PXE boot from an other Network

Question

so i got an problem.

I set up an Router with Debian9, its task is that Clients in the Network are able to boot from an PXE Server( the PXE Server is on an other Network) I heard sth. about IP-Helper RelayAgent

But i didnt find any documentation for my problem all the documentation i found were for PXE Servers in the same Network.

By the way the PXE-Server exists but its in Network A, i just have to make sure that the Clients on Network B can boot from this Server.

I did a lot of researches but didn´t find anything :(

@Andreas Rogge

So i looked in the internet... i will configure my dhcp.conf like that...

allow booting;
allow bootp;

subnet 10.5.200.0 netmask 255.255.255.0 {
    option domain-name-servers 10.5.200.254;
    option broadcast-address 10.5.200.255;
    option subnet-mask 255.255.255.0;
    option routers 10.5.200.254;
    range 10.5.200.100 10.5.200.200;


#       group {
#               next-server the TFTP server address/pxe server;
#               filename "filename";
#
#
#               host ubuntu {
#                       hardware ethernet 08:00:07:26:c0:a5;
#                       fixed-address 10.5.200.10; }
            }
    }

And my relay.conf like this:

# Defaults for isc-dhcp-relay initscript
# sourced by /etc/init.d/isc-dhcp-relay
# installed at /etc/default/isc-dhcp-relay by the maintainer scripts

#
# This is a POSIX shell fragment
#

# What servers should the DHCP relay forward requests to?
SERVERS="10.5.200.254"

# On what interfaces should the DHCP relay (dhrelay) serve DHCP requests?
INTERFACES="enp16s0"

# Additional options that are passed to the DHCP relay daemon?
OPTIONS=""

network/interfaces:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).



# The loopback network interface
auto lo
iface lo inet loopback
#test
#Member Network A
auto enp0s25
iface enp0s25 inet static
    address 40.4.200.252
    netmask 255.255.255.0
    gateway 40.4.200.254

#My NEW NETWORK B
auto enp16s0
iface enp16s0 inet static
    address 10.5.200.254
    netmask 255.255.255.0

score 1 · Answer 1 · answered Feb 19 '18 at 14:28

1

PXE needs two things: DHCP and TFTP.

As TFTP is just routable UDP packets, this will work if you have IP-forwarding set up on your router and got your firewall rules right.

What you're missing is DHCP in the other network. This is quite simple to set up: add that network to your dhcp-server with all the options you need for PXE (as you did it in the first network, you'll know how to do that). Lastly you need to install and configure a dhcp relay agent on your router. This will forward broadcasted DHCP requests on your Network B to the DHCP server.

answered Feb 19 '18 at 14:28

Andreas Rogge

2,670
10
24

So why do i need 2 DHCP´s? the reason why i ask that is because i want to delete the dhcp on Network A, because in this Network are just servers and the servers got static IPs. And the reason why the Network A still got an DHCP is because of the PXE. by "in the other Network" you mean Network A(where the pxe server is) ? okay for relay agent i will look for how to configure it! Relay Agent is for broadcast into unicast right ? Falls mein englisch zu schlecht ist schreibe ich es gern nochmal in deutsch :) – Nils Schöffel Feb 19 '18 at 14:47
You don't need two DHCPs. You need one DHCP-server and a relay agent to make DHCP available in the other networks. It doesn't really matter on what network the DHCP is. At our site the DHCP is in the server network and relay agents are set up for all other networks. – Andreas Rogge Feb 19 '18 at 14:59
i edited my post would be really really nice if you could look over it :) – Nils Schöffel Feb 20 '18 at 09:01
If DHCP is on the machine with the two interfaces, you don't need a relay agent. It should work just like you implemented it. – Andreas Rogge Feb 20 '18 at 09:08
So just edit the DHCP.conf like i did ? :) and remove the relay service? yeah i got the DHCP on Network B, my router is on Network B and the PXE/TFTP Server is on Network A (just for information) – Nils Schöffel Feb 20 '18 at 09:25
Okay , one moment i´ll write it again because i think we missunderstood each other :) – Nils Schöffel Feb 20 '18 at 09:39
the Network where the PXE/tftp Server stand is Network A The Network for my Clients which should be booted is Network B We also got an Network for our employee thats Network C – Nils Schöffel Feb 20 '18 at 09:51
In Network A are just servers so they all got static IPs, also in Network A are 20 IPs for PXE Booting.The Clients that have to be booted get there IPs from the DHCP from Network C.PXE/TFTP are installed on Windows Server 2012 R2. My task is now to do a Network where more than 20 clients can be booted with PXE thats Network B. so when i configure the dhcp.conf i need to put in an Filename but our company decided that we dondt do that because if we do that we only can boot 32Bit or 64Bit, so we used IP-Helper for that Problem. – Nils Schöffel Feb 20 '18 at 09:52
I hope i could make it more understandable for you :) and sorry that it was so confusing. – Nils Schöffel Feb 20 '18 at 09:52
Before you try to get PXE-booting to work, make sure you can get an address assigned from your DHCP in Network B. This is definitely the first problem you want to solve. – Andreas Rogge Feb 20 '18 at 10:44
that works, so i mean if i connect an Client with my 10.5.200.254 Router the Client gets an IP from the DHCP. – Nils Schöffel Feb 20 '18 at 11:20
Ok, so for PXE to start working you'll now just need next-server and filename set (I understand that you don't want to set the filename, but first make sure it works when you set one and then try to make it work with BINL) – Andreas Rogge Feb 20 '18 at 12:49
okay maybe that will take a while but as soon im fished i´ll write you – Nils Schöffel Feb 20 '18 at 12:56
if i connect the Client to the Router the Client gets an IP and can ping on the pxe Server in the other Network... but if i restart and boot over network the clients says me "Network not found" – Nils Schöffel Feb 20 '18 at 13:49
bzw. "PXE-E53: No boot filename received " as filename i used "\smsboot\x64\wdsnbp.com" – Nils Schöffel Feb 20 '18 at 14:30
okay added optio 66 and 67 like this #option 66 option tftp-server-name "w.x.y.z"; #option 67 option bootfile-name "test.cfg"; but now i get and tPXE-E53:tftp open timeout – Nils Schöffel Feb 21 '18 at 07:49
tftp open timeout means the client doesn't get a response from the tftp server where it requested its bootfile. – Andreas Rogge Feb 21 '18 at 09:41
yeah i found that on my researches.I will look on the SCCM if tehre is any config or firewall that dont allow it:) – Nils Schöffel Feb 21 '18 at 09:48
hmm tftp was only for Network A,B so i activated it also for Network B. But still get an Timeout error, but the filename is correct (\smsboot\x64\wdsnbp.com). And i dont have an firewall.. could it be that the Router on the other network sont allow the TFTP to serve my Network ? – Nils Schöffel Feb 21 '18 at 10:43
and sorry for all , the company where i make my project for the IHK ist very confusing! :/ :) – Nils Schöffel Feb 21 '18 at 11:55
IHK Abschlussprojekt? You can debug this better with a "fat" tftp client. There's a tftp command-line client for linux, i guess there's also something for Windows. If you can't retrieve the file with that one, PXE won't be able to retrieve it either. Maybe you need to use forward slashes (/) instead of backslashes (\)? – Andreas Rogge Feb 21 '18 at 13:05
Yeah das Abschlussproject, and here in my company nobody can help me. Maybe we could chat because then i can tell you what are wrong in german so you understand me properly.... would be really nice. so you mean tftp 40.4.200.218(tftp Server) then status and get /example/example? changed "\" to "/" no change. – Nils Schöffel Feb 21 '18 at 15:15
/sbin/iptables shows me "^?ELF^B^A^A^@^@^@^@^@^@^@^@^@^C^@>^@^A^@^@^@�;^@^@^@^@^@^@@^@^@^@^@^@^@^@�k^A^@^@^@^@^@^@^@^@^@@^@8$ ^H^@^@^R^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@n^E^@^@^R^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@�^G^@^$ ^@�7^@^@^@^@^@^@^@^@^@^@^@^@^@^@�^H^@^@^P^@" and on the bottom (aus MAC-Format kopiert) the reason why i want to edit this is because i want to make sure that port 69 on my router is open – Nils Schöffel Feb 21 '18 at 15:28
https://chat.stackexchange.com/rooms/info/73487/room-for-nils-schoffel-and-andreas-rogge – Andreas Rogge Feb 21 '18 at 16:16
i need 20 reputation to answear you... so its an problem on my router or the tftp ? yeah i can ping him from the client i want to boot. – Nils Schöffel Feb 21 '18 at 21:45
Take a look at the output if `iptables -L -n` and check wether the communication is allowed. I guess it is the TFTP server causing the issue. – Andreas Rogge Feb 22 '18 at 08:48
yeah it allows averything: `target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination` – Nils Schöffel Feb 22 '18 at 08:51
hmm maybe its wrong but the Client sends an broadcast (to look for the PXE/TFTP Server).... maybe i have to turn this boradsact to an unicast with isc-dhcp-relay agent ? – Nils Schöffel Feb 22 '18 at 10:03
i installed isc-shcp-relay on the SERVER= i put 40.4.200.218 in (ip from tftp/PXE) on interface it put in enp16s0. on the options i did nothing. I recive the error:"PXE-E52: proxyDHCP offers were recieved. No DHCP offers were received. same error if i change enp16s0 with enp0s25. – Nils Schöffel Feb 22 '18 at 11:11
every time i delete the filenames out of the dhcp.conf and install isc-dhcp-relay and config it , i cant ping anymore from my client (10.5.200.111) to 40.4.200.218 (pxe server) – Nils Schöffel Feb 23 '18 at 10:30
i have to make it work until 9.3.2018 (german date) and yeah, i think maybe it would be better to do an other project for the IHK – Nils Schöffel Feb 23 '18 at 10:32
you don't need dhcp-relay. DHCP is working, it is just TFTP that is broken – Andreas Rogge Feb 23 '18 at 16:18
the client looking for an tftp server and this with an broadcast.. and and broadcast cant reach the tftpserver because its in an other network or am i wrong ? – Nils Schöffel Feb 23 '18 at 20:06

score 0 · Answer 2 · edited Feb 22 '18 at 10:35

0

Can you put address from subnet B to the debian-server and make tftp server to listen on all addresses or interfaces. Or use a gateway or proxy if you need this.

edited Feb 22 '18 at 10:35

Nils Schöffel

23
5

answered Feb 19 '18 at 13:15

Ivan Alex

11
3

The Debian Server is Network B – Nils Schöffel Feb 19 '18 at 13:30
You have to give ip address to your clients, that could connect to you pxe server. Do you have read about routing? You must on clients give default route for example throuht your router, and on it you have to make static route to you pxe server – Ivan Alex Feb 19 '18 at 13:35
yes the IPs for the clients makes the dhcp. i have to make an extra route to the pxe server ??? – Nils Schöffel Feb 19 '18 at 13:37
Yes, if clients and PXE server on different subnets, for example with dhcp server, if it has two addresses on interface or two interfaces. – Ivan Alex Feb 19 '18 at 13:40
Network A:40.4.100.0/24 Network B:10.5.100.0/24 PXESERVER:40.4.100.218 so the route is :ip route add 40.4.100.218/24 via 10.5.100.254? – Nils Schöffel Feb 19 '18 at 13:48

PXE boot from an other Network

2 Answers2