Does anyone have PXE booting working ?
I am nearly there but was wondering if anyone would share their iptabels/firewall-cmd, dhcpd, and pxelinux.cfg files please ?
I have everything up to the dns + http/https stage working.
Many thanks in advance,
Aaron
On 11/6/19 3:39 PM, Aaron Gray wrote:
Does anyone have PXE booting working ?
Yes, for both legacy and EFI modes.
I am nearly there but was wondering if anyone would share their iptabels/firewall-cmd, dhcpd, and pxelinux.cfg files please ?
I have everything up to the dns + http/https stage working.
I'm not sure what this means. Maybe describe what you have and what's not working.
On Thu, 7 Nov 2019 at 03:53, Samuel Sieb samuel@sieb.net wrote:
On 11/6/19 3:39 PM, Aaron Gray wrote:
Does anyone have PXE booting working ?
Yes, for both legacy and EFI modes.
Right I am only needing legacy
I am nearly there but was wondering if anyone would share their iptabels/firewall-cmd, dhcpd, and pxelinux.cfg files please ?
I have everything up to the dns + http/https stage working.
I'm not sure what this means. Maybe describe what you have and what's not working.
I have BOOTP and TFTP working but it seems to be failing on DNS and HTTP or HTTPS.
Here's my dhcp.conf :- ~~~ # dhcpd.conf
# option definitions common to all supported networks... option domain-name "aarongray.org"; option domain-name-servers ns1.hover.com, ns2.hover.com;
default-lease-time 600; max-lease-time 7200;
# Use this to enble / disable dynamic dns updates globally. #ddns-update-style none;
# If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. authoritative;
# Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection). log-facility local7;
#
allow booting; allow bootp;
ddns-update-style interim; ignore client-updates;
# No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology.
subnet 192.168.2.0 netmask 255.255.255.0 { authoritative;
range 192.168.2.1 192.168.2.127; option domain-name-servers 8.8.8.8, 8.8.4.4; option routers 192.168.1.111; option broadcast-address 192.168.2.255; # option ip-forwarding off; default-lease-time 600; max-lease-time 7200;
option ntp-servers ntp.fedora.org;
range dynamic-bootp 192.168.2.128 192.168.2.240; ddns-update-style none; filename "pxelinux.0"; }
host one-primary { hardware ethernet 01:23:45:67:89:AB; fixed-address 192.168.2.128; } host two-primary { hardware ethernet 23:45:67:89:AB:CD; fixed-address 192.168.2.129; } host three-primary { hardware ethernet 45:67:89:AB:CD:EF; fixed-address 192.168.2.130; } ~~~
On 11/11/19 10:57 AM, Aaron Gray wrote:
On Thu, 7 Nov 2019 at 03:53, Samuel Sieb samuel@sieb.net wrote:
On 11/6/19 3:39 PM, Aaron Gray wrote:
Does anyone have PXE booting working ?
Yes, for both legacy and EFI modes.
Right I am only needing legacy
I have BOOTP and TFTP working but it seems to be failing on DNS and HTTP or HTTPS.
You need to explain in more detail where the boot process is getting stuck. Does the PXE BIOS get an IP address? Does it load the file from the tftp server or does it fail there?
Here's my dhcp.conf :-
# dhcpd.conf # option definitions common to all supported networks... option domain-name "aarongray.org"; option domain-name-servers ns1.hover.com, ns2.hover.com;
This is incorrect, you have to put IP addresses. You can't resolve the names without having a DNS server already. :-)
# No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology.
I think that's a copy and paste comment that is invalid.
subnet 192.168.2.0 netmask 255.255.255.0 { authoritative;
range 192.168.2.1 192.168.2.127; option domain-name-servers 8.8.8.8, 8.8.4.4; option routers 192.168.1.111;
Your gateway address is not in this subnet. That won't work.
option broadcast-address 192.168.2.255; # option ip-forwarding off; default-lease-time 600; max-lease-time 7200;
option ntp-servers ntp.fedora.org;
range dynamic-bootp 192.168.2.128 192.168.2.240; ddns-update-style none; filename "pxelinux.0"; }
When you say tftp is working, do you mean the server is running or that the clients are getting the boot file? You're missing the info telling the clients what tftp server to use. You need a line like: next-server 192.168.2.1;
Do you have a "pxelinux.cfg" directory on the tftp server? That would be the next step.
On Mon, 11 Nov 2019 at 21:16, Samuel Sieb samuel@sieb.net wrote:
On 11/11/19 10:57 AM, Aaron Gray wrote:
On Thu, 7 Nov 2019 at 03:53, Samuel Sieb samuel@sieb.net wrote:
On 11/6/19 3:39 PM, Aaron Gray wrote:
Does anyone have PXE booting working ?
Yes, for both legacy and EFI modes.
Right I am only needing legacy
I have BOOTP and TFTP working but it seems to be failing on DNS and HTTP or HTTPS.
Samuel,
I was trying to follow this howto :-
https://docs.fedoraproject.org/en-US/fedora/rawhide/install-guide/advanced/N...
You need to explain in more detail where the boot process is getting stuck. Does the PXE BIOS get an IP address? Does it load the file from the tftp server or does it fail there?
PXE BOOT is working fine, the TFTP is working and the kernel is loading.
But the initrd is unable to load the inst.stage2 http(s) loaders
~~~ pxelinux.cfg ~~~ default vesamenu.c32 prompt 1 timeout 600
label linux menu label ^Install Fedora 30 64-bit menu default kernel f30/vmlinuz append initrd=f30/initrd.img inst.stage2= https://download.fedoraproject.org/pub/fedora/linux/releases/30/Server/x86_6... ip=dhcp
label server30 menu label ^Install Fedora 30 ( Minimal Image ) menu default kernel f30/vmlinuz append initrd=f30/initrd.img inst.stage2= https://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/fedora/linux/re... ip=dhcp ks=https://example.com/fedora/kickstarts/minimal.ks
label server31 menu label ^Install Fedora 31 menu default kernel f31/vmlinuz append initrd=f31/initrd.img inst.stage2= https://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/fedora/linux/re...
label local menu label Boot from ^local drive localboot 0xffff ~~~
Here's my dhcp.conf :-
# dhcpd.conf # option definitions common to all supported networks... option domain-name "aarongray.org"; option domain-name-servers ns1.hover.com, ns2.hover.com;
This is incorrect, you have to put IP addresses. You can't resolve the names without having a DNS server already. :-)
Oh okay I thought it would use the systems DNS to look up the addresses.
# No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology.
I think that's a copy and paste comment that is invalid.
Okay that was from the default /etc/dhcp/dhcpd.conf file
subnet 192.168.2.0 netmask 255.255.255.0 { authoritative;
range 192.168.2.1 192.168.2.127; option domain-name-servers 8.8.8.8, 8.8.4.4; option routers 192.168.1.111;
Your gateway address is not in this subnet. That won't work.
Okay that may well be the issue ! I cannot access stuff off of the internet so that figures !
So that should be 192.168.2.1 or 192.168.2.254 ?
192.168.1.111 is the gateway address of the router my DHCPD server machine is connected to.
I tried using the this DHCPD server on Windows and it was fine and could access the internet for normal operation using the 192.168.1.111 address so thought I had a working configuration.
How do I go about this will the DHCPD server pick up that gate way automattically use itself or do I have to do some further routing ??
option broadcast-address 192.168.2.255; # option ip-forwarding off; default-lease-time 600; max-lease-time 7200;
option ntp-servers ntp.fedora.org;
range dynamic-bootp 192.168.2.128 192.168.2.240; ddns-update-style none; filename "pxelinux.0"; }
When you say tftp is working, do you mean the server is running or that the clients are getting the boot file? You're missing the info telling the clients what tftp server to use. You need a line like:
The machine is getting the bootfiles and menus from the TFTP server fine.
next-server 192.168.2.1;
Yes I was wondering about next-server ?
Do you have a "pxelinux.cfg" directory on the tftp server? That would be the next step.
Thats working fine, I got menus and stuff its the second stage loader that loads images/install.img from initrd.img which is where its failing !
Thanks for helping !
Aaron
On 11/11/19 6:23 PM, Aaron Gray wrote:
On Mon, 11 Nov 2019 at 21:16, Samuel Sieb <samuel@sieb.net mailto:samuel@sieb.net> wrote:
On 11/11/19 10:57 AM, Aaron Gray wrote:
subnet 192.168.2.0 netmask 255.255.255.0 { authoritative;
range 192.168.2.1 192.168.2.127; option domain-name-servers 8.8.8.8, 8.8.4.4; option routers 192.168.1.111;
Your gateway address is not in this subnet. That won't work.
Okay that may well be the issue ! I cannot access stuff off of the internet so that figures !
So that should be 192.168.2.1 or 192.168.2.254 ?
I would need to know how your network is configured. Please explain.
192.168.1.111 is the gateway address of the router my DHCPD server machine is connected to.
That's a very unusual IP address for a gateway.
I tried using the this DHCPD server on Windows and it was fine and could access the internet for normal operation using the 192.168.1.111 address so thought I had a working configuration.
Again very strange. What IP address was Windows getting?
How do I go about this will the DHCPD server pick up that gate way automattically use itself or do I have to do some further routing ??
Not sure what you're asking, but the gateway needs to be some network device on the same subnet that route the packets onward.
next-server 192.168.2.1;
Yes I was wondering about next-server ?
I'm really curious how it finds the tftp server without that...
On Tue, 12 Nov 2019 at 06:22, Samuel Sieb samuel@sieb.net wrote:
On 11/11/19 6:23 PM, Aaron Gray wrote:
On Mon, 11 Nov 2019 at 21:16, Samuel Sieb <samuel@sieb.net mailto:samuel@sieb.net> wrote:
On 11/11/19 10:57 AM, Aaron Gray wrote:
subnet 192.168.2.0 netmask 255.255.255.0 { authoritative;
range 192.168.2.1 192.168.2.127; option domain-name-servers 8.8.8.8, 8.8.4.4; option routers 192.168.1.111;
Your gateway address is not in this subnet. That won't work.
Okay that may well be the issue ! I cannot access stuff off of the internet so that figures !
So that should be 192.168.2.1 or 192.168.2.254 ?
I would need to know how your network is configured. Please explain.
192.168.1.111 is the gateway address of the router my DHCPD server machine is connected to.
That's a very unusual IP address for a gateway.
yep, a very nonstandard ISP proprietory router.
I tried using the this DHCPD server on Windows and it was fine and could access the internet for normal operation using the 192.168.1.111 address so thought I had a working configuration.
Again very strange. What IP address was Windows getting?
Yes Windows works to that gateway I would
How do I go about this will the DHCPD server pick up that gate way automattically use itself or do I have to do some further routing ??
Not sure what you're asking, but the gateway needs to be some network device on the same subnet that route the packets onward.
next-server 192.168.2.1;
Yes I was wondering about next-server ?
I'm really curious how it finds the tftp server without that...
Added 'next-server 192.168.2.1' and its now finding www.mirrorservice.org !!!
Okay TFTP does not seem to need next-server its the next server it uses after TFTP AFAICT.
I still don't understand the 192.168.1.111 address which is the gateway on the internet router (very nonstandard ISP proprietory router) that the enp4s4 ethernet that my BOOTP server connects to.
internet -> 192.168.1.0 router (with 192.168.1.111 gateway) -> enp4s4 (Fedora DHCPD server) enp5s5 -> booting client machine
Anyway I have it functioning now but if it is better to have another gateway address I would be interested in knowing how to do that.
At the moment I am MASQUERADE'ing from enp4s4 on 192.168.1.X to enp5s5 on 192.168.2.X :-
sudo route add -net 192.168.2.0/24 dev enp5s5 sudo bash -c "echo net.ipv4.ip_forward=1 >>/etc/sysctl.conf"
~~~ iptables ~~~ sudo iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i enp5s5 -p tcp --dport 443 -j ACCEPT sudo iptables -A FORWARD -i enp5s5 -p udp --dport 443 -j ACCEPT --comment "HTTP/3" sudo iptables -A FORWARD -i enp5s5 -p tcp --dport 53 -j ACCEPT sudo iptables -A FORWARD -i enp5s5 -p udp --dport 53 -j ACCEPT sudo iptables -A FORWARD -i enp5s5 -j REJECT sudo iptables -P FORWARD DROP sudo iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o enp4s0 -j MASQUERADE ~~~~~~~~
Cheers,
Aaron
On 11/12/19 3:07 PM, Aaron Gray wrote:
On Tue, 12 Nov 2019 at 06:22, Samuel Sieb samuel@sieb.net wrote:
On 11/11/19 6:23 PM, Aaron Gray wrote:
Added 'next-server 192.168.2.1' and its now finding www.mirrorservice.org !!!
What was finding that? The pxe client?
Okay TFTP does not seem to need next-server its the next server it uses after TFTP AFAICT.
No, it's supposed to be the address of the tftp server. I have no idea how the pxe client is getting to the tftp server without that. Maybe it defaults to the gateway address if next-server isn't supplied.
I still don't understand the 192.168.1.111 address which is the gateway on the internet router (very nonstandard ISP proprietory router) that the enp4s4 ethernet that my BOOTP server connects to.
What don't you understand? That's the IP address that any network device has to pass packets to get outside your network. It is a very unusual address though.
internet -> 192.168.1.0 router (with 192.168.1.111 gateway) -> enp4s4 (Fedora DHCPD server) enp5s5 -> booting client machine
Ok, that's what I was looking for. You dhcp/tftp server has two ethernet ports and the pxe client is on the far side of that.
Anyway I have it functioning now but if it is better to have another gateway address I would be interested in knowing how to do that.
The gateway specified in the dhcp config for the enp5s5 interface should be the IP address of the enp5s5 interface. Since things are working, I assume that's what you have now.
At the moment I am MASQUERADE'ing from enp4s4 on 192.168.1.X to enp5s5 on 192.168.2.X :-
Given your network configuration, that is required.