Sean, Definately, you want to turn off the firewall settings, to get this working.
You can have firewall turned on, but you need to know how to allow the services you need, and i'm not an iptables/ipchains guru, so I can't really help you there. As for the pinging, that won't work, because the tcp/ip stack in the etherboot code doesn't handle icmp echo requests/replies. There's just not enough room to implement all that. Jim McQuillan [EMAIL PROTECTED] Sean Lee wrote: > Hi > > I have a problem which I believe is related to RH 7.2 (firewall) > security settings. > > Setup: > o Server: RH 7.2 with the latest LTSP and TFTP server running (RealTek > 8139C) > o Client: Intel 100ProB (of course, no OS, just rom-o-matic-created > bootable floppy) > o DHCP Server: RH 7.2 with (originally) "High Security" Firewall Setup > and two NICs > > So I did everything like the book says, installed LTSP, etc., created a > PXE-bootable floppy. > Now the problem: > 1. Boot the client - everything goes fine, DHCP found (192.168.0.1), IP > address obtained (IP~.12), TFTP (IP~.22) is properly contacted and then > "........" or " / | \ -", depending on my preference :-) > 2. On the LTSP/TFTP server I used tcpdump and found out that: > a) my LTSP/TFTP server gets requests for the right image via DHCP server > (=router) and sends them to the DHCP Server which is supposed to forward > them to the thin client. > =>(incoming from the client) ltsp.internal.com.tftp RRQ 26 (Image > "/lts/vmlinuz.ltsp") <---or something like that. > b) the DHCP server cannot contact the proper port on the client PC > =>Error (from DHCP/router) ICMP: client.internal.com.... udp tftp port > unreachable (tos 0xc0) > > Clues: > 1. I can't ping the client's IP address from any of DHCP Linux or > Windows clients on the same subnet, but I can ping both LTSP/TFTP Server > and the DHCP server. Why? > I am also sure that the boot disk is correct because I tried to another > (commercial) disk with same result and also it can boot and request the > image from the LTSP server. > Why the client can't be pinged? Since it can contact other computers, > one would expect its IP should be online/pingable. > 2. RH 7.2 DHCP server had High Security in Firewall Settings, now it > still has two NICs (eth0 and eth1), maybe TFTP packets get blocked due > to some setting(s) there. I don't understand why TFTP requests go one > way (to the LTSP server) but can't be sent back. If it's a firewall > problem (or a route problem), shouldn't it be both ways (both incoming > and outgoing TFTP port would be blocked)? > 3. Intel Express 460T switch - maybe there's some special config that > prevents the packets from going thru? > > I think I should first make sure I can ping the client (the fact that I > can't is weird) or maybe just try to make a direct cross-over LAN cable > connection between the LTSP server and the client? > Originally I had everything on the server (LSTP, DHCP, TFTP) but since > that didn't work (same problems), I moved DHCP to gateway which didn't > help. > > Sorry about the length of this message, I hope most of you prefer this > than "HELP!!! It doesn't work"... > > Thanks for any suggestions.. > Sean > > > > _____________________________________________________________________ > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > For additional LTSP help, try #ltsp channel on irc.openprojects.net _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.openprojects.net
