Am 29.09.2016 um 14:05 schrieb Stuart Henderson: > On 2016-09-28, Peer Janssen <p...@pjk.de> wrote: >> # tftpd -d /tftpboot >> >> tftpd: 192.168.0.81: read request for 'pxeboot' >> tftpd: 192.168.0.81: read request for 'pxeboot' >> tftpd: 192.168.0.81: read request for 'pxeboot' >> tftpd: 192.168.0.81: read request for 'pxeboot' >> tftpd: 192.168.0.81: read request for 'pxeboot' >> tftpd: 192.168.0.81: Operation timed out >> tftpd: 192.168.0.81: Operation timed out >> tftpd: 192.168.0.81: read request for 'pxeboot' >> tftpd: 192.168.0.81: Operation timed out >> tftpd: 192.168.0.81: Operation timed out >> tftpd: 192.168.0.81: Operation timed out >> tftpd: 192.168.0.81: Operation timed out >> tftpd: 192.168.0.81: read request for 'pxeboot' >> tftpd: 192.168.0.81: Operation timed out >> tftpd: 192.168.0.81: read request for 'pxeboot' >> tftpd: 192.168.0.81: Operation timed out >> tftpd: 192.168.0.81: read request for 'pxeboot' >> tftpd: 192.168.0.81: Operation timed out >> tftpd: 192.168.0.81: read request for 'pxeboot' >> tftpd: 192.168.0.81: Operation timed out > Check your firewall rules. The packets where the file is actually > transferred come from a high numbered source port: > > Request $high_port_A -> port 69 > First file packet $high_port_B -> $high_port_A > Ack $high_port_A -> $high_port_B > Second file packet $high_port_B -> $high_port_A > etc. > > I suspect you might not be allowing the return packets. Adding "log" > to any "block" rules that you have and watch "tcpdump -neipflog0" > probably gives you some clues.
Thank you for this hint. Frankly, I find it generally enthusing to realize the power of the tools you OpenBSD ecosystem create. The pflog0 live tcpdump log revealed that no packets at all were dropped, and even turning off pf completely didn't change the behavior. But I realized that there must be something in the dhcpd options and/or something related to arp resolution, which I didn't grok. So I read some more RFCs about pxebooting in relation to dhcp and arp, but finally abandoned this problem for now, because it was taking way too much time for my current local situation. That alix2d13 is now working fine, although I finally installed it via CF-Disk, now that I got that reader. (I'm not working in my home lab, so I didn't have that part handy, what made my try using pxeboot in the first place.) Maybe I'll try pxebooting again later, either just to get to the bottom of it, or using it for installing a row of servers, because I still like the idea of that method. Peer -- Peer Janssen - p...@pjk.de
