1

i´ll need your help. I set up an Network with Debian 9.3.0.

The target of this project is that i can boot Clients in the Network B. So i set up an Router with 2 NICs configured them to

Network A:--------------DebianRouter:-------Network B

40.4.200.0/24----------10.5.200.254/24-----10.5.200.0/24

dhcp.conf-->

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).



# The loopback network interface
auto lo
iface lo inet loopback
#test
#Member Network A
auto enp0s25
iface enp0s25 inet static
   address 40.4.200.252
   netmask 255.255.255.0
   gateway 40.4.200.254

#My NEW NETWORK B
auto enp16s0
iface enp16s0 inet static
   address 10.5.200.254
   netmask 255.255.255.0

after that i´ll set up the isc-dhcp-server and cofigured it DHCP also got the 10.5.200.254.

# dhcpd.conf
#
# Sample configuration file for ISC dhcpd

INTERFACES="enp16s0";

ddns-update-style none;

option domain-name "peoplenetde.org";
option domain-name-servers 40.4.200.202, 172.29.1.10;

default-lease-time 86400 ;
max-lease-time 172800;

authoritative;

log-facility local7;

#option 66
option tftp-server-name "40.4.200.218";

#option67
option bootfile-name "smsboot\x64\wdsmgfw.efi";

allow booting;
allow bootp;

subnet 10.5.200.0 netmask 255.255.255.0 {
    option domain-name-servers 40.4.200.202, 179.29.1.10;
    option broadcast-address 10.5.200.255;
    option subnet-mask 255.255.255.0;
    option routers 10.5.200.254;
    range 10.5.200.100 10.5.200.200;


    group {
            next-server 40.4.200.218;
            filename "smsboot\x64\wdsmgfw.efi";


            host ubuntu {
                    hardware ethernet 08:00:07:26:c0:a5;
                    fixed-address 10.5.200.10; }
            }
    }

so i wanted to do it first with the filename before i get on the relay agent.

it didn´t worked, every time "PXE-E32:tftp open timeout" iptables -L said me that everything is allowed.

after a lot of researches and it still wont work, i tried it directly with a relay agent.

But an ping from the client in Network B to the PXE-Server in Network A was succesful.

so i decided to turn over to the relay agent.

i put the server ip in (40.4.200.218)and the interface enp16s0 in the default

conf file, and deleted the filenameoption in the dhcp.conf,

next server option is still in the config.

but now, if i want to make a ping anywhere ,on the Client in Network B, it says network unreachable.

And if i want to boot over Network the error:PXE-E52: proxyDHCP offers were recieved. No DHCP offers were received i dont know what to do..

if you need any confs or whatever just write it and i will post it. hope you can help me

By the way the PXE/tftp is mounted on an SCCM, and also managed by him.

Maybe the Relay Agent takes any DHCP-Server because the client in Network B dont have any IP-address anymore.

what i dont want , i just want that he relays the BOOTP.

EDIT 2: 27.02.2018

# dhcpd.conf
#
# Sample configuration file for ISC dhcpd

INTERFACES="enp16s0";


option domain-name "Debiann.com";
option domain-name-servers 10.5.200.254;

default-lease-time 86400 ;
max-lease-time 172800;

authoritative;

log-facility local7;

#option 66
option tftp-server-name "40.4.200.218";

#option67


allow booting;
allow bootp;

subnet 10.5.200.0 netmask 255.255.255.0 {
       option domain-name-servers 10.5.200.254;
       option broadcast-address 10.5.200.255;
       option subnet-mask 255.255.255.0;
group {
            next-server 40.4.200.218;



            host ubuntu {
                    hardware ethernet 08:00:07:26:c0:a5;
                    fixed-address 10.5.200.10; }
            }
       }

so DHCP in the "SCCM-Network" is disabled, i installed dhcp-relay on my new network, conf :

# Defaults for isc-dhcp-relay initscript
# sourced by /etc/init.d/isc-dhcp-relay
# installed at /etc/default/isc-dhcp-relay by the maintainer scripts

#
# This is a POSIX shell fragment
#

# What servers should the DHCP relay forward requests to?
SERVERS="40.4.200.218"

# On what interfaces should the DHCP relay (dhrelay) serve DHCP requests?
INTERFACES="enp16s0"

# Additional options that are passed to the DHCP relay daemon?
OPTIONS=""

if i star noch the PC press F12 for network boot: it dont get an DHCP so i become :

PXE-E53: No boot filename received

then i go back to dhcp.conf and add the 2 parameter with filename again so my conf is now :

# dhcpd.conf
#
# Sample configuration file for ISC dhcpd

INTERFACES="enp16s0";


option domain-name "Debiann.com";
option domain-name-servers 10.5.200.254;

default-lease-time 86400 ;
max-lease-time 172800;

authoritative;

log-facility local7;

#option 66
option tftp-server-name "40.4.200.218";

#option67
option bootfile-name "smsboot\x64\wdsmgfw.efi";

allow booting;
allow bootp;

subnet 10.5.200.0 netmask 255.255.255.0 {
    option domain-name-servers 10.5.200.254;
    option broadcast-address 10.5.200.255;
    option subnet-mask 255.255.255.0;


group {
            next-server 40.4.200.218;
            filename "smsboot\x64\wdsmgfw.efi";


            host ubuntu {
                    hardware ethernet 08:00:07:26:c0:a5;
                    fixed-address 10.5.200.10; }
            }
    }

now i become again : PXE-E32: TFTP open timeout .

Wire shark says: enter image description here

EDIT 3:

okay thank you so much with your help !

i found a post of an guy who got the same problem (who you helped) :

Trouble with DnsMasq, DHCP proxy, PXE for UEFI clients

i will try to configure it like that but there is one problem ... the guy in our company who nows the filenames is ill ...but basicly i will have one dhcp-boot option i.e. 

dhcp-boot=smsboot\x64\wdsmgfw.efi,MUCSVCM01,40.4.200.218

and the 3 pxe-service options that you just told me ?

because this guy here got it like this :https://forums.fogproject.org/topic/8677/dnsmasq-bios-and-uefi

my final dnsmasq.conf will be then like this, because the other guys got verndorclasses and more dhcp-boot options ? 

    interface=enp16s0
    listen-address=127.0.0.1
    listen-address=10.5.200.254
    local=/debrou.com/
    expand-hosts
domain=debrou.com
dhcp-range=10.5.200.100,10.5.200.200,48h
dhcp-option=option:router,10.5.200.254
dhcp-option=19,1
dhcp-authoritative
dhcp-boot=smsboot\x64\wdsmgfw.efi,MUCSVCM01,40.4.200.218
 # PXEClient:Arch:00000
 pxe-service=X86PC, "Boot BIOS PXE", smsboot\x64\wdsmgfw,

 # PXEClient:Arch:00007
 pxe-service=BC_EFI, "Boot UEFI PXE-BC", smsboot\x64\wdsmgfw.efi

 # PXEClient:Arch:00009
 pxe-service=X86-64_EFI, "Boot UEFI PXE-64", smsboot\x64\wdsmgfw.efi

so i got an other laptop tried it with this one(got uefi) same error (NBP is to big)

checked the bios , its also on legacy turned legacy off tried it again but it didnt even come to the booting process (its an hp 430 G4 ) also other people have this problem so i think its not the config fault.

Nils Schöffel
  • 23
  • 6

1 Answers1

1

if PXE and TFTP is handled by SCCM then you are creating a conflicting new PXE server with your DHCP config.

Define if SCCM is really providing PXE/DHCP services, if that is the case, add the new network to the working DHCP server and enable IP Helper services at the router in order to properly forward DHCP broadcast traffic among networks.

Edit 1:

Providing PXE => TFTP Server + DHCP server with PXE parameters. Then you have to be sure you do not have 2 PXE servers; 1) SCCM 2) your DHCP server on the new network.

If you just want to use the TFTP services from SCCM then you must stop its DHCP services and then add the DHCP server on the new network.

If the DHCP traffic does not need to cross router boundaries (i.e. the DHCP server is located on the new network segment) then you do not have to start the IP helper services.

Edit 2:

  1. If the DHCP server directly serves 10.5.200.0 subnetwork you should avoid IP Helpers
  2. The PXE DHCP configuration is complete with "next-server" and "filename" parameters, just avoid other PXE related DHCP options like 66/67 etc.
  3. You won't get better results just by changing your DHCP Server.
  4. Get a Wireshark traffic capture and see at packet level what the client is really getting from the DHCP server.

EDIT 3:

a PXE enabled DHCP server must parse the PXE architecture declared at boot and accordingly provide the corresponding NBP. i.e. for Dnsmasq

 # PXEClient:Arch:00000 
 pxe-service=X86PC, "Boot BIOS PXE", bios/pxelinux

 # PXEClient:Arch:00007 
 pxe-service=BC_EFI, "Boot UEFI PXE-BC", efi64/syslinux.efi

 # PXEClient:Arch:00009 
 pxe-service=X86-64_EFI, "Boot UEFI PXE-64", efi64/syslinux.efi

In this example we provide bios/pxelinux as NBP for BIOS booting PCs and efi64/syslinux.efi for 64Bit UEFI booting PCs. You must adapt the parameters considering your particular scenario.

Pat
  • 3,519
  • 2
  • 17
  • 17
  • Sccm only provides PXE and tftp Not DHCP .DHCP Server is on the new Network i created and the DHCP makes His Job until i enable IP helper/relay Agent. – Nils Schöffel Feb 26 '18 at 06:51
  • See the edited answer – Pat Feb 26 '18 at 13:33
  • The SCCM dont have and DHCP only PXE and TFTP. – Nils Schöffel Feb 26 '18 at 15:14
  • If the SCCM provides PXE then it must have an associated DHCP service. please carefully read https://en.wikipedia.org/wiki/Preboot_Execution_Environment Having 2 PXE servers targeting the same subnetworks always lead to trouble if you do not integrate them correctly. – Pat Feb 26 '18 at 23:59
  • edited my post :) – Nils Schöffel Feb 27 '18 at 13:21
  • do you think it would be better with dnsmasq ?? – Nils Schöffel Feb 27 '18 at 15:10
  • See Edit 2 in my answer – Pat Feb 28 '18 at 09:54
  • hmm okay , but now i become "pxe-e79 nbp is too big to fit in free base memory" this error :( – Nils Schöffel Mar 01 '18 at 12:41
  • BUT if i look on the SCCM logfile i didnt see that my client speak with the SCCM :( – Nils Schöffel Mar 01 '18 at 14:06
  • You are really lost ;-) The "nbp is too big..." error surely happens because you are PXE booting a `BIOS` PC but you are providing a `UEFI` NBP and that is not possible. You must prevent this error providing a NBP depending on the client Architecture. Also you have to understand that SCCM will not log activity except for the TFTP transfer. I repeat Wireshark is the tool to use to see what's really going on at packet level. – Pat Mar 01 '18 at 17:31
  • edited my post :) – Nils Schöffel Mar 06 '18 at 10:20
  • a picture of the capture is not enough; you must save it as a pcap file and upload it somewhere if you want me to take a look. Basically as I've said before you DO NOT NEED IP helpers if the DHCP server is connected to the booting subnetwork. – Pat Mar 07 '18 at 11:13
  • i could send it you as an email if you want but i cant open an chat only 13 rep.... – Nils Schöffel Mar 07 '18 at 11:55
  • man uploaded it anywhere... – Pat Mar 07 '18 at 12:01
  • okay i will delete the ip-helper reconfigure the dnsmasq with filename and stuff as it was before and make a sniffer. – Nils Schöffel Mar 07 '18 at 12:10
  • https://mega.nz/#!ubQDXDpD!_ot4yWx6s12stSux5FFcUiHfMOhtz5RJ_kYnMvEDwMM – Nils Schöffel Mar 07 '18 at 12:37
  • I saw the capture; the PXE booting PC DHCCPDISCOVERY packet declares Arch=0000 then is a `BIOS` booting PC but your DHCP server provides `Bootfile name: smsboot\x64\wdsmgfw.efi` which is an UEFI NBP. I already told you; you must configure your DHCP providing the correct NBP depending on the detected booting Architecture, please read my last edit – Pat Mar 07 '18 at 13:30
  • i edited my post – Nils Schöffel Mar 07 '18 at 14:43
  • Please get the DHCP server manual and read about the options I gave you. if you do not know the name and location of the different NBPs you won't be able to boot anything. You have to provide the options I gave you (please consider the UEFI 32 option is missing because no many people really use it today). If you get the "too large error" you are booting BIOS and trying to load an UEFI NBP. That's it. – Pat Mar 07 '18 at 19:28