Network

How to install dhcp, dns, pxe on debian squeeze

Leave a comment

Introduction

This document describes how to install DHCP, DNS and PXE network services on a debian squeeze.

For this tutorial I use a machine that has two network interfaces:
eth0: 10.34.132.149/255.255.254.0 (WAN interface)
eth1: 172.20.30.1/255.255.255.0 (LAN interface)

To install a PXE server, you will need the following components:
DHCP Server
TFTP Server
NFS/FTP/HTTPD server (to store installing files)

Note: DHCP Server will listen only on eth1.
         In this tutorial I will use apache2 server.

Install required packages

[codesyntax lang="bash"]

apt-get install tftpd-hpa syslinux dhcp3-server bind9 dnsutils

[/codesyntax]

Configure DHCP Server

[codesyntax lang="bash"]

vim /etc/dhcp/dhcpd.conf

[/codesyntax]

ddns-update-style ad-hoc;
log-facility syslog;

option domain-name "test.org";
option domain-name-servers 172.20.30.1;
option subnet-mask 255.255.255.0;
subnet 172.20.30.0 netmask 255.255.255.0 {
    authoritative;
    range 172.20.30.10 172.20.30.90; # ip range
    option routers 172.20.30.1; # gateway for clients
    ######
    # in case want to deny clients that are not configured in dhcpd uncomment the following line
    ######
    #deny unknown-clients;
    allow booting;
    allow bootp;
    next-server 172.20.30.1; # tftpd server's IP
    filename "pxelinux.0";

    ######
    # sample of a client that has mac address reserved on dhcp
    ######
    #host guest1 {
    #    hardware ethernet 00:0C:29:14:DA:AD;
    #    fixed-address 172.20.30.15;
    #}
    ######
}

Force DHCP Server to listen only on eth1

[codesyntax lang="bash"]

vim /etc/default/isc-dhcp-server
:%s/INTERFACES=""/INTERFACES="eth1"/g
:wq

[/codesyntax]

Configure TFTP Server. Change the root directory on startup from /srv/tftp to /tftpboot

[codesyntax lang="bash"]

vim /etc/default/tftpd-hpa
:%s/\/srv\/tftp/\/tftpboot/g
:wq

[/codesyntax]

Setup TFTP Server network boot files

[codesyntax lang="bash"]

mkdir -p /tftpboot
chmod 777 /tftpboot

cp -v /usr/lib/syslinux/pxelinux.0 /tftpboot
cp -v /usr/lib/syslinux/menu.c32 /tftpboot
cp -v /usr/lib/syslinux/memdisk /tftpboot
cp -v /usr/lib/syslinux/mboot.c32 /tftpboot
cp -v /usr/lib/syslinux/chain.c32 /tftpboot

mkdir /tftpboot/pxelinux.cfg

[/codesyntax]

Create PXE menu file

[codesyntax lang="bash"]

vim /tftpboot/pxelinux.cfg/default

[/codesyntax]

default menu.c32
prompt 0
timeout 300
MENU TITLE test.org PXE Menu

LABEL centos6.3_i386
    MENU LABEL CentOS 6.3 i386
    KERNEL /netboot/centos/6.3/i386/vmlinuz
    APPEND console=tty0 console=ttyS0,9600N1 initrd=/netboot/centos/6.3/i386/initrd.img ks=http://172.20.30.1/netboot/centos/6.3/i386/centos6.3-ks.cfg  ksdevice=link

Share the internet connection with clients

[codesyntax lang="bash"]

vim /etc/sysctl.conf
:%s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1
:wq

[/codesyntax]

Apply the settings:
[codesyntax lang="bash"]

sysctl -p

[/codesyntax]

Share internet connection using iptables:
[codesyntax lang="bash"]

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

[/codesyntax]

Configure bind9

[codesyntax lang="bash"]

echo "include \"/etc/bind/bind.keys\"; ">> /etc/bind/named.conf

vim /etc/bind/named.conf.options

[/codesyntax]

options {
        directory "/var/cache/bind";
        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { none; };
        forwarders { 8.8.8.8; 8.8.4.4; };
        listen-on port 53 { any; };
        allow-query { any; };
        allow-query-cache { any; };
};

Add the following lines at the end of the named.conf.default-zones
[codesyntax lang="bash"]

vim /etc/bind/named.conf.default-zones

[/codesyntax]

zone "test.org" {
        type master;
        file "/etc/bind/test.org";
};

zone "30.20.172.in-addr.arpa" {
        type master;
        file "/etc/bind/30.20.172.in-addr.arpa";
};

[codesyntax lang="bash"]

vim /etc/bind/test.org

[/codesyntax]

$ORIGIN test.org.

$TTL 1H

test.org.          IN SOA ns.test.org. root.test.org. (
                                2012062600      ; serial
                                12H             ; refresh
                                2H              ; retry
                                1W              ; expiry
                                2D )            ; minimum

test.org.      IN    NS   ns.test.org.

ns.test.org.   IN    A    172.20.30.1

www10          IN    A    172.20.30.10
www11          IN    A    172.20.30.11
www12          IN    A    172.20.30.12
www13          IN    A    172.20.30.13
www14          IN    A    172.20.30.14
www15          IN    A    172.20.30.15

[codesyntax lang="bash"]

vim /etc/bind/30.20.172.in-addr.arpa

[/codesyntax]

$ORIGIN 30.20.172.in-addr.arpa.

$TTL 2D

@          IN SOA ns.test.org. root.test.org. (
                                2012062600      ; serial
                                12H             ; refresh
                                2H              ; retry
                                1W              ; expiry
                                2D )            ; minimum

@     IN    NS     ns.test.org.

1     IN    PTR    ns.test.org.

10    IN    PTR    www10.test.org.
11    IN    PTR    www11.test.org.
12    IN    PTR    www12.test.org.
13    IN    PTR    www13.test.org.
14    IN    PTR    www14.test.org.
15    IN    PTR    www15.test.org.

Let's use our DNS server

[codesyntax lang="bash"]

echo "search test.org" > /etc/resolv.conf
echo "nameserver 127.0.0.1" >> /etc/resolv.conf

[/codesyntax]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.