1

I'm trying to boot CoreOS on hp dl360 bare metal server. I've configured my PXE server similar to this link.

Besides, My DHCP server is running on Cisco switch and I set next-server option to my PXE server, but I get "PXE-E32 open timeout" error on boot.

Here are my network tests for TFTP server :

Nmap from remote server in local network : 

nmap x.x.x.x -sU -p 69

Starting Nmap 6.40 ( http://nmap.org ) at 2017-01-29 20:45 IRST
Nmap scan report for x.x.x.x
Host is up (0.00013s latency).
PORT   STATE         SERVICE
69/udp open|filtered tftp
MAC Address: m.m.m.m (Hewlett Packard)

Nmap done: 1 IP address (1 host up) scanned in 0.72 seconds

and netstat on PXE server: 

netstat -an | fgrep -w 69
udp        0      0 0.0.0.0:69              0.0.0.0:*                          
udp        0      0 0.0.0.0:69              0.0.0.0:*                          
udp        0      0 127.0.0.1:69            0.0.0.0:*                          
udp        0      0 10.0.0.104:69           0.0.0.0:*

I'd appreciate for any kind of help.

473183469
  • 1,360
  • 1
  • 12
  • 23
Mohammad Karimi
  • 11
  • 4

1 Answers1

1

TFTP uses port 69 when initiating a transfer but next it switches to a random port where the data is actually transferred. Surely your firewall is not filtering port 69 but it might be filtering the segment of random ports used by your TFTP server. Disable your firewall and give it a try, if it works then just open in your Firewall the segment of ports randomly used by your TFTP server.

Pat
  • 3,519
  • 2
  • 17
  • 17
  • the servers are in the same IP range and the range is in trusted zone of PXE server firewall. So I don't assume firewall would be a problem in this case – Mohammad Karimi Jan 30 '17 at 17:34
  • 1
    even if the IPs belong to a trusted zone you do not know if that trusted zone has opened the ports that your TFTP server really need, then, why don't you just test what I've said?? it'll take you 5 minutes... – Pat Jan 30 '17 at 19:59
  • I did it! no change ! – Mohammad Karimi Jan 31 '17 at 14:39
  • mmmhhh you are one of those guys that asks questions but already know everything; Take a wireshark traffic capture from the TFTP server save it as pcap and upload it somewhere! – Pat Jan 31 '17 at 15:33
  • I ran "tcpdump -i ens1f1 port tftp" and no output showed out until timeout from booting server – Mohammad Karimi Jan 31 '17 at 15:58
  • that's wrong because it should've caught at least the first "Read Request" from the client on port 69. – Pat Jan 31 '17 at 19:51
  • i started "tcpdump -i ens1f1" and here's the result : https://r58i.imgup.net/429724521_233e.jpg – Mohammad Karimi Feb 02 '17 at 23:59
  • that log doesn't even show a complete DHCP transaction plus you have a lot of (not good) STP (Spanning tree protocol) traffic from your bridge/switch. Your set-up is a mess, you do not properly report your findings, you do not listen to suggestions. I'm out. – Pat Feb 03 '17 at 09:44
  • 1
    Just here to say @Pat you got a point. I added the tftp service and port number on the allowed services through the firewall and it worked like magic. – Avocado_man Jul 01 '22 at 05:07