Hi Yannick,
it seems you're right: yet another test, with the '-l' removed again,
and:
(I)nstall, (U)pgrade or (S)hell?
I'm still not sure what went wrong in the first place, but at least it
works now.
Thanks.
Bill
On Wed, 2008-02-06 at 08:05 -0500, Yannick Gravel wrote:
> Hi Bill,
>
> Except for the first one, I have been doing just that with my net4501,
> net4801, net5501.
>
> Do you run "CURRENT" or some 3.8-4.2 on you net4521? The "-l" option
> for tftpd is new to 4.3, so if you are not running CURRENT that may be
> the reason for the "rapid re-execution".
>
> Cheers
>
> Y.
>
> Bill Maas wrote:
> > Hi,
> >
> > I've been running dhcpd/tftpd on OpenBSD 3.8-4.2 on a PC without
> > problems, for booting my Soekris boxens. However, when I run [almost]
> > the exact same config on a net4521, and try booting another Soekris box
> > off that one, TFTP times out. On the boot server, 'inetd -d' shows a
> > rapid re-execution of tcpd (or of tftpd without using TCP wrappers) when
> > the client tries to fetch the pxeboot image. The same happens by the way
> > when I try to fetch files manually using 'tftp' from Linux or OpenBSD,
> > but those implementations seem to have a reputation for stupidity and
> > brokenness.
> >
> > The really weird thing is that the same config works on a PC as boot
> > server, but not on a Soekris box. Anyone seen this before?
> >
> > Files:
> >
> > /etc/dhcpd.conf:
> > -----------------------------------------------------------------------
> > # $OpenBSD: dhcpd.conf,v 1.1 1998/08/19 04:25:45 form Exp $
> > #
> > # DHCP server options.
> > # See dhcpd.conf(5) and dhcpd(8) for more information.
> > #
> >
> > # Network: 192.168.1.0/255.255.255.0
> > # Domain name: my.domain
> > # Name servers: 192.168.1.3 and 192.168.1.5
> > # Default router: 192.168.1.1
> > # Addresses: 192.168.1.32 - 192.168.1.127
> > #
> > #shared-network LOCAL-NET {
> > # option domain-name "my.domain";
> > # option domain-name-servers 192.168.1.3, 192.168.1.5;
> > #
> > # subnet 192.168.1.0 netmask 255.255.255.0 {
> > # option routers 192.168.1.1;
> > #
> > # range 192.168.1.32 192.168.1.127;
> > # }
> > #}
> >
> > # Subnetwork declaration
> > subnet 192.168.1.0 netmask 255.255.255.0 {
> > option domain-name "localdomain";
> > option subnet-mask 255.255.255.0;
> > option broadcast-address 192.168.1.255;
> > option domain-name-servers 194.109.6.66, 194.109.104.104;
> > option routers 192.168.1.1;
> > }
> >
> > # Fixed addresses for local hosts
> > # (this is for PXE-booting the boor server itself)
> > group {
> > next-server 192.168.1.2;
> > host net4521 {
> > hardware ethernet 00:00:24:XX:XX:XX;
> > fixed-address 192.168.1.11;
> > filename "pxeboot";
> > }
> > }
> >
> > # (this is for "my" clients)
> > group {
> > next-server 192.168.1.11;
> > host net4801 {
> > hardware ethernet 00:00:24:YY:YY:YY;
> > fixed-address 192.168.1.8;
> > filename "pxeboot";
> > }
> > host net5501 {
> > hardware ethernet 00:00:24:ZZ:ZZ:ZZ;
> > fixed-address 192.168.1.9;
> > filename "pxeboot";
> > }
> > }
> > -----------------------------------------------------------------------
> >
> > /etc/inetd.conf
> > -----------------------------------------------------------------------
> > [...]
> > tftp dgram udp wait
> > root /usr/libexec/tcpd /usr/libexec/tftpd -l -s /tftpboot
> > [...]
> > -----------------------------------------------------------------------
> >
> > /etc/hosts.allow
> > -----------------------------------------------------------------------
> > # /etc/hosts.allow - see hosts_options(5)
> > sshd: ALL : allow
> > sendmail: LOCAL 192.168.1. .internal : allow
> > tftpd: LOCAL 192.168.1. .internal : allow
> > ftpd: LOCAL 192.168.1. .internal : allow
> > ALL: ALL : deny
> > -----------------------------------------------------------------------
> >
> > /etc/hostname.sis0
> > -----------------------------------------------------------------------
> > inet 192.168.1.11 255.255.255.0 NONE
> > -----------------------------------------------------------------------
> >
> > /etc/hostname.sis0
> > -----------------------------------------------------------------------
> > inet 10.0.1.11 255.0.0.0 NONE
> > -----------------------------------------------------------------------
> >
> > (tried booting with and without hostname.sis1 configured - didn't make a
> > difference).
> >
> > # pfctl -s rules
> > -----------------------------------------------------------------------
> > scrub in all fragment reassemble
> > block return all
> > block return in quick inet6 all
> > pass out all flags S/SA keep state
> > pass in quick on lo all flags S/SA keep state
> > block drop in on ! lo inet from 127.0.0.0/8 to any
> > block drop in on ! lo inet6 from ::1 to any
> > block drop in inet from 127.0.0.1 to any
> > block drop in on ! sis0 inet from 192.168.1.0/24 to any
> > block drop in inet from 192.168.1.111 to any
> > block drop in inet6 from ::1 to any
> > block drop in on lo0 inet6 from fe80::1 to any
> > block drop in on sis0 inet6 from fe80::200:24ff:fec1:ef50 to any
> > pass in quick on sis1 all flags S/SA keep state
> > pass in inet proto icmp from <lan1> to any icmp-type echoreq code 0 keep
> > state
> > pass in log proto tcp from <lan1> port = bootps to (sis0) port = bootpc
> > flags S/SA keep state
> > pass in log proto tcp from <lan1> to (sis0) port = ftp flags S/SA keep
> > state
> > pass in log proto tcp from <lan1> to (sis0) port > 49151 flags S/SA keep
> > state
> > pass in log proto udp from <lan1> port = bootps to (sis0) port = bootpc
> > keep state
> > pass in log proto udp from <lan1> to (sis0) port = tftp keep state
> > pass in on sis0 proto tcp from any to (sis0) port = ssh flags S/SA keep
> > state
> > pass in log on sis0 proto tcp from any to (sis0) port = smtp flags S/SA
> > keep state
> > pass out log on sis0 proto tcp from (sis0) to any port = smtp flags S/SA
> > keep state
> > -----------------------------------------------------------------------
> >
> > Do I need to allow any extra ICMP messages? And why does it work like
> > this on the PC and not on the Soekris box? The only difference I can see
> > is with the NICs: Realtek 8139 (PC) vs. NS DP83815 (Soekris boxen).
> >
> > Bill
> >
> >
>
>
--
"What's a computer?" - MES
_______________________________________________
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech
