March 2017 – BSDSRV.se

Disk Imaging and Partitioning Utilities

By Sture | 2017-03-05 | Comments 0 Comment

Last Updated on 2017-03-25 by Sture

Description

So what do you do when you do not have an optical drive for a computer or server and you would like to install Linux?

You have two options, use a USB device (CD-ROM, Hard Drive, or Thumb drive) or PXE booting and doing a full network install. This article will discuss the latter.

Requirements

The following application(s) must be installed, configured and running before tftp-hpa is installed:

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]

N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!

[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Installation

The server used in this example is configured to contain one partition called /tftpboot used for PXE related files.

Add the Disk Imaging and Partitioning Utility option to the PXE Boot Main Menu with:

[root@server /usr/home/user]# ee /tftpboot/pxelinux.cfg/default [enter]

…the add the following text, example:

...
MENU COLOR HOTKEY 0 #ff00ff00 #ee000000 std
MENU COLOR HOTSEL 0 #ffffffff #85000000 std

LABEL f1
MENU LABEL ^1)  Disk Imaging and Partitioning Utilities
KERNEL vesamenu.c32
APPEND top.cfg f01.cfg bottom.cfg

LABEL blank
MENU LABEL
...

The PXE Boot Sub-Menu for Disk Imaging and Partitioning Utilities is defined in file /tftpboot/f01.cfg.

Create this file with:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg [enter]

..and then add the following text, example:

MENU TITLE  Disk Imaging and Partitioning Utilities

Change file modes

Change file modes for file /tftpboot/f01.cfg with:

[root@server ~]# chmod -R 755 /tftpboot/f01.cfg [enter]
[root@server /usr/home/user]#

Create a folder for Disk Imaging and Partitioning Utilities files with:

[root@server /usr/home/user]# mkdir /tftpboot/f01 [enter]
[root@server /usr/home/user]#

NFSv4 Server Setup

Service start on boot

List installed NFS services with:

[root@server /usr/home/user]# service -r | grep /nfs [enter]
/etc/rc.d/nfsclient
/etc/rc.d/nfsuserd
/etc/rc.d/nfsd
/etc/rc.d/nfscbd
[root@server /usr/home/user]#

Find the rcvar for /etc/rc.d/nfsclient with:

[root@server /usr/home/user]# /etc/rc.d/nfsclient rcvar [enter]
# nfsclient : NFS client setup
#
nfs_client_enable="NO"
#   (default: "")

[root@server /usr/home/user]#

Find the rcvar for /etc/rc.d/nfsuserd with:

[root@server /usr/home/user]# /etc/rc.d/nfsuserd rcvar [enter]
# nfsuserd : Load user and group information into the kernel for NFSv4 services and support manage-gids for all NFS versions
#
nfsuserd_enable="NO"
#   (default: "")

[root@server /usr/home/user]#

Find the rcvar for /etc/rc.d/nfsd with:

[root@server /usr/home/user]# /etc/rc.d/nfsd rcvar [enter]
# nfsd : Remote NFS server
#
nfs_server_enable="NO"
#   (default: "")

[root@server /usr/home/user]#

Find the rcvar for /etc/rc.d/nfscbd with:

[root@server /usr/home/user]# /etc/rc.d/nfscbd rcvar [enter]
# nfscbd : NFSv4 client side callback daemon
#
nfscbd_enable="NO"
#   (default: "")

[root@server /usr/home/user]#

N.B.: Since an NFSv4 mount uses the host uuid to identify the client uniquely to the server, you cannot safely do an NFSv4 mount when
it is set to hostid_enable=”NO”!

Add the following to /etc/rc.conf, assuming they’re not already there:

[root@server /usr/home/user]# echo '' >> /etc/rc.conf; echo '# NFS Server' >> /etc/rc.conf; echo 'rpcbind_enable="YES"' >> /etc/rc.conf; echo 'mountd_enable="YES"' >> /etc/rc.conf; echo 'nfs_server_enable="YES"' >> /etc/rc.conf; echo 'nfsv4_server_enable="YES"' >> /etc/rc.conf; echo 'nfsuserd_enable="YES"' >> /etc/rc.conf [enter]

Export Settings

Now we need to create an NFS export settings file /etc/exports with:

[root@server /usr/home/user]# ee /etc/exports [enter]

…and the add the following text:

V4: /
/tmp \
-maproot=root -network 192.168.1.0 -mask 255.255.255.0

This example assumes your network is 192.168.1.0/24; if it’s something else, you’ll need to make appropriate changes.

Now start all of the above services:

[root@server /usr/home/user]# service rpcbind start [enter]
Starting rpcbind.
[root@server /usr/home/user]#

[root@server /usr/home/user]# service mountd start [enter]
Starting mountd.
[root@server /usr/home/user]#

[root@server /usr/home/user]# service nfsd start [enter]
Starting nfsd.
[root@server /usr/home/user]#

Verify that the NFS mount is being exported with:

[root@server /usr/home/user]# showmount -e [enter]
Exports list on localhost:
/tmp                               192.168.1.0
[root@server /usr/home/user]#

After you have performed an update of file /etc/exports, re-read the exports settings with:

[root@server /usr/home/user]# service mountd reload [enter]
[root@server /usr/home/user]#

If your NFS exported directories will not be accessed locally (and Samba counts as local access), then you can enable NFSv4 delegations to improve performance. On a FreeBSD NFS server, they may be enabled globally for all exports by adding the following line to /etc/sysctl.conf with:

[root@server /usr/home/user]# echo 'vfs.nfsd.issue_delegations=1' >> /etc/sysctl.conf [enter]
[root@server /usr/home/user]#

packet filter (pf)

Access to the tftpd service must be enabled in the packet filter (pf) configuration file.

Start editing file /etc/pf.conf with:

[root@server /usr/home/user]# ee /etc/pf.conf [enter]

…and add port information to enable access to the NFS service from clients on the local network as in this example:

...
# Ports:
...
#  111 TCP UDP   Open Network Computing Remote Procedure Call (ONC RPC, sometimes referred to as Sun RPC)
...
# 2049 TCP UDP	Network File System (NFS)
...
tcp_pass="{ ... 111, ... 2049, ... }"
udp_pass="{ ... 111, ... 2049, ... }"
...

Check /etc/pf.conf for errors, but do not load ruleset with:

[root@server /usr/home/user]# pfctl -vvnf /etc/pf.conf [enter]

…and then reload /etc/pf.conf with:

[root@server /usr/home/user]# service pf reload  [enter]
Reloading pf rules.
[root@server /usr/home/user]#

GParted Live

GNOME Partition Editor for creating, reorganizing, and deleting disk partitions. It uses libparted from the parted project to detect and manipulate partition tables. Optional file system tools permit managing file systems not included in libparted.

GParted Live is a small bootable GNU/Linux distribution for x86 based computers.

It enables you to use all the features of the latest versions of the GParted application.

WWW: http://gparted.sourceforge.net/livecd.php/.

Files: https://sourceforge.net/projects/gparted/files/.

Requirements

GParted is a free partition manager that enables you to resize, copy, and move partitions without data loss.

amd64

The 64-bit version of GParted runs on x86-64 based computers, with the ability to access more than 4 gigabytes of memory, and supports the use of multiple processor cores.

For newer (>2010) computers with UEFI instead of legacy BIOS try this one.

Download gparted-live-0.28.1-1-amd64.zip, 271 MB, with:

[root@server /usr/home/user]# wget https://sourceforge.net/projects/gparted/files/gparted-live-stable/0.28.1-1/gparted-live-0.28.1-1-amd64.zip [enter]

Create direcory /tftpboot/f01/gparted with:

[root@server /usr/home/user]# mkdir -p /tftpboot/f01/gparted [enter]
[root@server /usr/home/user]#

Extract zip file gparted-live-0.28.1-1-amd64.zip into directory /tftpboot/f01/gparted/i686/ with:

[root@server /usr/home/user]# unzip gparted-live-0.28.1-1-amd64.zip live/* -d /tftpboot/f01/gparted/amd64 [enter]
Archive:  gparted-live-0.28.1-1-amd64.zip
 extracting: /tftpboot/f01/gparted/amd64/live/memtest  
 extracting: /tftpboot/f01/gparted/amd64/live/GParted-Live-Version  
 extracting: /tftpboot/f01/gparted/amd64/live/initrd.img  
 extracting: /tftpboot/f01/gparted/amd64/live/filesystem.packages-remove  
 extracting: /tftpboot/f01/gparted/amd64/live/filesystem.packages  
 extracting: /tftpboot/f01/gparted/amd64/live/vmlinuz  
 extracting: /tftpboot/f01/gparted/amd64/live/filesystem.squashfs
[root@server /usr/home/user]#

Delete downloaded zip files with:

[root@server /usr/home/user]# rm gparted-live-0.28.1-1-amd64.zip [enter]
[root@server /usr/home/user]#

The TFTP root directory permission plays an important role. Make sure that the permission and ownership are set correctly with:

[root@server /usr/home/user]# chown -R tftpd:nobody /tftpboot/f01/gparted [enter]
[root@server /usr/home/user]# chmod -R 755 /tftpboot/f01/gparted/amd64/live [enter]
[root@server /usr/home/user]#

Edit file /tftpboot/f01.cfg with:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg [enter]

…and add the following lines:

LABEL f1
MENU LABEL ^1)  GParted Live v. 0.28.1-1-amd64
MENU PASSWD
TEXT HELP
GParted is used for creating, reorganizing and deleting disk partitions.
The amd64 version runs on x86-64 based computers, with ability to access
more than 4 gigabytes of memory and supports use of multiple processor cores.
For newer (>2010) computers with UEFI instead of legacy BIOS 
ENDTEXT
KERNEL f01/gparted/amd64/live/vmlinuz
APPEND initrd=f01/gparted/amd64/live/initrd.img boot=live union=overlay username=tftpd config components quiet noswap edd=on nomodeset nodmraid noeject locales="en_US.UTF-8" keyboard-layouts="se" ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_batch=no vga=791 ip= net.ifnames=0 nosplash i915.blacklist=yes radeonhd.blacklist=yes nouveau.blacklist=yes vmwgfx.enable_fbdev=1 netboot=nfs nfsroot=$nfsserverIP:/tftpboot/f01/gparted/amd64/

N.B.: Replace $nfsserverIP with the IP address of your NFS server!

NFS Export Update

Edit file /etc/exports with:

[root@server /usr/home/user]# ee /etc/exports [enter]

…and add the following text:

V4: /
/tftpboot/f01/gparted/amd64 \
-maproot=root -network 192.168.1.0 -mask 255.255.255.0

Reload the NFS mount setup with:

[root@server /usr/home/user]# service mountd reload [enter]
[root@server /usr/home/user]#

Display the NFS mount setup with:

[root@server /usr/home/user]# showmount -e [enter]
Exports list on localhost:
/tftpboot/f01/gparted/amd64        192.168.1.0
[root@server /usr/home/user]#

i686 PAE (Physical Address Extension)

The 32-bit version of Gparted runs on x86 (i686 and higher) and x86-64 based computers, with Physical Address Extension to access more than 4 gigabytes of memory, and supports the use of multiple processor cores.

Download 0.28.1-1-i686-pae, 273 MB, with:

[root@server /usr/home/user]# wget https://sourceforge.net/projects/gparted/files/gparted-live-stable/0.28.1-1/gparted-live-0.28.1-1-i686-pae.zip [enter]

Extract zip file ~/gparted-live-0.28.1-1-i686-pae.zip into directory /tftpboot/f01/gparted/i686-pae/ with:

[root@server /usr/home/user]# unzip gparted-live-0.28.1-1-i686-pae.zip live/* -d /tftpboot/f01/gparted/i686-pae [enter]
Archive:  gparted-live-0.28.1-1-i686-pae.zip
 extracting: /tftpboot/f01/gparted/i686-pae/live/memtest  
 extracting: /tftpboot/f01/gparted/i686-pae/live/GParted-Live-Version  
 extracting: /tftpboot/f01/gparted/i686-pae/live/initrd.img  
 extracting: /tftpboot/f01/gparted/i686-pae/live/filesystem.packages-remove  
 extracting: /tftpboot/f01/gparted/i686-pae/live/filesystem.packages  
 extracting: /tftpboot/f01/gparted/i686-pae/live/vmlinuz  
 extracting: /tftpboot/f01/gparted/i686-pae/live/filesystem.squashfs
[root@server /usr/home/user]#

Delete downloaded zip files with:

[root@server /usr/home/user]# rm gparted-live-0.28.1-1-i686-pae.zip [enter]
[root@server /usr/home/user]#

The TFTP root directory permission plays an important role. Make sure that the permission and ownership are set correctly with:

[root@server /usr/home/user]# chown -R tftpd:nobody /tftpboot/f01/gparted [enter]
[root@server /usr/home/user]# chmod -R 755 /tftpboot/f01/gparted/i686-pae/live [enter]
[root@server /usr/home/user]#

Edit file /tftpboot/f01.cfg with:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg [enter]

…and add the following lines:

LABEL f2
MENU LABEL ^2)  GParted Live v. 0.28.1-1-i686-pae (Physical Address Extension)
MENU PASSWD
TEXT HELP
GParted is used for creating, reorganizing and deleting disk partitions.
The i686-pae version runs on x86 (i686 and higher) and x86-64 based computers, with
Physical Address Extension to access more than 4 gigabytes of memory, and supports
use of multiple processor cores.
ENDTEXT
KERNEL f01/gparted/i686-pae/live/vmlinuz
APPEND initrd=f01/gparted/i686-pae/live/initrd.img boot=live union=overlay username=tftpd config components quiet noswap edd=on nomodeset nodmraid noeject locales="en_US.UTF-8" keyboard-layouts="se" ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_batch=no vga=788 ip= net.ifnames=0 nosplash i915.blacklist=yes radeonhd.blacklist=yes nouveau.blacklist=yes vmwgfx.enable_fbdev=1 netboot=nfs nfsroot=$nfsserverIP:/tftpboot/f01/gparted/i686-pae/

N.B.: Replace $nfsserverIP with the IP address of your NFS server!

NFS Export Update

Edit file /etc/exports with:

[root@server /usr/home/user]# ee /etc/exports [enter]

…and add the following text:

V4: /
/tftpboot/f01/gparted/amd64 \
/tftpboot/f01/gparted/i686-pae \
-maproot=root -network 192.168.1.0 -mask 255.255.255.0

Reload the NFS mount setup with:

[root@server /usr/home/user]# service mountd reload [enter]
[root@server /usr/home/user]#

Display the NFS mount setup with:

[root@server /usr/home/user]# showmount -e [enter]
Exports list on localhost:
/tftpboot/f01/gparted/i686-pae     192.168.1.0
/tftpboot/f01/gparted/amd64        192.168.1.0
[root@server /usr/home/user]#

i686

32-bit version of GParted runs on x86 and x86-64 based computers, limited to physical address space of 4 gigabytes, and uses one processor only.

If in doubt, try this one first!

Download gparted-live-0.28.1-1-i686.zip, 272 MB, with:

[root@server /usr/home/user]# wget https://sourceforge.net/projects/gparted/files/gparted-live-stable/0.28.1-1/gparted-live-0.28.1-1-i686.zip [enter]

Extract zip file ~/gparted-live-0.28.1-1-i686.zip into directory /tftpboot/f01/gparted/i686/ with:

[root@server /usr/home/user]# unzip gparted-live-0.28.1-1-i686.zip live/* -d /tftpboot/f01/gparted/i686 [enter]
Archive:  gparted-live-0.28.1-1-i686.zip
 extracting: /tftpboot/f01/gparted/i686/live/memtest  
 extracting: /tftpboot/f01/gparted/i686/live/GParted-Live-Version  
 extracting: /tftpboot/f01/gparted/i686/live/initrd.img  
 extracting: /tftpboot/f01/gparted/i686/live/filesystem.packages-remove  
 extracting: /tftpboot/f01/gparted/i686/live/filesystem.packages  
 extracting: /tftpboot/f01/gparted/i686/live/vmlinuz  
 extracting: /tftpboot/f01/gparted/i686/live/filesystem.squashfs
[root@server /usr/home/user]#

Delete downloaded zip files with:

[root@server /usr/home/user]# rm gparted-live-0.28.1-1-i686.zip [enter]
[root@server /usr/home/user]#

The TFTP root directory permission plays an important role. Make sure that the permission and ownership are set correctly with:

[root@server /usr/home/user]# chown -R tftpd:nobody /tftpboot/f01/gparted [enter]
[root@server /usr/home/user]# chmod -R 755 /tftpboot/f01/gparted/i686/live [enter]
[root@server /usr/home/user]#

Edit file /tftpboot/f01.cfg with:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg [enter]

…and add the following lines:

LABEL f3
MENU LABEL ^3)  GParted Live v. 0.28.1-1-i686
MENU PASSWD
TEXT HELP
GParted is used for creating, reorganizing and deleting disk partitions.
The i686 version runs on x86 and x86-64 based computers, limited to physical
address space of 4 gigabytes, and uses one processor only.
-- If in doubt, try this one first! --
ENDTEXT
KERNEL f01/gparted/i686/live/vmlinuz
APPEND initrd=f01/gparted/i686/live/initrd.img boot=live union=overlay username=tftpd config components quiet noswap edd=on nomodeset nodmraid noeject locales="en_US.UTF-8" keyboard-layouts="se" ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_batch=no vga=788 ip= net.ifnames=0 nosplash i915.blacklist=yes radeonhd.blacklist=yes nouveau.blacklist=yes vmwgfx.enable_fbdev=1 netboot=nfs nfsroot=$nfsserverIP:/tftpboot/f01/gparted/i686/

N.B.: Replace $nfsserverIP with the IP address of your NFS server!

NFS Export Update

Edit file /etc/exports with:

[root@server /usr/home/user]# ee /etc/exports [enter]

…and add the following text:

V4: /
/tftpboot/f01/gparted/amd64 \
/tftpboot/f01/gparted/i686-pae \
/tftpboot/f01/gparted/i686 \
-maproot=root -network 192.168.1.0 -mask 255.255.255.0

Reload the NFS mount setup with:

[root@server /usr/home/user]# service mountd reload [enter]
[root@server /usr/home/user]#

Display the NFS mount setup with:

[root@server /usr/home/user]# showmount -e [enter]
Exports list on localhost:
/tftpboot/f01/gparted/i686-pae     192.168.1.0 
/tftpboot/f01/gparted/i686         192.168.1.0 
/tftpboot/f01/gparted/amd64        192.168.1.0
[root@server /usr/home/user]#

Clonezilla Live

You’re probably familiar with the popular proprietary commercial package Norton Ghost®. The problem with this kind of software packages is that it takes a lot of time to massively clone systems to many computers. You’ve probably also heard of Symantec’s solution to this problem, Symantec Ghost Corporate Edition® with multicasting. Well, now there is an OpenSource clone system (OCS) solution called Clonezilla with unicasting and multicasting!

Clonezilla, based on DRBL, Partclone and udpcast, allows you to do bare metal backup and recovery. Two types of Clonezilla are available, Clonezilla live and Clonezilla SE (server edition). Clonezilla live is suitable for single machine backup and restore. While Clonezilla SE is for massive deployment, it can clone many (40 plus!) computers simultaneously. Clonezilla saves and restores only used blocks in the harddisk. This increases the cloning efficiency. At the NCHC’s Classroom C, Clonezilla SE was used to clone 41 computers simultaneously. It took only about 10 minutes to clone a 5.6 GBytes system image to all 41 computers via multicasting!

WWW: http://clonezilla.org/.

Files: https://sourceforge.net/projects/clonezilla/files/.

amd64

Download Clonezilla Live Stable amd64, 187 MB, optimized for use on PCs with amd64 CPU computers with:

[root@server /usr/home/user]# wget https://sourceforge.net/projects/clonezilla/files/clonezilla_live_stable/2.5.0-25/clonezilla-live-2.5.0-25-amd64.zip [enter]

Create direcory /tftpboot/f01/clonezilla/amd64 with:

[root@server /usr/home/user]# mkdir -p /tftpboot/f01/clonezilla/amd64 [enter]
[root@server /usr/home/user]#

Extract zip file clonezilla-live-2.5.0-25-amd64.zip to /tftpboot/f01/clonezilla/amd64 with:

[root@srvgw ~]# unzip clonezilla-live-2.5.0-25-amd64.zip live/* -d /tftpboot/f01/clonezilla/amd64 [enter]
Archive:  /clonezilla-live-2.5.0-25-amd64.zip
 extracting: /tftpboot/f01/clonezilla/amd64/live/ipxe.efi  
 extracting: /tftpboot/f01/clonezilla/amd64/live/filesystem.packages-remove  
 extracting: /tftpboot/f01/clonezilla/amd64/live/vmlinuz  
 extracting: /tftpboot/f01/clonezilla/amd64/live/ipxe.lkn  
 extracting: /tftpboot/f01/clonezilla/amd64/live/initrd.img  
 extracting: /tftpboot/f01/clonezilla/amd64/live/freedos.img  
 extracting: /tftpboot/f01/clonezilla/amd64/live/filesystem.packages  
 extracting: /tftpboot/f01/clonezilla/amd64/live/memtest  
 extracting: /tftpboot/f01/clonezilla/amd64/live/Clonezilla-Live-Version  
 extracting: /tftpboot/f01/clonezilla/amd64/live/filesystem.squashfs
[root@server /usr/home/user]#

Delete downloaded .zip file with;

[root@server /usr/home/user]# rm clonezilla-live-2.5.0-25-amd64.zip [enter]
[root@server /usr/home/user]#

The TFTP root directory permission plays an important role. Make sure that the permission and ownership are set correctly with:

[root@server /usr/home/user]# chown -R tftpd:nobody /tftpboot/f01/clonezilla/amd64/live [enter]
[root@server /usr/home/user]# chmod -R 755 /tftpboot/f01/clonezilla/amd64/live [enter]
[root@server /usr/home/user]#

PXE Boot Sub-Menu

Edit file /tftpboot/f01.cfg with:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg

..and add the following text, example:

LABEL f4
MENU LABEL ^4)  CloneZilla v. 2.5.0-25 amd64
MENU PASSWD
TEXT HELP
Cloning of PC hard disks for backup or deploy a common setup on a number
of PCs using a Server.
The amd64 version runs on x86-64 based computers, with ability to access more
than 4 gigabytes of memory and supports use of multiple processor cores.
ENDTEXT
KERNEL f01/clonezilla/amd64/live/vmlinuz
APPEND initrd=f01/clonezilla/amd64/live/initrd.img boot=live toram union=overlay username=tftpd config components quiet noswap edd=on nomodeset nodmraid noeject locales="en_US.UTF-8" keyboard-layouts="se" ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_batch=no vga=791 ip= net.ifnames=0 nosplash i915.blacklist=yes radeonhd.blacklist=yes nouveau.blacklist=yes vmwgfx.enable_fbdev=1 netboot=nfs nfsroot=$nfsserverIP:/tftpboot/f01/clonezilla/amd64/

N.B.: Replace $nfsserverIP with the IP address of your NFS server!

NFS Export Update

Edit file /etc/exports with:

[root@server /usr/home/user]# ee /etc/exports [enter]

…and add the following text:

V4: /
...
/tftpboot/f01/clonezilla/amd64 \
-maproot=root -network 192.168.1.0 -mask 255.255.255.0

Reload the NFS mount setup with:

[root@server /usr/home/user]# service mountd reload [enter]
[root@server /usr/home/user]#

Display the NFS mount setup with:

[root@server /usr/home/user]# showmount -e [enter]
Exports list on localhost:
...
/tftpboot/f01/clonezilla/amd64     192.168.1.0
[root@server /usr/home/user]#

i686-PAE (Physical Address Extension)

Download Clonezilla Live Stable i686-pae, 188 MB, optimized for use on PCs with i686 CPU computers with:

[root@server /usr/home/user]# wget https://sourceforge.net/projects/clonezilla/files/clonezilla_live_stable/2.5.0-25/clonezilla-live-2.5.0-25-i686-pae.zip [enter]

Create directory /tftpboot/f01/clonezilla/i686-pae with:

[root@server /usr/home/user]# mkdir -p /tftpboot/f01/clonezilla/i686-pae [enter]
[root@server /usr/home/user]#

Extract zip file clonezilla-live-2.5.0-25-i686-pae.zip to /tftpboot/f01/clonezilla/i686-pae with:

[root@srvgw ~]# unzip clonezilla-live-2.5.0-25-i686-pae.zip live/* -d /tftpboot/f01/clonezilla/i686-pae [enter]
Archive:  /clonezilla-live-2.5.0-25-i686-pae.zip
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/ipxe.efi  
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/filesystem.packages-remov  |
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/vmlinuz  
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/ipxe.lkn  
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/initrd.img  
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/freedos.img  
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/filesystem.packages  
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/memtest  
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/Clonezilla-Live-Version  
 extracting: /tftpboot/f01/clonezilla/i686-pae/live/filesystem.squashfs
[root@server /usr/home/user]#

Delete downloaded .zip file with;

[root@server /usr/home/user]# rm clonezilla-live-2.5.0-25-i686-pae.zip [enter]
[root@server /usr/home/user]#

The TFTP root directory permission plays an important role. Make sure that the permission and ownership are set correctly with:

[root@server /usr/home/user]# chown -R tftpd:nobody /tftpboot/f01/clonezillai686-pae/live [enter]
[root@server /usr/home/user]# chmod -R 755 /tftpboot/f01/clonezilla/i686-pae/live [enter]
[root@server /usr/home/user]#

PXE Boot Sub-Menu

Edit file /tftpboot/f01.cfg with:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg [enter]

..and add the following text, example:

LABEL f5
MENU LABEL ^5)  CloneZilla v. 2.5.0-25 i686-pae (Physical Address Extension)
MENU PASSWD
TEXT HELP
Cloning of PC hard disks for backup or deploy a common setup on a number
of PCs using a Server.
The i686-pae version runs on x86 (i686 and higher) and x86-64 based computers, with
Physical Address Extension to access more than 4 gigabytes of memory, and supports
use of multiple processor cores.
ENDTEXT
KERNEL f01/clonezilla/i686-pae/live/vmlinuz
APPEND initrd=f01/clonezilla/i686-pae/live/initrd.img boot=live union=overlay username=tftpd config components quiet noswap edd=on nomodeset nodmraid noeject locales="en_US.UTF-8" keyboard-layouts="se" ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_batch=no vga=791 ip= net.ifnames=0 nosplash i915.blacklist=yes radeonhd.blacklist=yes nouveau.blacklist=yes vmwgfx.enable_fbdev=1 netboot=nfs nfsroot=$nfsserverIP:/tftpboot/f01/clonezilla/i686-pae/

N.B.: Replace $nfsserverIP with the IP address of your NFS server!

NFS Export Update

Edit file /etc/exports with:

[root@server /usr/home/user]# ee /etc/exports [enter]

…and add the following text:

V4: /
...
/tftpboot/f01/clonezilla/amd64 \
/tftpboot/f01/clonezilla/i686-pae \
-maproot=root -network 192.168.1.0 -mask 255.255.255.0

Reload the NFS mount setup with:

[root@server /usr/home/user]# service mountd reload [enter]
[root@server /usr/home/user]#

Display the NFS mount setup with:

[root@server /usr/home/user]# showmount -e [enter]
Exports list on localhost:
...
/tftpboot/f01/clonezilla/i686-pae  192.168.1.0
/tftpboot/f01/clonezilla/amd64     192.168.1.0
[root@server /usr/home/user]#

i686

Download Clonezilla Live Stable i686, 188 MB, optimized for use on PCs with i686 CPU computers with:

[root@server /usr/home/user]# wget https://sourceforge.net/projects/clonezilla/files/clonezilla_live_stable/2.5.0-25/clonezilla-live-2.5.0-25-i686.zip [enter]

Create directory /tftpboot/f01/clonezilla/i686 with:

[root@server /usr/home/user]# mkdir -p /tftpboot/f01/clonezilla/i686 [enter]
[root@server /usr/home/user]#

Extract zip file clonezilla-live-2.5.0-25-i686.zip to /tftpboot/f01/clonezilla/i686 with:

[root@srvgw ~]# unzip clonezilla-live-2.5.0-25-i686.zip live/* -d /tftpboot/f01/clonezilla/i686 [enter]
Archive:  /clonezilla-live-2.5.0-25-i686.zip
 extracting: /tftpboot/f01/clonezilla/i686/live/ipxe.efi  
 extracting: /tftpboot/f01/clonezilla/i686/live/filesystem.packages-remove  
 extracting: /tftpboot/f01/clonezilla/i686/live/vmlinuz  
 extracting: /tftpboot/f01/clonezilla/i686/live/ipxe.lkn  
 extracting: /tftpboot/f01/clonezilla/i686/live/initrd.img  
 extracting: /tftpboot/f01/clonezilla/i686/live/freedos.img  
 extracting: /tftpboot/f01/clonezilla/i686/live/filesystem.packages  
 extracting: /tftpboot/f01/clonezilla/i686/live/memtest  
 extracting: /tftpboot/f01/clonezilla/i686/live/Clonezilla-Live-Version  
 extracting: /tftpboot/f01/clonezilla/i686/live/filesystem.squashfs
[root@server /usr/home/user]#

Delete downloaded .zip file with;

[root@server /usr/home/user]# rm clonezilla-live-2.5.0-25-i686.zip [enter]
[root@server /usr/home/user]#

The TFTP root directory permission plays an important role. Make sure that the permission and ownership are set correctly with:

[root@server /usr/home/user]# chown -R tftpd:nobody /tftpboot/f01/clonezilla/i686/live [enter]
[root@server /usr/home/user]# chmod -R 755 /tftpboot/f01/clonezilla/i686/live [enter]
[root@server /usr/home/user]#

PXE Boot Sub-Menu

Edit file /tftpboot/f01.cfg with:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg [enter]

..and add the following text, example:

LABEL f6
MENU LABEL ^6)  CloneZilla v. 2.5.0-25 i686
MENU PASSWD
TEXT HELP
Cloning of PC hard disks for backup or deploy a common setup on a number
of PCs using a Server.
The i686 version runs on x86 and x86-64 based computers, limited to physical
address space of 4 gigabytes, and uses one processor only.
-- If in doubt, try this one first! --
ENDTEXT
KERNEL f01/clonezilla/i686/live/vmlinuz
APPEND initrd=f01/clonezilla/i686/live/initrd.img boot=live union=overlay username=tftpd config components quiet noswap edd=on nomodeset nodmraid noeject locales="en_US.UTF-8" keyboard-layouts="se" ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_batch=no vga=791 ip= net.ifnames=0 nosplash i915.blacklist=yes radeonhd.blacklist=yes nouveau.blacklist=yes vmwgfx.enable_fbdev=1 netboot=nfs nfsroot=$nfsserverIP:/tftpboot/f01/clonezilla/i686/

N.B.: Replace $nfsserverIP with the IP address of your NFS server!

NFS Export Update

Edit file /etc/exports with:

[root@server /usr/home/user]# ee /etc/exports [enter]

…and add the following text:

V4: /
...
/tftpboot/f01/clonezilla/amd64 \
/tftpboot/f01/clonezilla/i686-pae \
/tftpboot/f01/clonezilla/i686 \
-maproot=root -network 192.168.1.0 -mask 255.255.255.0

Reload the NFS mount setup with:

[root@server /usr/home/user]# service mountd reload [enter]
[root@server /usr/home/user]#

Display the NFS mount setup with:

[root@server /usr/home/user]# showmount -e [enter]
Exports list on localhost:
...
/tftpboot/f01/clonezilla/i686-pae  192.168.1.0
/tftpboot/f01/clonezilla/i686      192.168.1.0
/tftpboot/f01/clonezilla/amd64     192.168.1.0
[root@server /usr/home/user]#

G4L

G4L is a hard disk and partition imaging and cloning tool. The created images are optionally compressed and transferred to an FTP server or cloned locally. CIFS(Windows), SSHFS and NFS support included, and udpcast and fsarchiver options.

WWW: https://sourceforge.net/projects/g4l/.

Download

Download ISO CD-ROM Image g4l-v0.52.iso, 99 MB, with:

[root@server /usr/home/user]# wget https://sourceforge.net/projects/g4l/files/g4l%20ISO%20images/g4l-v0.52.iso -P /tftpboot/f01/ [enter]

Change file mode with:

[root@server /usr/home/user]# chmod 755 /tftpboot/f01/g4l-v0.52.iso [enter]
[root@server /usr/home/user]#

PXE Boot Sub-Menu

The PXE Boot Sub-Menu for PXE Boot for G4L is defined in file /tftpboot/f01.cfg.

Edit this file with:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg [enter]

..and add the following text, example:

LABEL f7
MENU LABEL ^7)  G4L v. 0.52
TEXT HELP
G4L is a hard disk and partition imaging and cloning tool.
The created images are optionally compressed and transferred
to an FTP server or cloned locally.
ENDTEXT
KERNEL memdisk
APPEND initrd=f01/g4l-v0.52.iso iso raw

G4U (“ghosting for unix”)

G4U is a hard disk and partition imaging and cloning tool. The created images are optionally compressed and transferred to an FTP server or cloned locally. CIFS(Windows), SSHFS and NFS support included, and udpcast and fsarchiver options.

WWW: http://fehu.org/~feyrer/g4u/.

Download

Download ISO CD-ROM Image g4u-2.5.iso, 4.9 MB, with:

[root@server /usr/home/user]# wget http://fehu.org/~feyrer/g4u/g4u-2.5.iso -P /tftpboot/f01/ [enter]

[root@server /usr/home/user]# chmod 755 /tftpboot/f01/g4u-2.5.iso [enter]
[root@server /usr/home/user]#

PXE Boot Sub-Menu

The PXE Boot Sub-Menu for PXE Boot for G4U is defined in file /tftpboot/f01.cfg.

Edit this file with:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg [enter]

..and add the following text, example:

LABEL f8
MENU LABEL ^8)  G4U v. 2.5
TEXT HELP
G4U is a NetBSD-based bootfloppy/CD-ROM that allows easy cloning of
PC harddisks to deploy a common setup on a number of PCs using FTP. 
ENDTEXT
KERNEL memdisk
APPEND initrd=f01/g4u-2.5.iso iso raw

SystemRescueCd 32bit and 64bit kernel

SystemRescueCd is a Linux system rescue disk available as a bootable CD-ROM or USB stick for administrating or repairing your system and data after a crash. It aims to provide an easy way to carry out admin tasks on your computer, such as creating and editing the hard disk partitions. It comes with a lot of Linux software such as system tools (parted, partimage, fstools, …) and basic tools (editors, midnight commander, network tools). It requires no installation. It can be used on Linux servers, Linux desktops or windows boxes. The kernel supports the important file systems (ext2/ext3/ext4, reiserfs, reiser4, btrfs, xfs, jfs, vfat, ntfs, iso9660), as well as network filesystems (samba and nfs).

WWW: http://www.sysresccd.org/.

Files: https://sourceforge.net/projects/systemrescuecd/files/.

Download and Install

Download systemrescuecd-x86-4.9.3.iso, 492 MB, with:

[root@server /usr/home/user]# wget https://sourceforge.net/projects/systemrescuecd/files/sysresccd-x86/4.9.3/systemrescuecd-x86-4.9.3.iso [enter]

Create a memory disk out of the cd9660 image file systemrescuecd-x86-4.9.3.iso, using the first available md(4) device, with:

[root@server /usr/home/user]# mdconfig -a -t vnode -f systemrescuecd-x86-4.9.0.iso [enter]
md0
[root@server /usr/home/user]#

…and then mount it with:

[root@server /usr/home/user]# mount -t cd9660 /dev/md0 /mnt [enter]
[root@server /usr/home/user]#

Create a new directory for the content of the iso image, using this command:

[root@server /usr/home/user]# mkdir -p /tftpboot/f01/rescuecd [enter]
[root@server /usr/home/user]#

Copy the content of the iso file to the new directories, using this commands:

[root@server /usr/home/user]# rsync -e ssh -avz --delete /mnt/ /tftpboot/f01/rescuecd/ [enter]
sending incremental file list
./
readme.txt
...
usb_inst/xorriso

sent 504,580,569 bytes  received 6,810 bytes  32,554,024.45 bytes/sec
total size is 514,891,736  speedup is 1.02
[root@server /usr/home/user]#

Unmount the iso image, using this command:

[root@server /usr/home/user]# umount /mnt [enter]
[root@server /usr/home/user]#

List configured and enabled memory disks on your system, using this command:

[root@server /usr/home/user]# mdconfig -lv [enter]
md0	vnode	  492M	/usr/home/user/systemrescuecd-x86-4.9.3.iso
[root@server /usr/home/user]#

Delete memory disk – in this example md0– with this command:

[root@server /usr/home/user]# mdconfig -d -u 0 [enter]
[root@server /usr/home/user]#

Delete the SystemRescueCd iso image with:

[root@server /usr/home/user]# rm systemrescuecd-x86-4.9.3.iso [enter]
[root@server /usr/home/user]#

Edit file ‘/tftpboot/f01.cfg’ and add the following lines:

[root@server /usr/home/user]# ee /tftpboot/f01.cfg [enter]

LABEL f9
MENU LABEL ^9)  SystemRescueCd 64bit kernel v. 4.9.3
MENU PASSWD
TEXT HELP
SystemRescueCd is a Linux system rescue disk available for administrating or
repairing your system and data after a crash.
ENDTEXT
KERNEL f01/rescuecd/isolinux/rescue64
APPEND setkmap=se initrd=f01/rescuecd/isolinux/initram.igz dodhcp dostartx netboot=nfs://$nfsserverIP:/tftpboot/f01/rescuecd
LABEL f0
MENU LABEL ^0)  SystemRescueCd 32bit kernel v. 4.9.3
MENU PASSWD
TEXT HELP
SystemRescueCd is a Linux system rescue disk available for administrating or
repairing your system and data after a crash.
ENDTEXT
KERNEL f01/rescuecd/isolinux/rescue32
APPEND setkmap=se initrd=f01/rescuecd/isolinux/initram.igz dodhcp dostartx netboot=nfs://$nfsserverIP:/tftpboot/f01/rescuecd
LABEL f9
MENU LABEL ^9)  Hardware Detection Tool v. 0.5.0
MENU PASSWD
TEXT HELP
Reports S.M.A.R.T. data, firmware errorlog, runs firmware tests, scans surface
reporting access times per sector and much more.
ENDTEXT
KERNEL memdisk
APPEND initrd=f01/rescuecd/bootdisk/hdt.img

N.B.: Replace $nfsserverIP with the IP address of your NFS server!

NFS Export Update

Edit file /etc/exports with:

[root@server /usr/home/user]# ee /etc/exports [enter]

…and add the following text:

V4: /
...
/tftpboot/f01/rescuecd \
-maproot=root -network 192.168.1.0 -mask 255.255.255.0

Reload the NFS mount setup with:

[root@server /usr/home/user]# service mountd reload [enter]
[root@server /usr/home/user]#

Display the NFS mount setup with:

[root@server /usr/home/user]# showmount -e [enter]
Exports list on localhost:
...
/tftpboot/f01/rescuecd             192.168.1.0
[root@server /usr/home/user]#

PXE Boot Menu with Sub-menus

By Sture | 2017-03-05 | Comments 0 Comment

Last Updated on 2017-03-25 by Sture

Description

A simple GUI menu system with sub-menus is used for selecting between different tasks.

WWW: http://syslinux.zytor.com/wiki/index.php/Menu.

Files: https://www.kernel.org/pub/linux/utils/boot/syslinux/.

Syslinux 5 Changelog:http://www.syslinux.org/wiki/index.php/Syslinux_6_Changelog#Changes_in_6.03/Menu.

Requirements

The following application(s) must be installed, configured and running before tftp-hpa is installed:

isc-dhcp – ISC Dynamic Host Configuration Protocol server
tftp-hpa – BSD derived TFTP Server

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]

N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!

[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Download

Download file syslinux-6.03.tar.xz, about 6.5M, with;;

[root@server /usr/home/user]# wget https://www.kernel.org/pub/linux/utils/boot/syslinux/syslinux-6.03.tar.xz --no-check-certificate [enter]
--2017-03-02 17:46:01--  https://www.kernel.org/pub/linux/utils/boot/syslinux/syslinux-6.03.tar.xz
Resolving www.kernel.org (www.kernel.org)... 199.204.44.194, 149.20.4.69, 198.145.20.140, ...
Connecting to www.kernel.org (www.kernel.org)|199.204.44.194|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6855224 (6,5M) [application/x-xz]
Saving to: ‘syslinux-6.03.tar.xz’

syslinux-6.03.tar.xz                         100%[============================================================================================>]   6,54M   765KB/s    in 9,8s    

2017-03-02 17:46:12 (683 KB/s) - ‘syslinux-6.03.tar.xz’ saved [6855224/6855224]
[root@server /usr/home/user]#

Wait for download to be completed and than extract ~/syslinux-6.03.tar.xz with:

[root@server /usr/home/user]# tar -xf syslinux-6.03.tar.xz [enter]
[root@server /usr/home/user]#

Installation

For the lwIP embedded TCP/IP network stack copy file syslinux-6.03/bios/core/pxelinux.0 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/core/pxelinux.0 /tftpboot/ [enter]
[root@server /usr/home/user]#

For the new lwIP embedded TCP/IP network stack copy file ~/syslinux-6.03/bios/core/lpxelinux.0 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/core/lpxelinux.0 /tftpboot/ [enter]
[root@server /usr/home/user]#

For the legacy TCP/IP network stack copy file syslinux-6.03/bios/gpxe/gpxelinux.0 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/gpxe/gpxelinux.0 /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/bios/com32/lib/libcom32.c32 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/com32/lib/libcom32.c32 /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/bios/com32/libutil/libutil.c32 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/com32/libutil/libutil.c32 /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/bios/com32/menu/menu.c32 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/com32/menu/menu.c32 /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/bios/com32/menu/vesamenu.c32 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/com32/menu/vesamenu.c32 /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/bios/com32/modules/linux.c32 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/com32/modules/linux.c32 /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/bios/com32/elflink/ldlinux/ldlinux.c32 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/com32/elflink/ldlinux/ldlinux.c32 /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/bios/com32/modules/reboot.c32 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/com32/modules/reboot.c32 /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/bios/com32/chain/chain.c32 to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/com32/chain/chain.c32 /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/sample/syslinux_splash.jpg to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/sample/syslinux_splash.jpg /tftpboot/ [enter]
[root@server /usr/home/user]#

Copy file ~/syslinux-6.03/bios/memdisk/memdisk to /tftpboot/ with:

[root@server /usr/home/user]# cp syslinux-6.03/bios/memdisk/memdisk /tftpboot/ [enter]
[root@server /usr/home/user]#

Display files in directory /tftpboot with:

[root@server /usr/home/user]# ls -l /tftpboot/ [enter]
total 1343
-rwxr-xr-x  1 root  wheel   24560 Mar  2 18:48 chain.c32
-rw-r--r--  1 root  wheel  111334 Mar  2 18:44 gpxelinux.0
drwxr-xr-x  2 root  wheel       2 Mar  2 11:37 images
-rwxr-xr-x  1 root  wheel  122308 Mar  2 18:48 ldlinux.c32
-rwxr-xr-x  1 root  wheel  186500 Mar  2 18:44 libcom32.c32
-rwxr-xr-x  1 root  wheel   24148 Mar  2 18:44 libutil.c32
-rwxr-xr-x  1 root  wheel    4660 Mar  2 18:44 linux.c32
-rw-r--r--  1 root  wheel   91550 Mar  2 18:43 lpxelinux.0
-rw-r--r--  1 root  wheel   26140 Mar  2 18:49 memdisk
-rwxr-xr-x  1 root  wheel   26596 Mar  2 18:44 menu.c32
-rw-r--r--  1 root  wheel   46909 Mar  2 18:41 pxelinux.0
drwxr-xr-x  2 root  wheel       2 Mar  2 11:37 pxelinux.cfg
-rwxr-xr-x  1 root  wheel    1376 Mar  2 18:48 reboot.c32
-rw-r--r--  1 root  wheel   56299 Mar  2 18:49 syslinux_splash.jpg
-rwxr-xr-x  1 root  wheel   27104 Mar  2 18:44 vesamenu.c32
[root@server /usr/home/user]#

Delete the extracted folder and the downloaded .xz file with;

[root@server /usr/home/user]# rm -R syslinux-6.03; rm syslinux-6.03.tar.xz [enter]
[root@server /usr/home/user]#

Configuration

Critical Tasks Password

openssl passwd command can be used to compute the MD5-based hash of password used in the PXE Boot Menus.

[root@server /usr/home/user]# openssl passwd -1 passwd
$1$./xB0ZYM$EaUHney4jC51AtxBjdln2/
[root@server /usr/home/user]#

PXE Boot Main Menu

The PXE Boot Main Menu is defined in file /tftpboot/pxelinux.cfg/default.

Create this file with:

[root@server /usr/home/user]# ee /tftpboot/pxelinux.cfg/default

…and add the following text:

DEFAULT vesamenu.c32
PROMT 0
NOESCAPE 1
TIMEOUT 300
TOTALTIMEOUT 450

MENU WIDTH 78
MENU MARGIN 1
MENU ROWS 20
MENU TIMEOUTROW 25
MENU HELPMSGROW 26

MENU BACKGROUND syslinux_splash.jpg

MENU MASTER PASSWD $1$./xB0ZYM$EaUHney4jC51AtxBjdln2/
MENU PASSPROMT Enter Password

MENU TITLE PXE Boot Main Menu - server.example.net

MENU COLOR BORDER 0 #ffffffff #ee000000 std
MENU COLOR TITLE 0 #ffffffff #ee000000 std
MENU COLOR SEL 0 #ff00ff00 #ff000000 std
MENU COLOR UNSEL 0 #ffffffff #ee000000 std
MENU COLOR PWDHEADER 0 #ff000000 #99ffffff rev
MENU COLOR PWDBORDER 0 #ff000000 #99ffffff rev
MENU COLOR PWDENTRY 0 #ff000000 #99ffffff rev
MENU COLOR HOTKEY 0 #ff00ff00 #ee000000 std
MENU COLOR HOTSEL 0 #ffffffff #85000000 std

LABEL blank
MENU LABEL

LABEL hd
MENU LABEL ^H)  Boot to Local Hard Disk
LOCALBOOT 0x80

LABEL floppy
MENU LABEL ^F)  Boot to Local Floppy Disk
LOCALBOOT 0x00

LABEL cr
MENU LABEL ^R)  Coold Reboot
COM32 reboot.c32

LABEL wr
MENU LABEL ^W)  Warm Reboot
COM32 reboot.c32
APPEND -w

LABEL next
MENU LABEL ^N)  Skip PXE Boot (Boot Next Device)
MENU DEFAULT
LOCALBOOT -1

N.B.: Remember to change MENU MASTER PASSWD and MENU TITLE PXE!

PXE Boot Sub-Menus – Top Part

PXE Boot Sub-Menus top part is defined in file tftpboot/top.cfg:

Create this file with:

[root@server /usr/home/user]# ee /tftpboot/top.cfg

…and add the following text:

DEFAULT vesamenu.c32
PROMT 0
NOESCAPE 1
TIMEOUT 300
TOTALTIMEOUT 450

MENU WIDTH 78
MENU MARGIN 1
MENU ROWS 20
MENU TIMEOUTROW 25
MENU HELPMSGROW 26

MENU BACKGROUND syslinux_splash.jpg

MENU MASTER PASSWD $1$./xB0ZYM$EaUHney4jC51AtxBjdln2/
MENU PASSPROMT Enter Password

MENU COLOR BORDER 0 #ffffffff #ee000000 std
MENU COLOR TITLE 0 #ffffffff #ee000000 std
MENU COLOR SEL 0 #ff00ff00 #ff000000 std
MENU COLOR UNSEL 0 #ffffffff #ee000000 std
MENU COLOR PWDHEADER 0 #ff000000 #99ffffff rev
MENU COLOR PWDBORDER 0 #ff000000 #99ffffff rev
MENU COLOR PWDENTRY 0 #ff000000 #99ffffff rev
MENU COLOR HOTKEY 0 #ff00ff00 #ee000000 std
MENU COLOR HOTSEL 0 #ffffffff #85000000 std

N.B.: Remember to change MENU MASTER PASSWD!

PXE Boot Sub-Menus – Bottom Part

PXE Boot Sub-Menus bottom part is defined in file tftpboot/bottom.cfg:

Create this file with:

[root@server /usr/home/user]# ee /tftpboot/bottom.cfg

…and add the following text:

LABEL blank
MENU LABEL

LABEL hd
MENU LABEL ^H)  Boot to Local Hard Disk
localboot 0x80

LABEL floppy
MENU LABEL ^F)  Boot to Local Floppy Disk
localboot 0x00

LABEL cr
MENU LABEL ^R)  Coold Reboot
COM32 reboot.c32

LABEL wr
MENU LABEL ^W)  Warm Reboot
COM32 reboot.c32
APPEND -w

LABEL  return
MENU LABEL ^R)  Return to PXE Boot Main Menu
MENU DEFAULT
KERNEL vesamenu.c32
APPEND ~

Change file modes

Change file modes for all files in directory /tftpboot with:

[root@server ~]# chmod -R 755 /tftpboot [enter]
[root@server /usr/home/user]#

The sub-menus in this example will be named tftpboot/f01.cfg, tftpboot/f02.cfg,… and any files used in the sub-menus will be stored in directory named tftpboot/f01, tftpboot/f02, …

tftp-hpa – BSD derived TFTP Server

By Sture | 2017-03-02 | Comments 2 comments

Last Updated on 2019-02-22 by Sture

Description

tftp-hpa is portable, BSD derived tftp server. It supports advanced options such as blksize, blksize2, tsize, timeout, and utimeout. It also supported rule-based security options.

Requirements

The following application(s) must be installed, configured and running before tftp-hpa is installed:

None

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]

N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!

[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Installation

Search for tftp in the remote package repositories with:

[root@server /usr/home/user]# pkg search tftp  [enter]
atftp-0.7_3                    Advanced tftp server and client
nagios-check_tftp-1.0.1        Nagios plugin to check tftp servers
p5-TFTP-1.0                    TFTP client in Perl as described in RFC783
py27-tftpy-0.6.2               Pure Python TFTP Implementation
tftp-hpa-5.2                   Advanced tftp server
tftpgrab-0.2                   TFTP stream extractor
utftpd-0.2.4_2                 secure tftpd server with fine grained access and revision control
[root@server /usr/home/user]##

In this example, tftp-hpa will be installed.

Install port tftp-hpa with;

[root@server /usr/home/user]# pkg install tftp-hpa [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	tftp-hpa: 5.2

Number of packages to be installed: 1

38 KiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
Fetching tftp-hpa-5.2.txz: 100%   38 KiB  39.3kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/1] Installing tftp-hpa-5.2...
[1/1] Extracting tftp-hpa-5.2: 100%
[root@server /usr/home/user]#

Configuration

packet filter (pf)

Access to the tftpd service must be enabled in the packet filter (pf) configuration file.

Start editing file /etc/pf.conf with:

[root@server /usr/home/user]# ee /etc/pf.conf [enter]

…and add port information to enable access to the TFTP service from clients on the local network as in this example:

...
# Ports:
#  53 TCP UDP   Domain Name System (DNS)
#  67 TCP UDP	Bootstrap Protocol (BOOTP) server
#  69 TCP UDP   Trivial File Transfer Protocol (TFTP)
# 123 TCP       Network Time Protocol
...
tcp_pass="{ 53,  67, 69, 123 }"
udp_pass="{ 53,  67, 69, }"
...
# Pass specified tcp traffic in to this server from LAN clients
pass in on $lan_if proto tcp from $lan_if:network to $lan_if port $tcp_pass

# Pass specified udp  traffic in to this server from LAN clients
pass in on $lan_if proto udp from $lan_if:network to $lan_if port $udp_pass

# Pass SSH traffic from LAN clients (for Admin)
pass in on $lan_if proto tcp from $lan_if:network to $lan_if port ssh
...

Check /etc/pf.conf for errors, but do not load ruleset with:

[root@server /usr/home/user]# pfctl -vvnf /etc/pf.conf [enter]

…and then reload /etc/pf.conf with:

[root@server /usr/home/user]# service pf reload [enter]
Reloading pf rules.
[root@server /usr/home/user]#

/tftpboot Directory

List current ZFS pool information with:

[root@server /usr/home/user]# zpool list [enter]
NAME    SIZE  ALLOC   FREE  EXPANDSZ   FRAG    CAP  DEDUP  HEALTH  ALTROOT
zroot  5,44T   254G  5,19T         -     2%     4%  1.00x  ONLINE  -
[root@server /usr/home/user]#

In this example, zroot pool was found.

Creates a dataset where the tftpboot files will be stored with:

[root@server /usr/home/user]# zfs create -o compression=lz4 -o mountpoint=/tftpboot zroot/tftpboot [enter]
[root@server /usr/home/user]#

[root@server /usr/home/user]# chown tftpd:tftpd /tftpboot [enter]
[root@server /usr/home/user]#

[root@server /usr/home/user]# chmod u=rwx,g=rx,o= /tftpboot [enter]
[root@server /usr/home/user]#

tftpd User

Create a separate user tftpd with group tftpd, no login shell and the home directory set to /nonexistent for running tftpd with:

Add a separate user group tftpd for running the tftpd service with:

[root@server /usr/home/user]# pw groupadd tftpd  [enter]
[root@server /usr/home/user]#

Add a separate user tftpd in group tftpd, no login shell and the home directory set to /nonexistent for running the tftpd service with:

[root@server /usr/home/user]# pw useradd tftpd -c tftp_manager -d /nonexistent -g tftpd -s /usr/sbin/nologin [enter]
[root@server /usr/home/user]#

[root@server /usr/home/user]# vipw [enter]
...
tftpd:*:4004:4003::0:0:tftp_manager:/nonexistent:/usr/sbin/nologin
...
[root@server /usr/home/user]#

Enable tftpd Service

List installed tftpd services with:

[root@server /usr/home/user]# service -r | grep tftpd [enter]
/usr/local/etc/rc.d/tftpd
[root@server /usr/home/user]#

Find the rcvar for /etc/rc.conf with:

[root@server /usr/home/user]# /usr/local/etc/rc.d/tftpd rcvar [enter]
# tftpd
#
tftpd_enable="NO"
#   (default: "")

[root@server /usr/home/user]#

To start tftpd at system boot, add information to /etc/rc.conf with this commands:

[root@server /usr/home/user]# echo '' >> /etc/rc.conf; echo '# tftpd-hpa' >> /etc/rc.conf; echo 'tftpd_enable="YES"' >> /etc/rc.conf; echo 'tftpd_flags="--ipv4 --secure --create --user tftpd --umask 027 --permissive --address 0.0.0.0:69 /tftpboot"' >> /etc/rc.conf [enter]
[root@server /usr/home/user]#

Optional: Add –blocksize 1468 to the tftpd_flags may improve the performance on some systems.

Display full list of tftpd options with:

[root@server /usr/home/user]# man in.tftpd [enter]

Start

Manually start tftpd with:

[root@server /usr/home/user]# service tftpd start [enter]
Starting tftpd.
[root@server /usr/home/user]#

Verify and Test

Check whether the tftpd service daemon is running:

[root@server /usr/home/user]# ps -x | grep tftp | grep -v grep [enter]
 2970  -  Is       0:00,00 /usr/local/libexec/in.tftpd --ipv4 --secure --create --user tftpd --umask 027 --permissive --address 0.0.0.0:69 /tftpboot -P /var/run/tftpd.pid -l
[root@server /usr/home/user]#

You should now have an operational TFTP server. Since your FreeBSD system also has a TFTP client, you can test that the server is running.

First, tftp to the address of your TFTP server as a regular user. Here, we will use the tftp client from the same computer, that is the TFTP server.

Connect to the TFTP service on the local host with:

[root@server /usr/home/user]# tftp localhost [enter]

If the server responds, your prompt will change to:

tftp>

If you type ?, you’ll get a list of command that the tftp client supports:

tftp> ? [enter]
Commands may be abbreviated.  Commands are:

connect 	connect to remote tftp
mode    	set file transfer mode
put     	send file
get     	receive file
quit    	exit tftp
verbose 	toggle verbose mode
status  	show current status
binary  	set mode to octet
ascii   	set mode to netascii
rexmt   	set per-packet retransmission timeout[-]
timeout 	set total retransmission timeout
trace   	enable 'debug packet'[-]
debug   	enable verbose output
blocksize	set blocksize[*]
blocksize2	set blocksize as a power of 2[**]
rollover	rollover after 64K packets[**]
options 	enable or disable RFC2347 style options
help    	print help information
packetdrop	artificial packetloss feature
?       	print help information

[-] : You shouldn't use these ones anymore.
[*] : RFC2347 options support required.
[**] : Non-standard RFC2347 option.
tftp>

Exit the tftp client with:

tftp> q [enter]
[root@server /usr/home/user]#

arp-scan ARP scanning and fingerprinting tool

By Sture | 2017-03-02 | Comments 0 Comment

Last Updated on 2017-03-02 by Sture

Description

arp-scan is a command-line tool that uses the ARP protocol to discover and fingerprint IP hosts on the local network. It is available for Linux and BSD under the GPL licence.

WWW: http://www.isc.org/products/DHCP/.

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]

N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!

[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Installation

Search for isc-dhcp in the remote package repositories with:

[root@server /usr/home/user]# pkg search arp-scan [enter]
arp-scan-1.9                   ARP scanning and fingerprinting tool
[root@server /usr/home/user]#

In this example arp-scan will be installed.

Install arp-scan with;

[root@server /usr/home/user]# pkg install arp-scan [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	arp-scan: 1.9

Number of packages to be installed: 1

252 KiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
Fetching arp-scan-1.9.txz: 100%  252 KiB 258.2kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/1] Installing arp-scan-1.9...
[1/1] Extracting arp-scan-1.9: 100%
[root@server /usr/home/user]#

Configuration

No configuration needed!n

How to Use

Display up Network Interface Cards with:

[root@server /usr/home/user]# ifconfig -u [enter]
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
	ether 84:2b:2b:bf:b4:bf
	inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255 
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 
	inet 127.0.0.1 netmask 0xff000000 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: lo 
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
	groups: pflog
[root@server /usr/home/user]#

In this example Network Interface Card em0 was found.

Scan local network and list all devices found:

[root@server /usr/home/user]# arp-scan --interface=em0 --localnet [enter]
Interface: em0, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.9 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.1.1	50:c7:bf:01:cc:0f	(Unknown)
192.168.1.7	00:1b:21:a4:4e:cc	Intel Corporate
192.168.1.9	a4:5d:36:5d:30:e9	Hewlett Packard
192.168.1.10	00:08:9b:f8:db:03	ICP Electronics Inc.
192.168.1.11	00:11:32:0f:42:ec	Synology Incorporated
192.168.1.20	00:23:df:fd:6f:18	Apple, Inc
192.168.1.22	1c:1b:0d:66:e3:f0	(Unknown)
192.168.1.113	9c:20:7b:9a:d1:53	Apple Inc
192.168.1.210	00:04:a3:91:58:d1	Microchip Technology, Inc.
192.168.1.211	00:1d:ec:0a:e2:8b	Marusys
192.168.1.114	68:5b:36:00:8a:bd	POWERTECH INDUSTRIAL CO., LTD.
192.168.1.115	68:5b:36:00:81:0a	POWERTECH INDUSTRIAL CO., LTD.
192.168.1.132	60:c5:47:54:81:07	Apple, Inc.
192.168.1.201	d4:9a:20:5a:e8:0e	Apple, Inc
192.168.1.209	c8:69:cd:6e:26:30	(Unknown)
192.168.1.206	d0:ae:ec:4e:2e:67	Alpha Networks Inc.
192.168.1.205	68:5b:36:00:88:5b	POWERTECH INDUSTRIAL CO., LTD.

556 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.9: 256 hosts scanned in 2.201 seconds (116.31 hosts/sec). 17 responded
[root@server /usr/home/user]#

isc-dhcp – ISC Dynamic Host Configuration Protocol server

By Sture | 2017-03-02 | Comments 0 Comment

Last Updated on 2017-07-02 by Sture

Description

ISC’s Dynamic Host Configuration Protocol Distribution provides a freely redistributable reference implementation of all aspects of DHCP, through a suite of DHCP tools

A DHCP server (this port)
A DHCP client
A DHCP relay agent

WWW: http://www.isc.org/products/DHCP/.

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]

N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!

[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Installation

Search for isc-dhcp in the remote package repositories with:

[root@server /usr/home/user]# pkg search isc-dhcp [enter]
isc-dhcp43-client-4.3.5        The ISC Dynamic Host Configuration Protocol client
isc-dhcp43-relay-4.3.5         The ISC Dynamic Host Configuration Protocol relay
isc-dhcp43-server-4.3.5        ISC Dynamic Host Configuration Protocol server
[root@server /usr/home/user]#

In this example, sc-dhcp43-server will be installed.

Install isc-dhcp43-server with;

[root@server /usr/home/user]# pkg install isc-dhcp43-server [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	isc-dhcp43-server: 4.3.5

Number of packages to be installed: 1

The process will require 4 MiB more space.
989 KiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
Fetching isc-dhcp43-server-4.3.5.txz: 100%  989 KiB   1.0MB/s    00:01    
Checking integrity... done (0 conflicting)
[1/1] Installing isc-dhcp43-server-4.3.5...
===> Creating groups.
Creating group 'dhcpd' with gid '136'.
===> Creating users
Creating user 'dhcpd' with uid '136'.
[1/1] Extracting isc-dhcp43-server-4.3.5: 100%
Message from isc-dhcp43-server-4.3.5:
****  To setup dhcpd, please edit /usr/local/etc/dhcpd.conf.

****  This port installs the dhcp daemon, but doesn't invoke dhcpd by default.
      If you want to invoke dhcpd at startup, add these lines to /etc/rc.conf:

	    dhcpd_enable="YES"				# dhcpd enabled?
	    dhcpd_flags="-q"				# command option(s)
	    dhcpd_conf="/usr/local/etc/dhcpd.conf"	# configuration file
	    dhcpd_ifaces=""				# ethernet interface(s)
	    dhcpd_withumask="022"			# file creation mask

****  If compiled with paranoia support (the default), the following rc.conf
      options are also supported:

	    dhcpd_chuser_enable="YES"		# runs w/o privileges?
	    dhcpd_withuser="dhcpd"		# user name to run as
	    dhcpd_withgroup="dhcpd"		# group name to run as
	    dhcpd_chroot_enable="YES"		# runs chrooted?
	    dhcpd_devfs_enable="YES"		# use devfs if available?
	    dhcpd_rootdir="/var/db/dhcpd"	# directory to run in
	    dhcpd_includedir="<some_dir>"	# directory with config-
						  files to include

****  WARNING: never edit the chrooted or jailed dhcpd.conf file but
      /usr/local/etc/dhcpd.conf instead which is always copied where
      needed upon startup.
[root@server /usr/home/user]#

Configuration

List installed services dhcp with:

[root@server /usr/home/user]# service -r | grep dhcp [enter]
/usr/local/etc/rc.d/isc-dhcpd
/usr/local/etc/rc.d/isc-dhcpd6
[root@server /usr/home/user]#

Find the rcvar for /etc/rc.conf:

[root@server /usr/home/user]# /usr/local/etc/rc.d/isc-dhcpd rcvar [enter]
# dhcpd
#
dhcpd_enable="NO"
#   (default: "")

[root@server /usr/home/user]#

To start isc-dhcp43-server on system boot, add information to /etc/rc.conf with this commands:

[root@server /usr/home/user]# echo '' >> /etc/rc.conf; echo '# ISC dhcpd' >> /etc/rc.conf; echo 'dhcpd_enable="YES"' >> /etc/rc.conf; echo 'dhcpd_ifaces="em0"' >> /etc/rc.conf [enter]
[root@server /usr/home/user]#

Replace the ’em0′ interface name with the interface (or interfaces, separated by whitespace) that your DHCP server should listen on for DHCP client requests.

Edit /usr/local/etc/dhcpd.conf with:

[root@server /usr/home/user]# ee /usr/local/etc/dhcpd.conf [enter]

N.B.: This is an example with support for client PXE Boot!

#
# dhcpd.conf
#

authoritative;

default-lease-time 3600;
max-lease-time 86400;

ddns-updates on;
ddns-domainname "example.net.";
ddns-rev-domainname "in-addr.arpa.";
ddns-update-style interim;

log-facility local7;

server-name "server.example.net";
server-identifier server.example.net;

allow client-updates;
allow unknown-clients;
do-forward-updates true;

include "/usr/local/etc/namedb/rndc.key";

# example.net
subnet 192.168.1.0 netmask 255.255.255.0 {
        range 192.168.1.200 192.168.1.249;
        option domain-name-servers 192.168.1.4;
        option subnet-mask 255.255.255.0;
        option routers 192.168.1.1;
        option broadcast-address 192.168.1.255;
        option ntp-servers 192.168.1.4;
        option domain-name "example.net.";
        default-lease-time 3600;
        max-lease-time 86400;
        next-server 192.168.1.4;
        option root-path "192.168.1.4:/tftpboot";
        filename "/gpxelinux.0";
        }

# Hosts Forward
zone example.net. {
        primary 127.0.0.1;
        key rndc-key;
        }

# Hosts Reverse
zone 1.168.192.in-addr.arpa. {
        primary 127.0.0.1;
        key rndc-key;
        }

Make sure that file /usr/local/etc/dhcpd.conf is not world readable with:

[root@server /usr/home/user]# chmod 640 /usr/local/etc/dhcpd.conf [enter]
[root@server /usr/home/user]#

Start

Manually start isc-dhcp43-server with;

[root@server /usr/home/user]# service isc-dhcpd start [enter]
Starting dhcpd.
Internet Systems Consortium DHCP Server 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /usr/local/etc/dhcpd.conf
Database file: /var/db/dhcpd/dhcpd.leases
PID file: /var/run/dhcpd/dhcpd.pid
Wrote 0 leases to leases file.
Listening on BPF/igb0/00:1b:21:a4:4e:cc/192.168.1.0/24
Sending on   BPF/igb0/00:1b:21:a4:4e:cc/192.168.1.0/24
Sending on   Socket/fallback/fallback-net
[root@srv /usr/home/stureah]#
[root@server /usr/home/user]#

Display isc-dhcp43-server status with:

[root@server /usr/home/user]# service isc-dhcpd status [enter]
dhcpd is running as pid 31662.
[root@server /usr/home/user]#

View content of dhcpd-leases

[root@server /usr/home/user]# cat /var/db/dhcpd/dhcpd.leases [enter]
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.3.5

# authoring-byte-order entry is generated, DO NOT DELETE
authoring-byte-order little-endian;

lease 192.168.1.200 {
  starts 3 2017/03/01 14:32:06;
  ends 3 2017/03/01 15:32:06;
  tstp 3 2017/03/01 15:32:06;
  cltt 3 2017/03/01 14:32:06;
  binding state free;
  hardware ethernet e4:a7:a0:73:c4:ea;
  uid "\001\344\247\240s\304\352";
  set vendor-class-identifier = "MSFT 5.0";
.
.
[root@server /usr/home/user]#

BIND Domain Name Server

By Sture | 2017-03-02 | Comments 0 Comment

Last Updated on 2017-07-02 by Sture

Description

BIND is open source software that enables you to publish your Domain Name System (DNS) information on the Internet and to resolve DNS queries for your users. The name BIND stands for “Berkeley Internet Name Domain” because the software originated in the early 1980s at the University of California at Berkeley.

BIND is by far the most widely used DNS software on the Internet, providing a robust and stable platform on top of which organizations can build distributed computing systems with the knowledge that those systems are fully compliant with published DNS standards.

WWW: https://www.isc.org/software/bind.

Installed and configured package(s) requirement:

OpenSSL – Open Secure Sockets Layer

Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@192.168.1.4 [enter]

N.B.: Replace user@192.168.1.4 with User ID and IP Address on Your server!

[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!

Installation

Search for bind in the remote package repositories with:

[root@server /usr/home/user]# pkg search bind <enter>
bind-tools-9.10.4P6            Command line tools from BIND: delv, dig, host, nslookup...
bind9-devel-9.12.0.a.2017.02.09 BIND DNS suite with updated DNSSEC and DNS64
bind910-9.10.4P6               BIND DNS suite with updated DNSSEC and DNS64
bind911-9.10.4P6               BIND DNS suite with updated DNSSEC and DNS64
bind99-9.9.9P6                 BIND DNS suite with updated DNSSEC and DNS64
bindgraph-0.3_1                RRDtool frontend for BIND statistics
bindtest-1.56_1                Test bind() semantics of IPv6 sockets
.
.
[root@server /usr/home/user]#

In this example, bind910 will be installed due to that bind911 has TCP_FASTOPEN error issues when running under FreeBSD 11.0-RELEASE-amd64.

Install bind910 with;

[root@server /usr/home/user]# pkg install bind910 [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 4 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	bind911: 9.10.4P6
	lmdb: 0.9.18_1
	idnkit: 1.0_6
	json-c: 0.12.1

Number of packages to be installed: 4

The process will require 61 MiB more space.
8 MiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
Fetching bind911-9.10.4P6.txz: 100%    8 MiB   2.7MB/s    00:03    
Fetching lmdb-0.9.18_1.txz: 100%   87 KiB  89.5kB/s    00:01    
Fetching idnkit-1.0_6.txz: 100%  194 KiB 198.4kB/s    00:01    
Fetching json-c-0.12.1.txz: 100%   38 KiB  39.2kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/4] Installing lmdb-0.9.18_1...
[1/4] Extracting lmdb-0.9.18_1: 100%
[2/4] Installing idnkit-1.0_6...
[2/4] Extracting idnkit-1.0_6: 100%
[3/4] Installing json-c-0.12.1...
[3/4] Extracting json-c-0.12.1: 100%
[4/4] Installing bind911-9.10.4P6...
[4/4] Extracting bind911-9.10.4P6: 100%
Message from idnkit-1.0_6:
===>   NOTICE:

The idnkit port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from bind911-9.10.4P6:
**********************************************************************
*            _  _____ _____ _____ _   _ _____ ___ ___  _   _         *
*           / \|_   _|_   _| ____| \ | |_   _|_ _/ _ \| \ | |        *
*          / _ \ | |   | | |  _| |  \| | | |  | | | | |  \| |        *
*         / ___ \| |   | | | |___| |\  | | |  | | |_| | |\  |        *
*        /_/   \_\_|   |_| |_____|_| \_| |_| |___\___/|_| \_|        *
*                                                                    *
*   BIND requires configuration of rndc, including a "secret" key.   *
*    The easiest, and most secure way to configure rndc is to run    *
*   'rndc-confgen -a' to generate the proper conf file, with a new   *
*            random key, and appropriate file permissions.           *
*                                                                    *
*     The /usr/local/etc/rc.d/named script will do that for you.     *
*                                                                    *
**********************************************************************
[root@server /usr/home/user]#

Configuration

List installed services named with:

[root@server /usr/home/user]# service -r | grep named
/usr/local/etc/rc.d/named
[root@server /usr/home/user]#

Find the rcvar for /etc/rc.conf:

[root@server /usr/home/user]# /usr/local/etc/rc.d/named rcvar
# named
#
named_enable="NO"
#   (default: "")

[root@server /usr/home/user]#

To start BIND at system boot, add information to /etc/rc.conf with this commands:

[root@server /usr/home/user]# echo '' >> /etc/rc.conf; echo '# BIND' >> /etc/rc.conf; echo 'named_enable="YES"' >> /etc/rc.conf; echo 'named_auto_forward="YES"' >> /etc/rc.conf [enter]
[root@server /usr/home/user]#

N.B.: named_auto_forward=”YES” tells BIND to pick forward Name Server(s) from file /etc/resolve.conf!

Automatically rotate the /var/named/var/log/named.log log file with:

[root@server /usr/home/user]# echo '/var/log/named.log                      600  9   100000 *     Z' >> /etc/syslog.conf [enter]
[root@server /usr/home/user]#

Update Resolve Config

Update file /etc/resolv.conf and set the local host as the primary DNS:

[root@server /usr/home/user]# ee /etc/resolv.conf [enter]
search		example.net
nameserver	127.0.0.1
nameserver	208.67.222.222
nameserver	208.67.220.220

N.B.: In this example OpenDNS Name Servers 208.67.222.222 and 208.67.220.220 is will be used by the local BIND Name Server for forward requests.

Generate Cryptograpic Key

Generate a rndc.key file with the following command:

[root@server /usr/home/user]# rndc-confgen -a [enter]
wrote key file "/usr/local/etc/namedb/rndc.key"
[root@server /usr/home/user]#

Change file modes on file /usr/local/etc/namedb/rndc.key with:

[root@server /usr/home/user]# chmod 440 /usr/local/etc/namedb/rndc.key [enter]
[root@server /usr/home/user]#

Display content of file /usr/local/etc/namedb/rndc.key with:

[root@server /usr/home/user]# cat /usr/local/etc/namedb/rndc.key [enter]

key "rndc-key" {
        algorithm hmac-md5;
        secret "XcwJ.............JSCMw==";
        };

N.B.: The content of file cat /usr/local/etc/namedb/rndc.key must be copied to the BIND configuration file /usr/local/etc/namedb/named.conf!

Configuration file

Edit the BIND configuration file for /usr/local/etc/namedb/named.conf with:

[root@server /usr/home/user]# ee /usr/local/etc/namedb/named.conf [enter]

N.B.: This is an example file. Please use it only as a template!

//
// named.conf
//

acl nets { 192.168.1/24; 127.0.0.1; };

options {
	// Relative to the chroot directory, if any, and should be fully qualified.
	directory       "/usr/local/etc/namedb/working";
	pid-file        "/var/run/named/pid";
	dump-file       "/var/dump/named_dump.db";
	statistics-file "/var/stats/named.stats";
	listen-on { 192.168.1.4; 127.0.0.1; };
	forwarders { 208.67.222.222; 208.67.220.220; };
	allow-query { nets; };
	allow-recursion { nets; };
	};

logging {
	channel log_file { file "/var/log/named/named.log" versions 3 size 5M;
	severity  debug 3 ; };
	category queries { log_file; };
	category xfer-in { log_file; };
	category xfer-out { log_file; };
	category default { log_file; };
	};

include "/usr/local/etc/namedb/rndc.key";

controls {
        inet 127.0.0.1 port 953 allow { nets; } keys { "rndc-key"; };
        inet 192.168.1.1 port 953 allow { nets; } keys { "rndc-key"; };
        };

//zone "." { type hint; file "named.root"; };
zone "localhost" { type master; file "/usr/local/etc/namedb/master/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/localhost-reverse.db"; };
zone "255.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };

zone "example.net" {
        notify yes;
        type master;
        file "/usr/local/etc/namedb/dynamic/hosts-forward.db";
        allow-update { key rndc-key; };
        };

zone "1.168.192.in-addr.arpa" {
        notify yes;
        type master;
        file "/usr/local/etc/namedb/dynamic/hosts-reverse.db";
        allow-update { key rndc-key; };
        };

“Seed” zone files

Prepare a “seed” zone file for the domain the server should update dynamically.

In this example, the dynamic subdomain is going to be example.net. Remember to replace example.net with your domain name, it must match what you have used in file /var/named/etc/namedb/named.conf.

The “seed” zone file is very minimal and should contain information that WON’T ever change. In this case, that will be the SOA record, the NS records, and the MX record.

Create the forward “seed” zone file with:

[root@server /usr/home/user]# ee /usr/local/etc/namedb/dynamic/hosts-forward.db [enter]

N.B.: This is an example file!

$ORIGIN .
$TTL 3600       ; 1 hour
example.net  IN SOA  server.example.net. admin.example.net. (
                                0          ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      server.example.net.
                        MX      10 server.example.net.
$ORIGIN example.net.
server                  A       192.168.1.1
ftp                     CNAME   server
mx                      CNAME   server
ns                      CNAME   server
www                     CNAME   server

Create the reverse “seed” zone file with:

[root@server /usr/home/user]# ee /usr/local/etc/namedb/dynamic/hosts-reverse.db [enter]

N.B.: This is an example file:

$ORIGIN .
$TTL 3600       ; 1 hour
1.168.192.in-addr.arpa  IN SOA  server.example.net. admin.example.net. (
                                0          ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      server.example.net.
                        MX      10 server.example.net.
$ORIGIN 1.168.192.in-addr.arpa.
1                       PTR     server.example.net.

Feel free to modify based on what you want to do, you can add more aliases, A or MX records, and make sure to change your domain name above from example.net to your domain name. Make sure to add a “.” after words, also change your hostname from server to the hostname you are using.

admin.example.net is the e-mail address of the person responsible for the zone. Here we use a “.” instead of an “@” sign in the e-mail address.

name service needs to update the configuration for the dynamic IPs itself. Set write permission for the user bind with:

[root@server /usr/home/user]# chown bind:bind /usr/local/etc/namedb/dynamic/hosts-* [enter]
[root@server /usr/home/user]#

Create a new directory called /var/log/named with:

[root@server /usr/home/user]# mkdir /var/log/named [enter]
[root@server /usr/home/user]#

Change file owner and group with:

[root@server /usr/home/user]# chown bind:bind /var/log/named [enter]
[root@server /usr/home/user]#

Change file modes with:

[root@server /usr/home/user]# chmod 777 /var/log/named [enter]
[root@server /usr/home/user]#

Create a empty log files called /var/log/named/named.log with:

[root@server /usr/home/user]# touch /var/log/named/named.log [enter]
[root@server /usr/home/user]#

/var/log/named/named.log files must have write permission for user bind:

[root@server /usr/home/user]# chown bind:bind /var/log/named/named.log [enter]
[root@server /usr/home/user]#

Syntax Checks

named-checkzone checks the syntax and integrity of a zone file. It performs the same checks as named does when loading a zone. This makes named-checkzone useful for checking zone files before configuring them into a name server.

[root@server /usr/home/user]# named-checkconf -zj [enter]
zone localhost/IN: loaded serial 42
zone 127.in-addr.arpa/IN: loaded serial 42
zone 255.in-addr.arpa/IN: loaded serial 42
zone example.net/IN: loaded serial 0
zone 1.168.192.in-addr.arpa/IN: loaded serial 0
[root@server /usr/home/user]#

Optional: rndc.conf

rndc.conf is the configuration file for rndc, the BIND 9 name server control utility. This file has a similar structure and syntax to named.conf. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated.

Add /usr/local/etc/namedb/rndc.key to file /usr/local/etc/namedb/rndc.conf with:

[root@server /usr/home/user]# cat /usr/local/etc/namedb/rndc.key >> /usr/local/etc/namedb/rndc.conf
[root@server /usr/home/user]#

Edit the configuration file for rndc with:

[root@server /usr/home/user]# ee /usr/local/etc/namedb/rndc.conf [enter]

N.B.: This is an example file!

/*
 * rndc configuration file.
 */

options {
        default-server  localhost;
        default-key     "rndc-key";
};

server localhost {
        key             "rndc-key";
};

key "rndc-key" {
        algorithm hmac-md5;
        secret "XcwJ.............JSCMw==";
};

Start

Manually start BIND with;

[root@server /usr/home/user]# service named start [enter]
Starting named.
[root@server /usr/home/user]#

Test BIND status with:

[root@server /usr/home/user]# service named status [enter]
named is running as pid 64826.
[root@server /usr/home/user]#

Check the error logs with:

[root@server /usr/home/user]# grep named /var/log/messages [enter]
Mar  1 12:33:35 srv named[92074]: starting BIND 9.10.4-P6 <id:a6837d0> -u bind -c /usr/local/etc/namedb/named.conf
Mar  1 12:33:35 srv named[92074]: running on FreeBSD amd64 11.0-RELEASE-p2 FreeBSD 11.0-RELEASE-p2 #0: Mon Oct 24 06:55:27 UTC 2016     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
Mar  1 12:33:35 srv named[92074]: built with '--localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--with-libxml2=/usr/local' '--with-readline=-L/usr/local/lib -ledit' '--with-dlopen=yes' '--sysconfdir=/usr/local/etc/namedb' '--disable-fetchlimit' '--disable-filter-aaaa' '--disable-fixed-rrset' '--without-geoip' '--with-idn=/usr/local' '--enable-ipv6' '--with-libjson' '--disable-largefile' '--without-python' '--disable-querytrace' '--enable-rpz-nsdname' '--enable-rpz-nsip' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--without-gssapi' '--with-openssl=/usr' '--disable-native-pkcs11' '--with-dlz-filesystem=yes' '--without-gost' '--enable-threads' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd11.0' 'build_alias=amd64-portbld-freebsd11.0' 'CC=cc' 'CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector -isystem /usr/local/include -fno-strict-aliasing' 'LDFLAGS= -fstack-protector' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_P
Mar  1 12:33:35 srv named[92074]: ----------------------------------------------------
Mar  1 12:33:35 srv named[92074]: BIND 9 is maintained by Internet Systems Consortium,
Mar  1 12:33:35 srv named[92074]: Inc. (ISC), a non-profit 501(c)(3) public-benefit 
Mar  1 12:33:35 srv named[92074]: corporation.  Support and training for BIND 9 are 
Mar  1 12:33:35 srv named[92074]: available at https://www.isc.org/support
Mar  1 12:33:35 srv named[92074]: ----------------------------------------------------
Mar  1 12:33:35 srv named[92074]: command channel listening on 127.0.0.1#953
Mar  1 12:33:35 srv named[92074]: command channel listening on 192.168.1.4#953
[root@server /usr/home/user]#

[root@server /usr/home/user]# tail /var/log/named/named.log [enter]
.
zone_settimer: zone 100.51.198.IN-ADDR.ARPA/IN: enter
zone_timer: zone id.server/CH: enter
zone_maintenance: zone id.server/CH: enter
zone_settimer: zone id.server/CH: enter
[root@server /usr/home/user]#

Reload Config

Reload configuration file and zones after manual updates with:

[root@server /usr/home/user]# rndc reload [enter]
server reload successful
[root@server /usr/home/user]#

…or with:

[root@server /usr/home/user]# service named reload [enter]
server reload successful
[root@server /usr/home/user]#

How to use

Checked if the nameserver is working on the server:

[root@server /usr/home/user]# dig @localhost ns.example.net [enter]

; <<>> DiG 9.9.4 <<>> @localhost ns.example.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15863
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;ns1.example.net.	IN	A

;; AUTHORITY SECTION:
example.net.	3600	IN	SOA	server.example.net. admin.server.example.net. 247 10800 3600 604800 86400

;; Query time: 0 msec
;; SERVER: 192.168.1.4#53(192.168.1.4)
;; WHEN: Mon Aug  8 23:52:15 2011
;; MSG SIZE  rcvd: 91

[root@server /usr/home/user]#

You can try to dig for google.com to make sure all is good with your DNS server:

[root@server /usr/home/user]# dig @localhost google.com [enter]
	
; <<>> DiG 9.9.4 <<>> @localhost google.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4584
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 13, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		300	IN	A	173.194.32.36
google.com.		300	IN	A	173.194.32.33
google.com.		300	IN	A	173.194.32.32
google.com.		300	IN	A	173.194.32.41
google.com.		300	IN	A	173.194.32.39
google.com.		300	IN	A	173.194.32.38
google.com.		300	IN	A	173.194.32.35
google.com.		300	IN	A	173.194.32.46
google.com.		300	IN	A	173.194.32.40
google.com.		300	IN	A	173.194.32.37
google.com.		300	IN	A	173.194.32.34

;; AUTHORITY SECTION:
.			510352	IN	NS	f.root-servers.net.
.			510352	IN	NS	e.root-servers.net.
.			510352	IN	NS	k.root-servers.net.
.			510352	IN	NS	b.root-servers.net.
.			510352	IN	NS	j.root-servers.net.
.			510352	IN	NS	l.root-servers.net.
.			510352	IN	NS	m.root-servers.net.
.			510352	IN	NS	a.root-servers.net.
.			510352	IN	NS	h.root-servers.net.
.			510352	IN	NS	i.root-servers.net.
.			510352	IN	NS	g.root-servers.net.
.			510352	IN	NS	d.root-servers.net.
.			510352	IN	NS	c.root-servers.net.

;; Query time: 48 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Dec 15 23:10:43 CET 2013
;; MSG SIZE  rcvd: 426

[root@server /usr/home/user]#

Manual dynamic DNS update

A dynamic DNS update can be performed with the nsupdate tool. The nsupdate tool requires that you have a valid key-file, /usr/local/etc/namedb/rndc.key that matches the key in file /usr/local/etc/namedb/named.conf.

In this example a new A record will be added for myhost.example.net with IP address 192.168.1.248:

[root@server /usr/home/user]# nsupdate -k /usr/local/etc/namedb/rndc.key [enter]
> update add myhost.example.net 3600 A 192.168.1.248 [enter]
> send [enter]
> [ctrl][D][root@server /usr/home/user]#

Verify the add of host myhost.example.net with:

[root@server /usr/home/user]# host myhost.example.net [enter]
myhost.example.net has address 192.168.1.248
[root@server /usr/home/user]#

Remove the A record entry for myhost.example.net so it doesn’t cause problems later with:

[root@server /usr/home/user]# nsupdate -k /usr/local/etc/namedb/rndc.key [enter]
> update delete myhost.example.net [enter]
> send [enter]
> [ctrl][D][root@server /usr/home/user]#

Verify the delete of host myhost.example.net with:

[root@server /usr/home/user]# host myhost.example.net [enter]
Host myhost.example.net not found: 3(NXDOMAIN)
[root@server /usr/home/user]#