Netbooting (PXE) with AstLinux

As we have already a working DHCP- and TFTP-server, it is really easy to add the Netbooting feature (PXE) to AstLinux.

General

I 1) prepared a package (80 kB) from the Syslinux-4.05 source, which you can download here, and then just throw the content of this package into the Root of your AstLinux TFTP server /tftpboot/ (without the enclosing folder).

Then you only need to add the following line to your Dnsmasq configuration: /mnt/kd/dnsmasq.static (in the WebGUI Edit-tab):

dhcp-boot=pxelinux.0

and perform a “Restart DNS & DHCP”. I included a sample boot menu, which now lives in /tftpboot/pxelinux.cfg/default.

If you are lazy like me :-), just move this file as pxe-default.conf to /mnt/kd/ and make a symlink like:

ln -s /mnt/kd/pxe-default.conf /tftpboot/pxelinux.cfg/default

to make the file file editable in the WebGUI.

If you want to try out the memtest example you can just make another symlink:

ln -s /oldroot/cdrom/memtest /tftpboot/memtest

and now you can use Memtest86+ via netbooting. It even works with RUNNIX, so that would be an easy way to get an AstLinux image on boxes without CF, CD-ROM or harddrive like ThinClients. Or you could repair broken AstLinux installations and much more.

Please note that you now can netboot complete ISOs2) over PXE (see my example). And the ISOs don't even need to be stored locally on your AstLinux box. Pxelinux supports access via TFTP, HTTP, FTP, NFS, etc. See the Syslinux Wiki for further documentation or google the web, there are many examples.

Security

Please be careful what exactly you symlink to “/tftpboot”. “/tftpboot” is the root directory for PXE for local files. For security reasons all menu entries and especially the menu line editing feature and escaping to a “boot:” prompt (with TAB/ESC) can be password protected (clear-text, MD5, SHA1). You could also comment out the above line in dnsmasq.static and only activate this feature, when you really need it.

Additionally you could set a filter in “dnsmasq.static” for allowing only specific Netboot MAC-addresses (or ranges) by replacing the line:

dhcp-boot=pxelinux.0

with this:

dhcp-mac=set:netboot,08:00:27:fb:*:*
dhcp-boot=tag:netboot,pxelinux.0

The first line adds the tag “netboot” only to MAC-addresses starting with 08:00:27:fb (in this example VirtualBox VMs). The 2nd line allows Netbooting only for devices which have the “netboot” tag.

Enabling Netboot in BIOS

Some x86 boards have netboot enabled by default in their BIOS, many do not. For example with the Jetway line of boards using AMI BIOS, netboot may be enabled on a NIC by NIC basis.

Jetway Board Example

Enter the Setup page in the BIOS by typing DEL via VGA Console or F4 (<ESC>OS) via Serial Console.

Navigate to Integrated Peripherals → Onboard Device Function, then set “Onboard LAN1 BootROM [Enabled]” in the BIOS for one or more NICs (LAN1, LAN2, etc.).

Finally, with netboot enabled in the BIOS, you can select the Boot Menu at startup by typing F11 via VGA Console or F3 (<ESC>OR) via Serial Console. Then you can select the NIC to netboot from.

1) Michael Keuter
2) not all though, SysRescueCD is one exception, but there are other solutions