From: Jim Carter <jimc@math.ucla.edu>
To: Phil C <hpypenguin@yahoo.com>
Cc: Laptop Mailing List <linux-laptop@vger.kernel.org>
Subject: Re: Network install fails at TFTP load on client pc
Date: Mon, 11 Aug 2008 13:16:45 -0700 (PDT) [thread overview]
Message-ID: <Pine.LNX.4.64.0808111300010.4067@xena.cft.ca.us> (raw)
In-Reply-To: <282223.71623.qm@web59715.mail.ac4.yahoo.com>
On Thu, 7 Aug 2008, Phil C wrote:
> I am trying to isntall ubuntu via the network to a laptop that has no
> installed os and no optical or disk drive.
That's hard!
> # Cleaned up dhcpd.conf file.
> --snip--
> filename "/var/lib/tftpboot/test/pxelinux.0";
Is this a pre-installer kernel and initrd for Ubuntu to be used for PXE
booting? Often the two components are in separate files; the initrd may be
called "root.image" or something like that.
> The services both show that they are active and the laptop recieves DHCP
> requests on boot and is assigned an ip address. It then attempts to initiate
> TFTP and times out. The following is the end of dmesg
dmesg or /var/log/syslog on the server running tftpd and dhcpd, right?
> ###end of dmesg###
> ### All ip addresses and mac addresses obscured for security ###
>
> x:xx:xx SRC=192.168.10.xx DST=192.168.10.xx LEN=78 TOS=0x00 PREC=0x00 TTL=20
> ID=2 PROTO=UDP SPT=2070 DPT=69 LEN=58
> [101285.992494] Unknown InputIN=eth0 OUT=
> MAC=00:0b:cd:05:a9:c0:00:08:0d:b5:dc:xx:xx:xx SRC=192.168.10.xx
> DST=192.168.10.xx LEN=78 TOS=0x00 PREC=0x00 TTL=20 ID=3 PROTO=UDP SPT=2071
> DPT=69 LEN=58
It looks like the firewall on the server is tossing TFTP packets from some
other machine, presumably the laptop. Since TFTP is the most insecure of
protocols, this is very likely behavior for a firewall. Temporarily allow
UDP port 69 to enter the server and the laptop's booter should be a lot
happier. But you'll have to figure out the right way to do this on the
Ubuntu firewall (I'm assuming it's Ubuntu on the server).
> I downloaded the gutsy netboot package and extracted it into the folder
> /var/lib/tftpboot/test. iptables has been configured to allow all
> connections to and from the laptop on the local connection.
Well, the server's kernel is still logging TFTP packets, so there must be
another place in the iptables that needs to be perforated (temporarily).
Likely the firewall specifically blocks a laundry list of ports (or more
likely, allows only listed ports) no matter where they come from, plus
there is probably a chain to whitelist a specific IP address range and
block all others. Both chains must be passed for the packet to be
accepted. That's how a lot of firewalls work, but I've never seen what
Ubuntu gives you.
Can you borrow a USB external DVD drive? That's what we do when the
optical drive on a machine is unuseable: take the external drive off our
burner host and use it on the uncooperative machine.
James F. Carter Voice 310 825 2897 FAX 310 206 6673
UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Email: jimc@math.ucla.edu http://www.math.ucla.edu/~jimc (q.v. for PGP key)
prev parent reply other threads:[~2008-08-11 20:16 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-08 5:30 Network install fails at TFTP load on client pc Phil C
2008-08-11 20:16 ` Jim Carter [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.64.0808111300010.4067@xena.cft.ca.us \
--to=jimc@math.ucla.edu \
--cc=hpypenguin@yahoo.com \
--cc=linux-laptop@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).