LTSP - Pfsense - (clients LTSP UP but not connect Internet)



  • Hello All!

    At our scenario we have a Pfsense! I am trying to do a LTSP server (Linux terminal server project) with 2 Nics.
    First Nic have a Static IP (10.1.1.9/24) came from Pfsense and Second Nic configured as LTSP server: 192.168.67.1 following LTSP official wiki:

    http://wiki.ltsp.org/wiki/Installation/Ubuntu

    I did try with 3 flavors - Linux Mint 19.1, Debian 9.4 and Ubuntu 18.04 all 64 bits. The 3 flavors UP LTSP clients but NOT connect/Navigate on Internet. I ask for help in Ltsp-discuss if not connection came from wrong configuration DNS inside ltsp server Second NIC, because the client side does not out to internet or something at PFsense side? I do not know what to do to fix it

    Please, someone can help me please?

    Thanks to all and attention


  • Netgate Administrator

    Can the server itself access the internet? It can resolve DNS and ping internal and external hosts?

    Can the clients ping the server? (I would assume they always can but....)

    Can they ping 10.1.1.9?

    Can they ping the upstream pfSense interface in the 10.1.1.X subnet?

    If yes to all that can they ping some ip on the internet directly like 8.8.8.8?

    Steve



  • Hello Steve:

    About yours Questions:

    Can the server itself access the internet? It can resolve DNS and ping internal and external hosts?
    Yes, it can access normally. Yes, resolve DNS and ping internal and external hosts

    Can the clients ping the server? (I would assume they always can but....)
    I will to test again, but I think yes can ping 10.1.1.9

    Can they ping the upstream pfSense interface in the 10.1.1.X subnet?
    Not!

    If yes to all that can they ping some ip on the internet directly like 8.8.8.8?
    Not, the client no ping IP on the internet!

    I hope that you can give me a Light, because I am lost!

    Thanks your help and attention!

    Douglas


  • Netgate Administrator

    Sorry I missed your reply there.

    Ok, if they cannot ping even the pfSense WAN side interface that suggests the clients have a bad default route or bad subnet mask. They can only reach things inside their own subnet.

    Try pulling the route and IP info from one of the clients and check it using ifconfig or ip addr and netstat -rn

    Steve



  • Hello Steve!

    Now I did let only one NIC. I am writing from ltsp server machine.
    So the ltsp client is on the same network: The file /etc/ltsp/dhcpd.conf:

    authoritative;

    subnet 10.1.1.16 netmask 255.255.255.0 {
    range 10.1.1.17 10.1.1.250;
    option domain-name "example.com";
    option domain-name-servers 8.8.8.8;
    option broadcast-address 10.1.1.255;
    option routers 10.1.1.1;
    next-server 10.1.1.1;

    get-lease-hostnames true;

    option subnet-mask 255.255.255.0;
    option root-path "/opt/ltsp/images";
    if substring( option vendor-class-identifier, 0, 9 ) = "PXEClient" {
        filename "/ltsp/images/pxelinux.0";
    } else {
        filename "/ltsp/images/amd64.img";
    }
    

    }

    The client side up but, still no connection internet

    ......

    Thank you


  • Netgate Administrator

    Sorry for the late reply.

    Are the clients actually getting those details?

    If the server is able to reach the internet the clients should too since they are in the same subnet.
    I can only imagine that the actual clients are not getting all those settings.

    The only part that looks suspect is that the subnet line should probably read:
    subnet 10.1.1.0 netmask 255.255.255.0 {

    10.1.1.16 is not the network address for that subnet.

    Steve



  • Sorry!
    And thank you your attention!

    Steve!
    I did new installation Following these steps:
    http://wiki.ltsp.org/wiki/Installation/Ubuntu#a.29_Installing_LTSP_in_.22chrootless.22_.28previously_pnp.29_mode

    now only ONE NIC (the same subnet from my pfsense)

    After, to config dnsmasq, run commad:
    ltsp-config dnsmasq --enable-dns

    About you told me:
    The only part that looks suspect is that the subnet line should probably read:
    subnet 10.1.1.0 netmask 255.255.255.0 {)
    10.1.1.16 is not the network address for that subnet.

    so, now its in the same subnet 10.0.0.0

    The ltsp client UP ok BUT, still not connect/navigate internet:

    here the file:

    /etc/ltsp$ cat dhcpd.conf

    Default LTSP dhcpd.conf config file.

    authoritative;

    subnet 10.1.1.0 netmask 255.255.255.0 {
    range 10.1.1.20 10.1.1.23;
    option domain-name "example.com";
    option domain-name-servers 10.1.1.1;
    option broadcast-address 10.1.1.255;
    option routers 10.1.1.1;
    next-server 192.168.67.1;

    get-lease-hostnames true;

    option subnet-mask 255.255.255.0;
    option root-path "/opt/ltsp/images";
    if substring( option vendor-class-identifier, 0, 9 ) = "PXEClient" {
        filename "/ltsp/images/pxelinux.0";
    } else {
        filename "/ltsp/images/amd64.img";
    }
    

    }

    Tests do it:
    ping ltsp server (10.1.1.9) = OK
    ping 8.8.8.8 = NOT

    I think that I need configure DNS but, where?

    In
    /etc/ltsp/dhcpd.conf

    or
    /var/lib/tftpboot/ltsp/amd64/lts.conf

    or maybe I am wrong about this! Sorry!

    Thanks attention and Help

    Douglas


  • Netgate Administrator

    You should be able to ping 8.8.8.8 without DNS.

    Check the routing table on the client run netstat -rn.

    The only other explanation is that the rules you have in pfSense are somehow passing only traffic from the server and not the clients. But the default allow rules on LAN would apply to all traffic from that subnet.

    Steve



  • Hello Steve
    The Pfsense does not have DHCP server
    There are many PC navigate on the same subnet. All with static IP (10.1.1.x)
    So, I have one PC to be LTSP server inside the same subnet.
    The dnsmasq do it a DHCP server for LTSP clients. In this way that I have no ability to fix the communication through Ltsp server/client/PFsense to out internet or have ping answer.

    Thank you

    Douglas

    @stephenw10 said in LTSP - Pfsense - (clients LTSP UP but not connect Internet):

    You should be able to ping 8.8.8.8 without DNS.

    Check the routing table on the client run netstat -rn.

    The only other explanation is that the rules you have in pfSense are somehow passing only traffic from the server and not the clients. But the default allow rules on LAN would apply to all traffic from that subnet.

    Steve


Log in to reply