"PXE-E11 ARP timeout", "PXE-E38 TFTP cannot open connection" errors on client machine when connecting PXE CentOS Linux

Issues related to configuring your network
Post Reply
akayoshi1
Posts: 11
Joined: 2022/06/23 19:24:48

"PXE-E11 ARP timeout", "PXE-E38 TFTP cannot open connection" errors on client machine when connecting PXE CentOS Linux

Post by akayoshi1 » 2022/06/23 19:32:47

For my setup at work, I am having trouble getting my test client to run PXE Linux from the PXE Linux Server I have setup from this walkthrough at:

https://www.linuxtechi.com/configure-px ... ment-35567

All of the configuration files and setup procedures are on the website listed above.
Everything in the guide works up until I boot up the test client.
Problem Statement:

When I boot up the test client, the DHCP part loads up with the correct IP addresses from the PXE server. But after that, it gives the following errors:

PXE-E11 ARP timeout

PXE-E11 ARP timeout

PXE-E38 TFTP cannot open connection

Based on the walkthrough, posted below are the DHCP, TFTP, and other scripts that are created and/or edited for this walkthrough. I made a few edits to the scripts to match correct IP address practices as well as some edits based on what my co-workers were suggesting, but I am still getting the ARP timeout and TFTP cannot open connection errors.

Is there anything additional I need to set up and/or reconfigure on the PXE Linux Server that was not mentioned in the guide from the link?

-----------------------------------------------------------------------------------------------------------------------

Step:2 Configure DHCP Server for PXE
When we install dhcp package then a sample configuration file of dhcp server is created at “/usr/share/doc/dhcp*/dhcpd.conf.example“, though the configuration file of dhcp is at ‘/etc/dhcp/dhcpd.conf’.


```bash
# DHCP Server Configuration file.
ddns-update-style interim;
ignore client-updates;
authoritative;
allow booting;
allow bootp;
allow unknown-clients;
# internal subnet for my DHCP Server
subnet 192.168.122.0 netmask 255.255.255.0 {
interface enp1s0f0;
range 192.168.122.21 192.168.122.151;
option domain-name-servers 192.168.122.11;
option domain-name "pxe.example.com";
option routers 192.168.122.11;
option broadcast-address 192.168.122.255;
default-lease-time 600;
max-lease-time 7200;
# IP of PXE Server
next-server 192.168.122.11;
filename "pxelinux.0";
}
```

Step:3 Edit and Config tftp server (/etc/xinetd.d/tftp)
TFTP (Trivial File Transfer Protocol ) is used to transfer files from data server to its clients without any kind of authentication. In case of PXE server setup tftp is used for bootstrap loading. To config tftp server, edit its configuration file ‘ /etc/xinetd.d/tftp’, change the parameter ‘disable = yes‘ to ‘disable = no’ and leave the other parameters as it is.

```bash
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
```

All the network boot related files are to be placed in tftp root directory “/var/lib/tftpboot”
Run the following commands to copy required network boot files in ‘/var/lib/tftpboot/’

```bash
[root@pxe ~]# cp -v /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot
[root@pxe ~]# cp -v /usr/share/syslinux/menu.c32 /var/lib/tftpboot
[root@pxe ~]# cp -v /usr/share/syslinux/memdisk /var/lib/tftpboot
[root@pxe ~]# cp -v /usr/share/syslinux/mboot.c32 /var/lib/tftpboot
[root@pxe ~]# cp -v /usr/share/syslinux/chain.c32 /var/lib/tftpboot
[root@pxe ~]#
[root@pxe ~]# mkdir /var/lib/tftpboot/pxelinux.cfg
[root@pxe ~]# mkdir /var/lib/tftpboot/networkboot
root@pxe ~]#
````

All the network boot related files are to be placed in tftp root directory “/var/lib/tftpboot”
Run the following commands to copy required network boot files in ‘/var/lib/tftpboot/’

```bash
[root@pxe ~]# cp -v /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot
[root@pxe ~]# cp -v /usr/share/syslinux/menu.c32 /var/lib/tftpboot
[root@pxe ~]# cp -v /usr/share/syslinux/memdisk /var/lib/tftpboot
[root@pxe ~]# cp -v /usr/share/syslinux/mboot.c32 /var/lib/tftpboot
[root@pxe ~]# cp -v /usr/share/syslinux/chain.c32 /var/lib/tftpboot
[root@pxe ~]#
[root@pxe ~]# mkdir /var/lib/tftpboot/pxelinux.cfg
[root@pxe ~]# mkdir /var/lib/tftpboot/networkboot
root@pxe ~]#
```

Step:4 Mount CentOS 7.x ISO file and copy its contents to local ftp server
In my case i have already downloaded CentOS 7.x iso file on my PXE Server. Run the beneath commands to mount iso file and then copy its contents in ftp server’s directory ‘/var/ftp/pub’

```bash
[root@pxe ~]# mount -o loop CentOS-7-x86_64-DVD-1511.iso /mnt/
mount: /dev/loop0 is write-protected, mounting read-only
[root@pxe ~]# cd /mnt/
[root@pxe mnt]# cp -av * /var/ftp/pub/
```

Copy Kernel file (vmlimz) and initrd file from mounted iso file to ‘/var/lib/tftpboot/networkboot/’

```bash
[root@pxe ~]# cp /mnt/images/pxeboot/vmlinuz /var/lib/tftpboot/networkboot/
[root@pxe ~]# cp /mnt/images/pxeboot/initrd.img /var/lib/tftpboot/networkboot/
[root@pxe ~]#
```

Now you can unmount the iso file using ‘umount’ command

```bash
[root@pxe ~]# umount /mnt/
[root@pxe ~]#
```


Step:5 Create kickStart & PXE menu file.
Before creating kickstart file, let’s first create the root password in an encrypted string because we will using that encrypted password string in kickstart file.

```bash
[root@pxe ~]# openssl passwd -1 Pxe@123#
$1$qaVbq0G6$xVbkQCxL7TT9UgsroBgdF.
[root@pxe ~]#
```

System default kickstart file is placed under /root with name ‘anaconda-ks.cfg’. We will be creating a new kickstart under the folder /var/ftp/pub with the name ‘centos7.cfg’

Copy the following content into the new kickstart file. Please modify the kickstart file as per your needs.

```bash
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use FTP installation
url --url="ftp://192.168.122.11/pub"
rootpw --iscrypted $1$qaVbq0G6$xVbkQCxL7TT9UgsroBgdF.
# System authorization information
auth useshadow passalgo=sha512
# Use graphical install
graphical
firstboot disable
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux disabled
# Installation logging level
logging level=info
# System timezone
timezone Europe/Amsterdam
# System bootloader configuration
bootloader location=mbr
clearpart --all --initlabel
part swap --asprimary --fstype="swap" --size=1024
part /boot --fstype xfs --size=300
part pv.01 --size=1 --grow
volgroup root_vg01 pv.01
logvol / --fstype xfs --name=lv_01 --vgname=root_vg01 --size=1 --grow
%packages
@^minimal
@core
%end
%addon com_redhat_kdump --disable --reserve-mb='auto'
%end
```

Create a PXE menu file (/var/lib/tftpboot/pxelinux.cfg/default), copy the following contents into the pxe menu file.

```bash
default menu.c32
prompt 0
timeout 30
MENU TITLE LinuxTechi.com PXE Menu
LABEL centos7_x64
MENU LABEL CentOS 7_X64
KERNEL /networkboot/vmlinuz
APPEND initrd=/networkboot/initrd.img inst.repo=ftp://192.168.122.11/pub
ks=ftp://192.168.122.11/pub/centos7.cfg
```

Step:6 Start and enable xinetd, dhcp and vsftpd service.
Use the beneath commands to start and enable xinetd, dhcp and vsftpd.

```bash
[root@pxe ~]# systemctl start xinetd
[root@pxe ~]# systemctl enable xinetd
[root@pxe ~]# systemctl start dhcpd.service
[root@pxe ~]# systemctl enable dhcpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/dhcpd.service to /usr/lib/systemd/system/dhcpd.service.
[root@pxe ~]#
[root@pxe ~]# systemctl start vsftpd
[root@pxe ~]# systemctl enable vsftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
[root@pxe ~]#
```

In Case SELinux is enabled, then set the following selinux rule for ftp server.

```bash
[root@pxe ~]# setsebool -P allow_ftpd_full_access 1
[root@pxe ~]#
```

Open the ports in the OS firewall using following firewall-cmd commands

```bash
[root@pxe ~]# firewall-cmd --add-service=ftp --permanent
success
[root@pxe ~]# firewall-cmd --add-service=dhcp --permanent
success
[root@pxe ~]# firewall-cmd --add-port=69/tcp --permanent
success
[root@pxe ~]# firewall-cmd --add-port=69/udp --permanent
success
[root@pxe ~]# firewall-cmd --add-port=4011/udp --permanent
success
[root@pxe ~]# firewall-cmd --reload
success
[root@pxe ~]#
```

Up to this point, PXE server installation and configuration is completed now.

Step:7 Boot the clients with pxe boot option.

[PXE test client bootup text prompts][1]


[PXE menu][2]


[CentOS installation][3]


[1]: https://i.stack.imgur.com/uJb8I.png
[2]: https://i.stack.imgur.com/HENCy.png
[3]: https://i.stack.imgur.com/jYo4H.png

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: "PXE-E11 ARP timeout", "PXE-E38 TFTP cannot open connection" errors on client machine when connecting PXE CentOS Lin

Post by TrevorH » 2022/06/23 19:46:32

root@pxe ~]# firewall-cmd --add-port=69/tcp --permanent
success
[root@pxe ~]# firewall-cmd --add-port=69/udp --permanent
success
Use --service=tftp not this. It loads nf_conntrack_tftp as well.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

akayoshi1
Posts: 11
Joined: 2022/06/23 19:24:48

Re: "PXE-E11 ARP timeout", "PXE-E38 TFTP cannot open connection" errors on client machine when connecting PXE CentOS Lin

Post by akayoshi1 » 2022/06/24 14:01:54

Just to confirm: [root@pxe ~]# firewall-cmd --add-service=tftp --permanent

would be the way you would do it?

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: "PXE-E11 ARP timeout", "PXE-E38 TFTP cannot open connection" errors on client machine when connecting PXE CentOS Lin

Post by TrevorH » 2022/06/24 14:46:11

I don't use firewalld so it's not something I do but if you read the xml file, I think under /usr/lib/firewalld/services for tftp then you will see that in addition to the ports to open, it will also load nf_conntrack_tftp to keep track of the connections and allow them. But, yes, in general you should always enable the service if one exists as it may do more than just open ports.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

akayoshi1
Posts: 11
Joined: 2022/06/23 19:24:48

Re: "PXE-E11 ARP timeout", "PXE-E38 TFTP cannot open connection" errors on client machine when connecting PXE CentOS Lin

Post by akayoshi1 » 2022/06/24 18:13:02

Okay I will check /usr/lib/firewalld for tftp in the xml file to load nf_conntrack_tftp and see if that works or not.

akayoshi1
Posts: 11
Joined: 2022/06/23 19:24:48

Re: "PXE-E11 ARP timeout", "PXE-E38 TFTP cannot open connection" errors on client machine when connecting PXE CentOS Lin

Post by akayoshi1 » 2022/06/27 19:04:29

TrevorH, I did check the file /usr/lib/firewalld/tftp.xml and it does have the port number listed as “udp port 69” and the entry
“module nf_conntrack_tftp” in the file.
In the terminal, when I type:

firewall-cmd –add-service=tftp –permanent

It says it’s already enabled.
I also restarted the firewall on the PXE server and then tried to boot from the client into the PXE server, but it still didn’t work.
What firewall service/program do you use. Maybe that would work better?

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: "PXE-E11 ARP timeout", "PXE-E38 TFTP cannot open connection" errors on client machine when connecting PXE CentOS Lin

Post by TrevorH » 2022/06/27 19:07:17

Remove the port definitions first then add the service, maybe they conflict.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

akayoshi1
Posts: 11
Joined: 2022/06/23 19:24:48

Re: "PXE-E11 ARP timeout", "PXE-E38 TFTP cannot open connection" errors on client machine when connecting PXE CentOS Lin

Post by akayoshi1 » 2022/06/29 18:18:44

TrevorH I have removed the port definitions from the firewall with the commands:
firewall-cmd --remove-port=69/tcp --permanent

firewall-cmd --remove-port=69/udp --permanent

and added the service to the firewall with the command:
firewall-cmd --add-service=tftp –permanent
When I boot up the client to network boot into the PXE server now, instead of the ARP error from the original post, I now receive the following message:
“Client MAC ADDR: 00 25 90 36 9C D9 \n GUID: 534D4349 0002 B721 1B00 B7211B00B023 \n No DHCP or Proxy DHCP offers were received”
This message displays the first time I network boot from the client to the PXE server, but when I do this a second time and every time after, the screen is blank with nothing displayed.
Doing a tcpdump --interface=any on the PXE server has no output.


I also configured the firewall with the opposite commands to double check the outcome.
firewall-cmd --add-port=69/tcp --permanent

firewall-cmd --add-port=69/udp --permanent

and added the service to the firewall with the command:
firewall-cmd --remove-service=tftp –permanent
I get the same message from the client:
“Client MAC ADDR: 00 25 90 36 9C D9 \n GUID: 534D4349 0002 B721 1B00 B7211B00B023 \n No DHCP or Proxy DHCP offers were received”
But this time from the PXE server, when I do tcpdump --interface=any
I instead get a different output from tcpdump:
tcpdump --interface=any
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
12:07:42.901914 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:25:90:36:9c:d9 (oui Unknown), length 548
12:07:42.903594 IP localhost.37318 > localhost.domain: 1691+ PTR? 255.255.255.255.in-addr.arpa. (46)
12:07:42.903622 IP localhost > localhost: ICMP localhost udp port domain unreachable, length 82
12:07:42.903694 IP localhost.52351 > localhost.domain: 1691+ PTR? 255.255.255.255.in-addr.arpa. (46)
12:07:42.903710 IP localhost > localhost: ICMP localhost udp port domain unreachable, length 82
12:07:42.905345 IP localhost.48752 > localhost.domain: 47178+ PTR? 0.0.0.0.in-addr.arpa. (38)
12:07:42.905363 IP localhost > localhost: ICMP localhost udp port domain unreachable, length 74
12:07:42.905426 IP localhost.39020 > localhost.domain: 47178+ PTR? 0.0.0.0.in-addr.arpa. (38)
12:07:44.914743 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:25:90:36:9c:d9 (oui Unknown), length 548
12:07:48.923216 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:25:90:36:9c:d9 (oui Unknown), length 548
12:07:56.942475 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:25:90:36:9c:d9 (oui Unknown), length 548
12:08:12.981124 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:25:90:36:9c:d9 (oui Unknown), length 548
12:08:15.014567 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:25:90:36:9c:d9 (oui Unknown), length 548
12:08:19.023040 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:25:90:36:9c:d9 (oui Unknown), length 548
12:08:27.042318 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:25:90:36:9c:d9 (oui Unknown), length 548
12:08:43.080937 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:25:90:36:9c:d9 (oui Unknown), length 548
12:08:45.114405 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:25:90:36:9c:d9 (oui Unknown), length 548
12:08:49.122865 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:25:90:36:9c:d9 (oui Unknown), length 548
12:08:57.142166 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:25:90:36:9c:d9 (oui Unknown), length 548

Now I am really confused.

akayoshi1
Posts: 11
Joined: 2022/06/23 19:24:48

Re: "PXE-E11 ARP timeout", "PXE-E38 TFTP cannot open connection" errors on client machine when connecting PXE CentOS Lin

Post by akayoshi1 » 2022/07/05 14:38:00

@TrevorH I apologize for this, but I am going to end this forum post for now. I have found a more straightforward way to set up this PXE server on my laptop along with planning this out better with my co-workers. I'm going to do this walkthrough on my laptop first, troubleshoot any problems on the laptop, then copy the configuration to the server and getting working on the server.

Post Reply