Network install fails at TFTP load on client pc

I am trying to isntall ubuntu via the network to a laptop that has no installed os and no optical or disk drive. Attemps at installing via USB drive have also proven unsuccesful due to compatibility issues. The laptop is a Toshiba Portege M205-s810. I have configured dhcp3 using the following dhcpd.conf file.


#
# Cleaned up dhcpd.conf file.
## arbitrary ip addresses ##
# Last edit was at 0652 2008.08.07 to allow booting
#

authoritative;
allow booting;
allow bootp;

default-lease-time 14400;
max-lease-time 86400;
ddns-ttl 14400;

subnet 192.168.10.0 netmask 255.255.255.224 {
range 192.168.10.24 192.168.10.30;
}

ignore client-updates;

#options
option subnet-mask 255.255.255.224;
option broadcast-address 192.168.10.31;

option routers 127.0.0.1;
option domain-name-servers 192.168.10.9, 192.168.10.5;
option domain-name "network.install";

#Declare laptop

#tftpd server info
next-server 192.168.10.xx; #Last octet deleted for security
host tftpclient {
hardware ethernet 00:08:0d:xx:xx:xx; #Last 3 hex numbers deleted for security
fixed-address 192.168.10.xx; #Last octet deleted for security
filename "/var/lib/tftpboot/test/pxelinux.0";
}

## end dhcpd.conf ##
## All ip addresses and mac addresses obscured for security ##

I then launch tftpd and dhcpd using the following commands as root

#>in.tftpd /var/lib/tftpboot/test
#>/etc/init.d/dhcp3-server restart

The services both show that they are active and the laptop recieves DHCP requests on boot and is assigned an ip address. It then attempts to initiate TFTP and times out. The following is the end of dmesg during these attempts.

###end of dmesg###
### All ip addresses and mac addresses obscured for security ###

x:xx:xx SRC=192.168.10.xx DST=192.168.10.xx LEN=78 TOS=0x00 PREC=0x00 TTL=20 ID=2 PROTO=UDP SPT=2070 DPT=69 LEN=58
[101285.992494] Unknown InputIN=eth0 OUT= MAC=00:0b:cd:05:a9:c0:00:08:0d:b5:dc:xx:xx:xx SRC=192.168.10.xx DST=192.168.10.xx LEN=78 TOS=0x00 PREC=0x00 TTL=20 ID=3 PROTO=UDP SPT=2071 DPT=69 LEN=58
[101290.001452] Unknown InputIN=eth0 OUT= MAC=00:0b:cd:05:a9:c0:00:08:0d:b5:dc:xx:xx:xx SRC=192.168.10.xx DST=192.168.10.xx LEN=78 TOS=0x00 PREC=0x00 TTL=20 ID=4 PROTO=UDP SPT=2072 DPT=69 LEN=58
[101295.987430] Unknown InputIN=eth0 OUT= MAC=00:0b:cd:05:a9:c0:00:08:0d:b5:dc:xx:xx:xx SRC=192.168.10.xx DST=192.168.10.xx LEN=78 TOS=0x00 PREC=0x00 TTL=20 ID=5 PROTO=UDP SPT=2073 DPT=69 LEN=58


The following is displayed on the laptop after failure.

PXE-E32: TFTP open timeout
PXE-E32: TFTP open timeout
PXE-E32: TFTP open timeout
PXE-M0F: Exiting Intel Boot Agent.

I downloaded the gutsy netboot package and extracted it into the folder /var/lib/tftpboot/test. iptables has been configured to allow all connections to and from the laptop on the local connection.

Am I missing something? What am I doing wrong? Thanks

- Phil C





--
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Network install fails at TFTP load on client pc

>

> Is this a pre-installer kernel and initrd for Ubuntu to be used for PXE
> booting? Often the two components are in separate files; the initrd may be
> called "root.image" or something like that.

I verified from the official ubuntu website that pxelinux.0 is the file that a boot client needs to be looking for

> > ###end of dmesg###
> > ### All ip addresses and mac addresses obscured for security ###
> >
> > x:xx:xx SRC=192.168.10.xx DST=192.168.10.xx LEN=78 TOS=0x00 PREC=0x00 TTL=20
> > ID=2 PROTO=UDP SPT=2070 DPT=69 LEN=58
> > [101285.992494] Unknown InputIN=eth0 OUT=
> > MAC=00:0b:cd:05:a9:c0:00:08:0d:b5:dc:xx:xx:xx SRC=192.168.10.xx
> > DST=192.168.10.xx LEN=78 TOS=0x00 PREC=0x00 TTL=20 ID=3 PROTO=UDP SPT=2071
> > DPT=69 LEN=58
>
> Well, the server's kernel is still logging TFTP packets, so there must be
> another place in the iptables that needs to be perforated (temporarily).
> Likely the firewall specifically blocks a laundry list of ports (or more
> likely, allows only listed ports) no matter where they come from, plus
> there is probably a chain to whitelist a specific IP address range and
> block all others. Both chains must be passed for the packet to be
> accepted. That's how a lot of firewalls work, but I've never seen what
> Ubuntu gives you.

I tried messing with some of the firewall setting and have run into a new problem. My internet connection exists only on a WLAN right now (thanks to moronic time-warner employees) and my local network is only on LAN. I was able to get only one to communicate properly at a time. Either the laptop connects and communicates only to find that it can not route to the internet to get the rest of the files, or there is no functioning local connection. I read around and have not yet found a way around this. I need to get iptables to recognize seperate function sets for each interface and allow both to run at the same time. To the best of my knowledge iptables is configured the same way regardless of distro as it's a kernel module. Any thoughts on how to do this?

> Can you borrow a USB external DVD drive? That's what we do when the
> optical drive on a machine is unuseable: take the external drive off our
> burner host and use it on the uncooperative machine.

There are severe compatiblity issues with this model of Toshiba Portege. Even the company admits that only a handful of external DVD/CD drives will boot properly under there broken bios. I have already tried using both the external DVD drive that I have handy and a USB key that formatted and configured to be bootable. Neither was recognized by the laptop's bios. I have no desire to get another external drive in an attempt to fix this problem.

What are the odds of a success if I simply pull the drive, hook it up to a host machine via a 44 pin IDE adapter, install from there and pop it back in? I forsee some severe hardware config issues but I'm curiouse if that could work.

Either way I have an express intreset in achieving this network boot as I know I'll use it again somewhere down the line.

- Phil C





--
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Network install fails at TFTP load on client pc

On Tue, 12 Aug 2008, Phil C wrote:

> > Well, the server's kernel is still logging TFTP packets, so there must be
> > another place in the iptables that needs to be perforated (temporarily).
> > --snip--
>
> I tried messing with some of the firewall setting and have run into a new
> problem. My internet connection exists only on a WLAN right now (thanks
> to moronic time-warner employees) and my local network is only on LAN. I
> was able to get only one to communicate properly at a time. Either the
> laptop connects and communicates only to find that it can not route to
> the internet to get the rest of the files, or there is no functioning
> local connection.

I'm not quite sure what the situation is here: if the laptop can do a
network boot from 802.11b WLAN, that's a lot more than mine can do. On the
other hand, if it boots from the server, which I assume also has a WLAN
card, it's likely to assume that whoever gave it a DHCP address (i.e. the
server) is also the default route to the global Internet. If you can do
"netstat -r" on the laptop, you could confirm that. Here's the last row
(of 4) on my machine:

default jacinth.cft.ca. 0.0.0.0 UG 0 0 0 eth1

The second column is the machine serving that route (excluding host
routes). The laptop will send nonlocal packets to this host.

Now the problem is, if the server isn't set up for routing it will drop
your packets on the floor. To cause it to forward them to the real default
route (the cable or DSL modem (via WLAN?)), you need to temporarily turn on
the feature, like this:

echo "1" > /proc/sys/net/ipv4/ip_forward

(There is a small security advantage to turning off forwarding if you
aren't going to actually use it.)

> I need to get iptables to recognize seperate function sets for each
> interface and allow both to run at the same time.

The installer on the laptop probably doesn't have enough flexibility to
bring up two interfaces at once -- there are limits to what the GUI can ask
the user to tell it.

That's a good point: the provided firewall may have "features" for paranoia
relating to forwarded packets. I know the one I wrote has special rules
for forwarding, and the Windows firewall is very strict about outgoing
packets too.

> To the best of my
> knowledge iptables is configured the same way regardless of distro as
> it's a kernel module. Any thoughts on how to do this?

Yes, the modules are the same, but some distros have a nice GUI to
configure the rules, with more or less flexibility. So the chain names and
their order and details will vary from one distro to the next.

> > Can you borrow a USB external DVD drive?
>
> There are severe compatiblity issues with this model of Toshiba
> Portege...

Bummer. That would have been the easiest way.

> What are the odds of a success if I simply pull the drive, hook it up to
> a host machine via a 44 pin IDE adapter, install from there and pop it
> back in? I forsee some severe hardware config issues but I'm curiouse if
> that could work.

What could go wrong?

1. A laptop drive in a desktop machine: the PATA or SATA interfaces should
be plug compatible, but what about the power connector?

2. The drive's major number would be different in the desktop (/dev/sdb1
etc.) versus the laptop (/dev/sda1 etc.) unless you actually unplugged
the desktop drive and substituted the laptop on that connector.
Assuming you weren't so radical, then working on the desktop, you would
have to edit /etc/fstab and /boot/grub/menu.lst (those are the names in
my distro) to refer to the major numbers ("drive letters") as they will
be on the laptop.

3. X-server installation will set it up for the desktop machine's graphic
card/chip and mouse. Once on the laptop you will have to do that over
so as to use properly the laptop's graphics and touchpad.

4. There may be other issues that the installer does differently for a
desktop versus laptop, like power modes and multimedia keys.

5. On my distro, network configuration is keyed to the MAC address. This
will be different on the laptop. You can do a treasure hunt to find
where your distro put the relevant files and edit them to refer to the
network interfaces on the laptop, not the desktop.

Conclusion: your plan is feasible... barely.

OK, the Toshiba BIOS won't boot from foreign devices. How about this: boot
from the net, but once the pre-installer gets control, tell it that the
installation media is not on the network but rather on the local DVD or
flash device. At that point you're using the Linux USB mass storage
driver, which should work, rather than the BIOS' broken one. The
installation docs should say something about how to override the location
of the installation media, though the more common use-case is to boot from
CD/DVD and get the distro from the network.

Good luck!

James F. Carter Voice 310 825 2897 FAX 310 206 6673
UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Email: jimc@math.ucla.edu http://www.math.ucla.edu/~jimc (q.v. for PGP key)
--
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Network install fails at TFTP load on client pc

> > > Well, the server's kernel is still logging TFTP packets, so there must be
> > > another place in the iptables that needs to be perforated (temporarily).
> > > --snip--
> >
> > I tried messing with some of the firewall setting and have run into a new
> > problem. My internet connection exists only on a WLAN right now (thanks
> > to moronic time-warner employees) and my local network is only on LAN. I
> > was able to get only one to communicate properly at a time. Either the
> > laptop connects and communicates only to find that it can not route to
> > the internet to get the rest of the files, or there is no functioning
> > local connection.

> Now the problem is, if the server isn't set up for routing it will drop
> your packets on the floor. To cause it to forward them to the real default
> route (the cable or DSL modem (via WLAN?)), you need to temporarily turn on
> the feature, like this:
>
> echo "1" > /proc/sys/net/ipv4/ip_forward

Aha! That seems like it should do the trick. And no the laptop is not booting from WLAN. The problem was that the local network and the internet are accessed on two separate NICs for the server. Since I have never actually used it to allow another local machine to connect to the internet I had completely neglected to allow for routing/packet forwarding so thanks for bringing this up.

> > I need to get iptables to recognize seperate function sets for each
> > interface and allow both to run at the same time.
>
> The installer on the laptop probably doesn't have enough flexibility to
> bring up two interfaces at once -- there are limits to what the GUI can ask
> the user to tell it.
>
> That's a good point: the provided firewall may have "features" for paranoia
> relating to forwarded packets. I know the one I wrote has special rules
> for forwarding, and the Windows firewall is very strict about outgoing
> packets too.

Maybe a restriction based on mac address?

> > To the best of my
> > knowledge iptables is configured the same way regardless of distro as
> > it's a kernel module. Any thoughts on how to do this?
>
> Yes, the modules are the same, but some distros have a nice GUI to
> configure the rules, with more or less flexibility. So the chain names and
> their order and details will vary from one distro to the next.

GUIs be damned. I do all server and network work from the terminal. What about ipchains? It's compatible with iptables but I've never used it. Any experience there?

> > What are the odds of a success if I simply pull the drive, hook it up to
> > a host machine via a 44 pin IDE adapter, install from there and pop it
> > back in? I forsee some severe hardware config issues but I'm curiouse if
> > that could work.
>
> What could go wrong?
>
> 1. A laptop drive in a desktop machine: the PATA or SATA interfaces should
> be plug compatible, but what about the power connector?
>
>
> Conclusion: your plan is feasible... barely.

Was just a thought. I would by the way be swapping the drive out for the main drive in the host computer. I have a desktop set aside with a variety of connectors and adapters for testing hardware that I could use to run the install. I think, however, that I will not try that just yet.

> OK, the Toshiba BIOS won't boot from foreign devices. How about this: boot
> from the net, but once the pre-installer gets control, tell it that the
> installation media is not on the network but rather on the local DVD or
> flash device. At that point you're using the Linux USB mass storage
> driver, which should work, rather than the BIOS' broken one. The
> installation docs should say something about how to override the location
> of the installation media, though the more common use-case is to boot from
> CD/DVD and get the distro from the network.

Excellent idea! I will give that a try before attempting the install completely over the net. Thanks for all the help and for being so tolerant in answering my questions and concerns.

- Phil C





--
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Network install fails at TFTP load on client pc

On Tue, 12 Aug 2008, Phil C wrote:

> > That's a good point: the provided firewall may have "features" for paranoia
> > relating to forwarded packets. I know the one I wrote has special rules
> > for forwarding, and the Windows firewall is very strict about outgoing
> > packets too.
>
> Maybe a restriction based on mac address?

Yes, that feature is common -- a lot of SOHO router/switches give you that
option, and I wrote it into the firewall I use. Note: in a targeted
attack, the hacker can make his NIC use an arbitrary MAC address, once he
sniffs enough packets to identify which ones are authorized. Assuming WLAN
encryption is ineffective, which is true for WEP, and WPA for badly written
access point firmware.

> GUIs be damned. I do all server and network work from the terminal. What
> about ipchains? It's compatible with iptables but I've never used it. Any
> experience there?

Good policy. Ipchains is the original version of iptables, for kernel
2.2.x. They're very similar, but iptables has improvements in efficiency
and kernel integration, and a lot more special modules like the FTP and
H.323 helpers.

> > OK, the Toshiba BIOS won't boot from foreign devices. How about this: boot
> > from the net, but once the pre-installer gets control, tell it that the
> > installation media is not on the network but rather on the local DVD or
> > flash device...
>
> Excellent idea! I will give that a try before attempting the install
> completely over the net. Thanks for all the help and for being so
> tolerant in answering my questions and concerns.

You're welcome -- no problem!

James F. Carter Voice 310 825 2897 FAX 310 206 6673
UCLA-Mathnet; 6115 MSA; 520 Portola Plaza; Los Angeles, CA, USA 90095-1555
Email: jimc@math.ucla.edu http://www.math.ucla.edu/~jimc (q.v. for PGP key)
--
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Network install fails at TFTP load on client pc

I now get a message from the syslog that tells me that my tftp server
can not run because the address is already in use.Hopefully this is the
last barrier here. I run in.tftpd as an option in xinetd. The options
are configured the same way as recommended on the Ubuntu support website.

- Phil C
--
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Network install fails at TFTP load on client pc

On Sun, 17 Aug 2008, Philip Cohen wrote:

> I now get a message from the syslog that tells me that my tftp server can not
> run because the address is already in use.Hopefully this is the last barrier
> here. I run in.tftpd as an option in xinetd. The options are configured the
> same way as recommended on the Ubuntu support website.

So xinetd should be listening on port 69. If in.tftpd also tries to listen
on that port you would see your symptom. Is there any chance that the
command line includes the -l option (standalone listener)?

Here's our /etc/xinetd.d/tftp file. Note, we aren't a boot server; we use
this so a Cisco box can deposit a dump of its configuration automatically.
So you would certainly need a different -U option in server_args.

service tftp
{
disable = no
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
# UCLA-Mathnet hacks:
# -s chrootdir
# -u setUID to this user (group = its primary group = maint)
# -U umask (complement of 407 -> mode 260, server can write
# but not read the incoming file)
# -c (absent) = can create new files (we forbid this)
# -p (absent) would allow any file (for which the server has
# permission, there aren't any) to be read. As it is,
# only publicly readable (xx4) files can be read.
server_args = -s /tftpboot -u bugs -U 407
}


James F. Carter Voice 310 825 2897 FAX 310 206 6673
UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Email: jimc@math.ucla.edu http://www.math.ucla.edu/~jimc (q.v. for PGP key)
--
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs