# LAN boot - PXE-E32 TFTP open timeout



## jenaniston (Jan 20, 2010)

the PXE error message I get on the client laptop is


```
PXE-E32 TFTP open timeout
```

results from snort 
	
	



```
# snort -veX
```
 support the following interpretation of the error rather than some of the google search results
(i.e. - _yes_ the tftp service status is running)

"The PXE client was able to get a DHCP address and a boot file name,
 but timed out when attempting to download the boot file using TFTP . . ."
http://h18000.www1.hp.com/products/servers/management/rdp/knowledgebase/00000138.html

*snort* gives the message

```
. . .
DESTINATION UNREACHABLE: ADMINSTRATIVELY PROHIBITED HOST FILTERED
 . . .
```
with a packet that contains the boot filename _from_ the server IP _to the client _IP.

this is after packets from the client to the server that contain the boot filename are ok 
which I presume are asking for the file.

Any ideas where in my config to look at _carefully_ . . . ?

And would wireshark give me any other valuable info ?
(though it seems a bear to set up, I am starting on that install as well)

Thanks.


----------



## jenaniston (Jan 21, 2010)

With tcpdump, this packet generates the following error message . . . 

```
ICMP host unreachable - admin prohibited
```
http://en.wikipedia.org/wiki/ICMP_Destination_Unreachable

Maybe same as the listed error 10 in the above link ?


----------



## jenaniston (Jan 21, 2010)

Is the *etc/hosts_allow* file really necessary if the client (and server) hostnames and IP addresses are already in the *etc/hosts* file?

Sorting through the man pages . . .
But any suggestions or criticism welcome as I experiment with trial and error method . . .
ok I'll emphasize the _error_ part - so far.


----------



## DutchDaemon (Jan 21, 2010)

/etc/hosts.allow serves a different purpose, and has no relation with /etc/hosts. See hosts_access(5) vs. hosts(5).


----------



## jenaniston (Jan 23, 2010)

*it's the firewall . . .*

better defined packet filtering rules are what is needed here . . .

the ipfilter in FreeBSD ipfilter

and the iptables with linux tftp server LAN boot file packets getting blocked.
iptables

There are definitely some packets and arping between the server and client that do make it through - confirmed by snort and tcpdump -
so I need to take a close look - filter is by length/size or something ?


----------

