1

I have a Linux TFTP/PXE server which works.

If I setup failover on 192.168.245.1 which is where TFTP is being served, the client fails with tftp open timeout.

I am testing with

tftp 192.168.245.1
tftp> binary
tftp> get /ltsp/i386/pxelinux.0

The failover I use is ucarp with creates a virtual IP address that it broadcasts.

When 192.168.245.1 is a real IP, it works, when 192.168.245.1 is a virtual IP then the clients can't access it.

Question

Is there something special that have to be done when using ucarp and TFTP?

Update

The the post have been updated as the original post had a DHCP server as suspect for the problem.

This is my ucarp part from /etc/network/interfaces. Ubuntu server

auto eth1
iface eth1 inet static
    address 192.168.245.1
    netmask 255.255.255.0
    gateway 192.168.245.1
    broadcast 192.168.245.255
    ucarp-vid 3
    ucarp-vip 192.168.245.5
    ucarp-password secret
    ucarp-advskew 10
    ucarp-advbase 1
    ucarp-master yes

iface eth1:ucarp inet static
    address 192.168.245.5
    netmask 255.255.255.255
Sandra
  • 10,303
  • 38
  • 112
  • 165
  • 3
    I'm pretty sure that this is independent of DHCP. Have you tried using a TFTP client against the virtual IP? – pauska Oct 19 '11 at 12:11
  • Great idea. You are right the DHCP server can be taken out of the equation. I'll update the post accordingly. – Sandra Oct 19 '11 at 13:24
  • 1
    First of all: You have 245.1 set as both the IP and the gateway.. that doesn't make any sense :-) Secondly, you say that "when 192.168.245.1 is a virtual IP".. does that mean that you want .1 to be the virtual IP, or do you want .5 to be the virtual IP? Does TFTP against .5 work with the configuration you posted? – pauska Oct 19 '11 at 13:58
  • That's good point about the gateway =) Ideally would I like the gateway and TFTP to be the same address with failover. No this posted config sadly doesn't work with 245.5 from a tftp client. 245.1 works thought from the same tftp client. – Sandra Oct 19 '11 at 14:49
  • I understand - you want the ucarp to be the default gateway for your clients, but the ucarp boxes still need a different default gateway to get further. – pauska Oct 20 '11 at 11:34

1 Answers1

1

Found the problem.

For some unknown reason this firewall rule prevents ucarp from working.

# Generated by iptables-save v1.4.10 on Thu Oct  6 17:16:01 2011
*filter
:INPUT ACCEPT [22517:2222881]
:FORWARD ACCEPT [2:176]
:OUTPUT ACCEPT [16961:69145734]
COMMIT
# Completed on Thu Oct  6 17:16:01 2011
# Generated by iptables-save v1.4.10 on Thu Oct  6 17:16:01 2011
*nat
:PREROUTING ACCEPT [29:3325]
:INPUT ACCEPT [18:2668]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.245.0/24 -j MASQUERADE 
COMMIT
# Completed on Thu Oct  6 17:16:01 2011
Sandra
  • 10,303
  • 38
  • 112
  • 165