Hi,
I've been running dhcpd/tftpd on OpenBSD 3.8-4.2 on a PC without
problems, for booting my Soekris boxens. However, when I run [almost]
the exact same config on a net4521, and try booting another Soekris box
off that one, TFTP times out. On the boot server, 'inetd -d' shows a
rapid re-execution of tcpd (or of tftpd without using TCP wrappers) when
the client tries to fetch the pxeboot image. The same happens by the way
when I try to fetch files manually using 'tftp' from Linux or OpenBSD,
but those implementations seem to have a reputation for stupidity and
brokenness.
The really weird thing is that the same config works on a PC as boot
server, but not on a Soekris box. Anyone seen this before?
Files:
/etc/dhcpd.conf:
-----------------------------------------------------------------------
# $OpenBSD: dhcpd.conf,v 1.1 1998/08/19 04:25:45 form Exp $
#
# DHCP server options.
# See dhcpd.conf(5) and dhcpd(8) for more information.
#
# Network: 192.168.1.0/255.255.255.0
# Domain name: my.domain
# Name servers: 192.168.1.3 and 192.168.1.5
# Default router: 192.168.1.1
# Addresses: 192.168.1.32 - 192.168.1.127
#
#shared-network LOCAL-NET {
# option domain-name "my.domain";
# option domain-name-servers 192.168.1.3, 192.168.1.5;
#
# subnet 192.168.1.0 netmask 255.255.255.0 {
# option routers 192.168.1.1;
#
# range 192.168.1.32 192.168.1.127;
# }
#}
# Subnetwork declaration
subnet 192.168.1.0 netmask 255.255.255.0 {
option domain-name "localdomain";
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option domain-name-servers 194.109.6.66, 194.109.104.104;
option routers 192.168.1.1;
}
# Fixed addresses for local hosts
# (this is for PXE-booting the boor server itself)
group {
next-server 192.168.1.2;
host net4521 {
hardware ethernet 00:00:24:XX:XX:XX;
fixed-address 192.168.1.11;
filename "pxeboot";
}
}
# (this is for "my" clients)
group {
next-server 192.168.1.11;
host net4801 {
hardware ethernet 00:00:24:YY:YY:YY;
fixed-address 192.168.1.8;
filename "pxeboot";
}
host net5501 {
hardware ethernet 00:00:24:ZZ:ZZ:ZZ;
fixed-address 192.168.1.9;
filename "pxeboot";
}
}
-----------------------------------------------------------------------
/etc/inetd.conf
-----------------------------------------------------------------------
[...]
tftp dgram udp wait
root /usr/libexec/tcpd /usr/libexec/tftpd -l -s /tftpboot
[...]
-----------------------------------------------------------------------
/etc/hosts.allow
-----------------------------------------------------------------------
# /etc/hosts.allow - see hosts_options(5)
sshd: ALL : allow
sendmail: LOCAL 192.168.1. .internal : allow
tftpd: LOCAL 192.168.1. .internal : allow
ftpd: LOCAL 192.168.1. .internal : allow
ALL: ALL : deny
-----------------------------------------------------------------------
/etc/hostname.sis0
-----------------------------------------------------------------------
inet 192.168.1.11 255.255.255.0 NONE
-----------------------------------------------------------------------
/etc/hostname.sis0
-----------------------------------------------------------------------
inet 10.0.1.11 255.0.0.0 NONE
-----------------------------------------------------------------------
(tried booting with and without hostname.sis1 configured - didn't make a
difference).
# pfctl -s rules
-----------------------------------------------------------------------
scrub in all fragment reassemble
block return all
block return in quick inet6 all
pass out all flags S/SA keep state
pass in quick on lo all flags S/SA keep state
block drop in on ! lo inet from 127.0.0.0/8 to any
block drop in on ! lo inet6 from ::1 to any
block drop in inet from 127.0.0.1 to any
block drop in on ! sis0 inet from 192.168.1.0/24 to any
block drop in inet from 192.168.1.111 to any
block drop in inet6 from ::1 to any
block drop in on lo0 inet6 from fe80::1 to any
block drop in on sis0 inet6 from fe80::200:24ff:fec1:ef50 to any
pass in quick on sis1 all flags S/SA keep state
pass in inet proto icmp from <lan1> to any icmp-type echoreq code 0 keep
state
pass in log proto tcp from <lan1> port = bootps to (sis0) port = bootpc
flags S/SA keep state
pass in log proto tcp from <lan1> to (sis0) port = ftp flags S/SA keep
state
pass in log proto tcp from <lan1> to (sis0) port > 49151 flags S/SA keep
state
pass in log proto udp from <lan1> port = bootps to (sis0) port = bootpc
keep state
pass in log proto udp from <lan1> to (sis0) port = tftp keep state
pass in on sis0 proto tcp from any to (sis0) port = ssh flags S/SA keep
state
pass in log on sis0 proto tcp from any to (sis0) port = smtp flags S/SA
keep state
pass out log on sis0 proto tcp from (sis0) to any port = smtp flags S/SA
keep state
-----------------------------------------------------------------------
Do I need to allow any extra ICMP messages? And why does it work like
this on the PC and not on the Soekris box? The only difference I can see
is with the NICs: Realtek 8139 (PC) vs. NS DP83815 (Soekris boxen).
Bill
--
"What's a computer?" - MES
_______________________________________________
Soekris-tech mailing list
[email protected]
http://lists.soekris.com/mailman/listinfo/soekris-tech
