host-prohibited
3) Patrick - log files & tcpdump.
I unplug the switch, and plug one cable from the switch to the eth2
NIC on the server. I plug back in the switch, and turn on the client
machine. Output as follows:
tail -f /var/log/messages
Dec 24 19:44:46 LTSP kernel: eth2: network connection up using port A
Dec 24 19:44:46 LTSP kernel: speed: 100
Dec 24 19:44:46 LTSP kernel: autonegotiation: yes
Dec 24 19:44:46 LTSP kernel: duplex mode: full
Dec 24 19:44:46 LTSP kernel: flowctrl: symmetric
Dec 24 19:44:46 LTSP kernel: irq moderation: disabled
Dec 24 19:44:46 LTSP kernel: scatter-gather: disabled
Dec 24 19:44:46 LTSP kernel: tx-checksum: disabled
Dec 24 19:44:46 LTSP kernel: rx-checksum: disabled
Dec 24 19:44:46 LTSP kernel: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready
Dec 24 19:45:22 LTSP dhcpd: DHCPDISCOVER from 00:60:b0:57:d2:c8 via eth2
Dec 24 19:45:23 LTSP dhcpd: DHCPOFFER on 192.168.3.253 to
00:60:b0:57:d2:c8 via eth2
Dec 24 19:45:25 LTSP dhcpd: Wrote 0 deleted host decls to leases file.
Dec 24 19:45:25 LTSP dhcpd: Wrote 0 new dynamic host decls to leases file.
Dec 24 19:45:25 LTSP dhcpd: Wrote 3 leases to leases file.
Dec 24 19:45:25 LTSP dhcpd: DHCPREQUEST for 192.168.3.253
(192.168.3.254) from 00:60:b0:57:d2:c8 via eth2
Dec 24 19:45:25 LTSP dhcpd: DHCPACK on 192.168.3.253 to
00:60:b0:57:d2:c8 via eth2
Dec 24 19:46:02 LTSP dhclient: DHCPREQUEST on eth1 to 192.168.1.1 port 67
Dec 24 19:46:02 LTSP dhclient: DHCPACK from 192.168.1.1
Dec 24 19:46:02 LTSP dhclient: bound to 192.168.1.105 -- renewal in
1789 seconds.
(it just stops here)
[root at LTSP ~]# tcpdump -i eth2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes
19:44:46.438965 IP6 :: > ff02::16: HBH ICMP6, multicast listener
report v2, 1 group record(s), length 28
19:44:46.742893 IP6 :: > ff02::1:ff62:116b: ICMP6, neighbor
solicitation, who has fe80::20c:6eff:fe62:116b, length 24
19:44:47.742627 IP6 fe80::20c:6eff:fe62:116b > ff02::2: ICMP6, router
solicitation, length 16
19:44:49.578097 IP6 fe80::20c:6eff:fe62:116b > ff02::16: HBH ICMP6,
multicast listener report v2, 1 group record(s), length 28
19:44:51.741500 IP6 fe80::20c:6eff:fe62:116b > ff02::2: ICMP6, router
solicitation, length 16
19:44:55.741389 IP6 fe80::20c:6eff:fe62:116b > ff02::2: ICMP6, router
solicitation, length 16
19:45:22.385679 IP 0.0.0.0.bootpc > 255.255.255.255.bootps:
BOOTP/DHCP, Request from 00:60:b0:57:d2:c8 (oui Unknown), length: 548
19:45:22.387984 arp who-has ws253.ltsp tell server03.ltsp
19:45:23.001014 IP server03.ltsp.bootps > ws253.ltsp.bootpc:
BOOTP/DHCP, Reply, length: 300
19:45:23.387710 arp who-has ws253.ltsp tell server03.ltsp
19:45:23.387787 arp reply ws253.ltsp is-at 00:60:b0:57:d2:c8 (oui Unknown)
19:45:23.387804 IP server03.ltsp > ws253.ltsp: ICMP echo request, id
12543, seq 0, length 28
19:45:25.027846 IP ws253.ltsp.bootpc > 255.255.255.255.bootps:
BOOTP/DHCP, Request from 00:60:b0:57:d2:c8 (oui Unknown), length: 548
19:45:25.067121 IP server03.ltsp.bootps > ws253.ltsp.bootpc:
BOOTP/DHCP, Reply, length: 300
19:45:25.071939 arp who-has server03.ltsp tell ws253.ltsp
19:45:25.071971 arp reply server03.ltsp is-at 00:0c:6e:62:11:6b (oui Unknown)
19:45:25.072124 IP ws253.ltsp.wizard > server03.ltsp.tftp: 39 RRQ
"/lts/vmlinuz.ltsp" octet blksize 1432
19:45:25.072186 IP server03.ltsp > ws253.ltsp: ICMP host server03.ltsp
unreachable - admin prohibited, length 75
19:45:35.464234 IP ws253.ltsp.globe > server03.ltsp.tftp: 39 RRQ
"/lts/vmlinuz.ltsp" octet blksize 1432
19:45:35.464292 IP server03.ltsp > ws253.ltsp: ICMP host server03.ltsp
unreachable - admin prohibited, length 75
19:45:55.952783 IP ws253.ltsp.2003 > server03.ltsp.tftp: 39 RRQ
"/lts/vmlinuz.ltsp" octet blksize 1432
19:45:55.952847 IP server03.ltsp > ws253.ltsp: ICMP host server03.ltsp
unreachable - admin prohibited, length 75
19:46:35.941071 IP ws253.ltsp.emce > server03.ltsp.tftp: 39 RRQ
"/lts/vmlinuz.ltsp" octet blksize 1432
19:46:35.941197 IP server03.ltsp > ws253.ltsp: ICMP host server03.ltsp
unreachable - admin prohibited, length 75
19:46:40.940159 arp who-has ws253.ltsp tell server03.ltsp
19:46:40.940318 arp reply ws253.ltsp is-at 00:60:b0:57:d2:c8 (oui Unknown)
(it just stops here)
4) etc/hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
## LTS-begin ##
#
# The lines between the 'LTS-begin' and the 'LTS-end' were added
# on: Wed Nov 28 11:19:42 PST 2001 by the ltsp installation script.
# For more information, visit the ltsp homepage
# at http://www.ltsp.org
#
bootpd: 0.0.0.0
in.tftpd: 192.168.
portmap: 192.168.
## LTS-end ##
Finally,
5) Scott - firewall.
This I don't know much about. You say edit to allow the NIC as a
trusted device. Is this different from the iptables rules?
Thank you.
Joseph
# Sample configuration file for ISCD dhcpd
#
# Don't forget to set run_dhcpd=1 in /etc/init.d/dhcpd
# once you adjusted this file and copied it to /etc/dhcpd.conf.
#
# Modified by Joseph Bishay December 22, 2008 for 2 subnets from the LTSP server
#
default-lease-time 21600;
max-lease-time 21600;
ddns-update-style none;
allow booting;
allow bootp;
#option subnet-mask 255.255.255.0;
#option broadcast-address 192.168.2.255;
#option routers 192.168.2.254;
#option domain-name-servers 192.168.2.254;
#next-server 192.168.2.254;
#option domain-name "ltsp";
#option root-path "192.168.2.254:/opt/ltsp/i386";
option option-128 code 128 = string;
option option-129 code 129 = text;
option option-221 code 221 = text;
shared-network WORKSTATIONS-02 {
subnet 192.168.2.0 netmask 255.255.255.0 {
range dynamic-bootp 192.168.2.100 192.168.2.253;
use-host-decl-names on;
option log-servers 192.168.2.254;
####
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.254;
option domain-name-servers 192.168.2.254;
next-server 192.168.2.254;
option domain-name "ltsp";
option root-path "192.168.2.254:/opt/ltsp/i386";
####
# trick from Peter Rundle <peter.rundle at au.interpath.net>
# newer Macs
if substring (option vendor-class-identifier, 0, 9) = "AAPLBSDPC"
{
filename "yaboot";
option vendor-class-identifier "AAPLBSDPC";
}
# really old iMacs
elsif substring (option option-221, 0, 5) = "Apple"
{
filename "yaboot";
option vendor-class-identifier "AAPLBSDPC";
}
# Intel PXE
elsif substring (option vendor-class-identifier, 0, 9) = "PXEClient"
{
# NOTE: kernels are specified in /tftpboot/lts/pxe/pxelinux.cfg/
filename "/lts/pxe/pxelinux.0";
}
# default to an i386 BOOTP image
else
{
filename "/lts/vmlinuz.ltsp";
}
if substring (option vendor-class-identifier, 20, 3) = "ppc" {
option root-path "192.168.2.254:/opt/ltsp/ppc";
} else {
option root-path "192.168.2.254:/opt/ltsp/i386";
}
}
}
# example configurations for specifying specific kernels to specific clients
group {
use-host-decl-names on;
option log-servers 192.168.2.254;
host ws2001 {
hardware ethernet 00:E0:06:E8:00:84;
fixed-address 192.168.2.1;
filename "/lts/vmlinuz.ltsp";
option option-128 e4:45:74:68:00:00;
option option-129 "NIC=3c509";
}
host ws2002 {
hardware ethernet 00:D0:09:30:6A:1C;
fixed-address 192.168.2.2;
filename "/lts/vmlinuz.ltsp";
option option-128 e4:45:74:68:00:00;
option option-129 "NIC=ne";
}
host ws2003 {
hardware ethernet 00:D0:09:30:28:B2;
fixed-address 192.168.2.3;
# kernels are specified in /tftpboot/lts/boot/pxe/pxelinux.cfg/
filename "/lts/boot/pxe/pxelinux.0";
}
# Apple Specific Settings
# host ws2007 {
# hardware ethernet 00:30:65:69:23:60;
# fixed-address 192.168.2.4;
# option root-path "192.168.2.254:/opt/ltsp/ppc";
# filename "yaboot";
# option vendor-class-identifier "AAPLBSDPC";
# }
}
shared-network WORKSTATIONS-03 {
subnet 192.168.3.0 netmask 255.255.255.0 {
range dynamic-bootp 192.168.3.100 192.168.3.253;
use-host-decl-names on;
option log-servers 192.168.3.254;
####
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.3.255;
option routers 192.168.3.254;
option domain-name-servers 192.168.3.254;
next-server 192.168.3.254;
option domain-name "ltsp";
option root-path "192.168.3.254:/opt/ltsp/i386-3";
####
# trick from Peter Rundle <peter.rundle at au.interpath.net>
# newer Macs
if substring (option vendor-class-identifier, 0, 9) = "AAPLBSDPC"
{
filename "yaboot";
option vendor-class-identifier "AAPLBSDPC";
}
# really old iMacs
elsif substring (option option-221, 0, 5) = "Apple"
{
filename "yaboot";
option vendor-class-identifier "AAPLBSDPC";
}
# Intel PXE
elsif substring (option vendor-class-identifier, 0, 9) = "PXEClient"
{
# NOTE: kernels are specified in /tftpboot/lts/pxe/pxelinux.cfg/
filename "/lts/pxe/pxelinux.0";
}
# default to an i386 BOOTP image
else
{
filename "/lts/vmlinuz.ltsp";
}
if substring (option vendor-class-identifier, 20, 3) = "ppc" {
option root-path "192.168.3.254:/opt/ltsp/ppc";
} else {
option root-path "192.168.3.254:/opt/ltsp/i386";
}
}
}
# example configurations for specifying specific kernels to specific clients
group {
use-host-decl-names on;
option log-servers 192.168.3.254;
host ws001 {
hardware ethernet 00:E0:06:E8:00:84;
fixed-address 192.168.3.1;
filename "/lts/vmlinuz.ltsp";
option option-128 e4:45:74:68:00:00;
option option-129 "NIC=3c509";
}
host ws002 {
hardware ethernet 00:D0:09:30:6A:1C;
fixed-address 192.168.3.2;
filename "/lts/vmlinuz.ltsp";
option option-128 e4:45:74:68:00:00;
option option-129 "NIC=ne";
}
host ws003 {
hardware ethernet 00:D0:09:30:28:B2;
fixed-address 192.168.3.3;
# kernels are specified in /tftpboot/lts/boot/pxe/pxelinux.cfg/
filename "/lts/boot/pxe/pxelinux.0";
}
# Apple Specific Settings
# host ws007 {
# hardware ethernet 00:30:65:69:23:60;
# fixed-address 192.168.3.4;
# option root-path "192.168.3.254:/opt/ltsp/ppc";
# filename "yaboot";
# option vendor-class-identifier "AAPLBSDPC";
# }
}
More information about the K12OSN
mailing list