www.chen.de

Christof Chen
Nameservices and Security Consulting

Navigation

HOWTO boot a PXE client with DHCPD and an Altiris Bootserver all in different VLANs/Subnets…

without relaying all DHCPDISCOVER packets to the Bootserver.

The goal is to redirect a client towards a PXE-bootserver with parameters from the DHCP-server only.

  • Upgrade your PXE ROM. Trust me. The latest is probably ok, but the one after that might actually work. I got positive results from an ancient INTEL PXE 2.0 bootrom and a 3COM MBA 4.31. The 4.30 version failed to recognize the PXE boot-server option…
  • The relevant part of the dhcpd.conf:
    option space PXE;
    option PXE.mtftp-ip               code 1 = ip-address;
    option PXE.mtftp-cport            code 2 = unsigned integer 16;
    option PXE.mtftp-sport            code 3 = unsigned integer 16;
    option PXE.mtftp-tmout            code 4 = unsigned integer 8;
    option PXE.mtftp-delay            code 5 = unsigned integer 8;
    option PXE.discovery-control      code 6 = unsigned integer 8;
    option PXE.discovery-mcast-addr   code 7 = ip-address;
    option PXE.boot-server            code 8 = { unsigned integer 16,
                                                 unsigned integer 8,
                                                 ip-address };
    option PXE.boot-menu              code 9 = { unsigned integer 16,
                                                 unsigned integer 8,
                                                 text};
    option PXE.menu-prompt            code 10 = { unsigned integer 8, text };
    class "pxeclients" {
       match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
       option vendor-class-identifier "PXEClient";
       vendor-option-space PXE;
       #option PXE.mtftp-ip         0.0.0.0;  # multicast TFTP off
       option PXE.discovery-control 7;
       option PXE.discovery-mcast-addr 0.0.0.0;
       option PXE.boot-server 10 1 a.b.c.d;
       option PXE.boot-menu 10 8 "Welcome!";
       option PXE.menu-prompt 0 "Welcome!";
    }
  • Altiris indexes the bootfiles with the first parameter of the boot-server/boot-menue option.
  • The packet misses the trailing 0xFF (PXE_END) at the end of the vendor-encapsulated options. As far as i tried, this had no adverse effect on the PXE-Client. At least with DHCPD 3.0.3 i found no way to append a single 0xFF to the option without coding the complete option as a stream of hex bytes…

This has the drawback that the Bootmenu is sent by the DHCPD. So the fancy dynamic Boot selection from Altiris is not available.

To mitigate this problem there is the second approach.

Back to top
Copyright © 2024 Christof Chen