Using tcpdump
to track what HTTP GET requests the server was making:
tcpdump -i tap102i0 -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420'
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on tap102i0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
20:03:02.954744 IP 10.30.30.246.36801 > 10.30.30.10.5248: Flags [P.], seq 1907014505:1907014613, ack 2911629693, win 512, options [nop,nop,TS val 185696 ecr 625900672], length 108
E.......@.!T
...
..
....q..i...}....l......
...`%N|.GET /ipxe.cfg HTTP/1.1
Connection: keep-alive
User-Agent: iPXE/1.20.1+ (g4bd0)
Host: 10.30.30.10:5248
20:03:02.966785 IP 10.30.30.246.36801 > 10.30.30.10.5248: Flags [P.], seq 108:244, ack 396, win 512, options [nop,nop,TS val 185696 ecr 625900680], length 136
E... ...@..6
...
..
....q...........g......
...`%N|.GET /ipxe.cfg-d2%3A74%3A2c%3Af3%3A98%3A61 HTTP/1.1
Connection: keep-alive
User-Agent: iPXE/1.20.1+ (g4bd0)
Host: 10.30.30.10:5248
20:03:03.065582 IP 10.30.30.246.36801 > 10.30.30.10.5248: Flags [P.], seq 244:366, ack 572, win 512, options [nop,nop,TS val 185808 ecr 625900736], length 122
E.......@..A
...
..
....q..]...............
....%N|.GET /ipxe.cfg-default-amd64 HTTP/1.1
Connection: keep-alive
User-Agent: iPXE/1.20.1+ (g4bd0)
Host: 10.30.30.10:5248
20:03:03.200964 IP 10.30.30.246.36801 > 10.30.30.10.5248: Flags [P.], seq 366:519, ack 1332, win 512, options [nop,nop,TS val 185920 ecr 625900874], length 153
E.......@..0
...
..
....q...........i......
...@%N}JGET /images/ubuntu/amd64/ga-20.04/focal/stable/boot-kernel HTTP/1.1
Connection: keep-alive
User-Agent: iPXE/1.20.1+ (g4bd0)
Host: 10.30.30.10:5248
20:03:03.315579 IP 10.30.30.246.36801 > 10.30.30.10.5248: Flags [P.], seq 519:672, ack 13662018, win 512, options [nop,nop,TS val 186032 ecr 625900987], length 153
E...i...@.."
...
..
....q..p.\h............
....%N}.GET /images/ubuntu/amd64/ga-20.04/focal/stable/boot-initrd HTTP/1.1
Connection: keep-alive
User-Agent: iPXE/1.20.1+ (g4bd0)
Host: 10.30.30.10:5248
20:03:10.364923 IP 10.30.30.246.56428 > 10.30.30.10.5248: Flags [P.], seq 3973909383:3973909512, ack 1459785900, win 502, options [nop,nop,TS val 1006103140 ecr 625908082], length 129
E...z.@.@.n5
...
..
.l......W.......Q......
;..d%N.rGET /images/ubuntu/amd64/ga-20.04/focal/stable/squashfs HTTP/1.1
Host: 10.30.30.10:5248
User-Agent: Wget
Connection: close
20:03:20.543425 IP 10.30.30.246.57710 > 10.30.30.10.5248: Flags [P.], seq 1726640279:1726640494, ack 556370768, win 502, options [nop,nop,TS val 1006113318 ecr 625918261], length 215
E.....@.@.(.
...
..
.n..f.p.!).P....R9.....
;..&%N.5GET /MAAS/metadata/latest/enlist-preseed/?op=get_enlist_preseed HTTP/1.1
Host: 10.30.30.10:5248
User-Agent: Cloud-Init/22.2-0ubuntu1~20.04.3
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
20:03:23.065662 IP 10.30.30.246.57712 > 10.30.30.10.5248: Flags [P.], seq 212885926:212886141, ack 2302260665, win 502, options [nop,nop,TS val 1006115840 ecr 625920783], length 215
E.....@.@...
...
..
.p....a..9......R9.....
;...%N..GET /MAAS/metadata/latest/enlist-preseed/?op=get_enlist_preseed HTTP/1.1
Host: 10.30.30.10:5248
User-Agent: Cloud-Init/22.2-0ubuntu1~20.04.3
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
I can see that it does download an “enlist-preseed” document that includes the client IP of whoever made the request. E.g., when I download the same URL from my laptop (connected via VPN), I can see the response includes a metadata_url
containing my VPN client IP. Is this correct? Shouldn’t it point to the rack controller instead? Or is there some other magic that’s supposed to happen and is not working here?
curl 'http://10.30.30.10:5248/MAAS/metadata/latest/enlist-preseed/?op=get_enlist_preseed'
#cloud-config
apt:
preserve_sources_list: false
primary:
- arches:
- amd64
- i386
uri: http://archive.ubuntu.com/ubuntu
- arches:
- default
uri: http://ports.ubuntu.com/ubuntu-ports
proxy: http://10.30.30.10:8000/
security:
- arches:
- amd64
- i386
uri: http://archive.ubuntu.com/ubuntu
- arches:
- default
uri: http://ports.ubuntu.com/ubuntu-ports
sources_list: 'deb $PRIMARY $RELEASE multiverse restricted main universe
# deb-src $PRIMARY $RELEASE multiverse restricted main universe
deb $PRIMARY $RELEASE-updates multiverse restricted main universe
# deb-src $PRIMARY $RELEASE-updates multiverse restricted main universe
deb $PRIMARY $RELEASE-backports multiverse restricted main universe
# deb-src $PRIMARY $RELEASE-backports multiverse restricted main universe
deb $SECURITY $RELEASE-security multiverse restricted main universe
# deb-src $SECURITY $RELEASE-security multiverse restricted main universe
'
datasource:
MAAS:
metadata_url: http://<snip-my-vpn-client-ip>:5248/MAAS/metadata/
manage_etc_hosts: true
packages:
- python3-yaml
- python3-oauthlib
power_state:
condition: test ! -e /tmp/block-poweroff
delay: now
mode: poweroff
timeout: 1800
rsyslog:
remotes:
maas: <snip>