----- Weitergeleitete Nachricht von [email protected] ----- Datum: Thu, 21 Oct 2010 17:04:12 +0200 Von: Krzysztof Paliga <[email protected]> Betreff: Re: [Ltsp-discuss] firewall causes thin client not to boot An: [email protected]
> Hello, > we know this : it is udhcp which causes the problem. > I try to translate: > > The option DHCP 61 (clientid) is empty in the configuration. > You must supress the -c option in: > /usr/share/initramfs-tools/scripts/init-premount/udhcp > > (otherwise our cisco router used to filter the dhcp packets comming > from th thinclient.) It does not do the trick for me... : / Are you sure its the -c Option? For what I see is that the "bootp flags" are set to Unicast and not to Broadcast. But i do not know how to influence that from the command line. > > Yours t.d. > > Krzysztof Paliga <[email protected]> a écrit : > >> Thank you for your help. >> >> Im wondering why the TC needs to renew its Network Configuration. >> Is there no way it could use the Information recieved while PXE Boot? >> >> Now I am facing the problem, that the second DHCP DISCOVER send by the >> TC does not reach our DHCP Server (different form LTSP Server). Our >> Network Team could trace it, so we are sure, that it has been sent, >> but we do not know why it does not reach the DHCP Server. Is there a >> simple way for reusing the information from the first DHCP Offer? >> >> Kind regards, >> chris >> >> Zitat von Richard Doyle <[email protected]>: >> >>> On Thu, 2010-10-14 at 19:02 +0200, Krzysztof Paliga wrote: >>>> Hi, >>>> >>>> Im wondering why with the following firewall rule the thin client >>>> refuses to boot: >>>> >>>> iptables -A OUTPUT -d 192.168.0.0/16 -j ACCEPT >>>> iptables -A OUTPUT -j DROP >>>> iptables -A INPUT -s 192.168.0.0/16 -j ACCEPT >>>> iptables -A INPUT -j DROP >>>> >>>> (linked under /etc/rcS.d/S99iptables) >>>> >>>> Both the ltsp server & the thin client have IP in this subnets. >>> The thin client doesn't have an IP when it starts to boot, and your >>> rules prevents it from obtaining one. >>> >>> Try adding >>> >>> iptables -A INPUT -j LOG >>> >>> before >>> >>> iptables -A INPUT -j DROP >>> >>> and >>> >>> iptables -A OUTPUT -j LOG >>> >>> before >>> >>> iptables -A OUTPUT -j DROP >>> >>> and you'll see that bootp/dhcp requests are blocked. >>> >>> >>>> >>>> When I start the firewall after the thin client has bootet, everything >>>> works fine(inclusive server login). >>>> >>>> Kind regards, >>>> chris >>>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Beautiful is writing same markup. Internet Explorer 9 supports >>> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. >>> Spend less time writing and rewriting code and more time creating great >>> experiences on the web. Be a part of the beta today. >>> http://p.sf.net/sfu/beautyoftheweb >>> _____________________________________________________________________ >>> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: >>> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss >>> For additional LTSP help, try #ltsp channel on irc.freenode.net >>> >>> >> >> >> >> -- >> ________________________________________ >> >> Krzysztof Paliga >> >> Technische Universitaet Berlin >> tubIT - Server und Systeme >> Einsteinufer 17 >> 10587 Berlin >> >> Tel : +49-30-314-21240 >> Mail : [email protected] >> Web : http://www.tubit.tu-berlin.de >> ________________________________________ >> >> >> ------------------------------------------------------------------------------ >> Download new Adobe(R) Flash(R) Builder(TM) 4 >> The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly >> Flex(R) Builder(TM)) enable the development of rich applications that run >> across multiple browsers and platforms. Download your free trials today! >> http://p.sf.net/sfu/adobe-dev2dev >> _____________________________________________________________________ >> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: >> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss >> For additional LTSP help, try #ltsp channel on irc.freenode.net >> > > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. > > > -- ________________________________________ Krzysztof Paliga Technische Universitaet Berlin tubIT - Server und Systeme Einsteinufer 17 10587 Berlin Tel : +49-30-314-21240 Mail : [email protected] Web : http://www.tubit.tu-berlin.de ________________________________________ ----- Ende der weitergeleiteten Nachricht ----- -- ________________________________________ Krzysztof Paliga Technische Universitaet Berlin tubIT - Server und Systeme Einsteinufer 17 10587 Berlin Tel : +49-30-314-21240 Mail : [email protected] Web : http://www.tubit.tu-berlin.de ________________________________________ ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
