DDNS, DHCP & PXE server configuration ubuntu
configure ddns server =>
#apt-get install bind9 dhcp3-server
#vim /etc/hosts
127.0.0.1 localhost
192.168.0.194 host.irfan.com host
:wq
#vim /etc/resolv.conf
nameserver 192.168.0.50
nameserver 127.0.0.1
:wq
#vim /etc/bind/db.irfan.com
irfan.com. IN SOA host.irfan.com. pathanirfan6@gmail.com. (
1 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
irfan.com. IN NS host.irfan.com.
localhost.irfan.com. IN A 127.0.0.1
host.irfan.com. IN A 192.168.0.194
:wq
#vim /etc/bind/db.192.168.0
0.168.192.in-addr.arpa. IN SOA host.irfan.com. pathanirfan6@gmail.com. (
1 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
0.168.192.in-addr.arpa. IN NS host.irfan.com.
194.0.168.192.in-addr.arpa. IN PTR host.irfan.com.
:wq
#vim /etc/bind/named.conf.local
zone "irfan.com" in {
type master;
file "/etc/bind/db.irfan.com";
allow-update { key "rndc-key"; };
notify yes;
};
zone "0.168.192.in-addr.arpa" in {
type master;
file "/etc/bind/db.192.168.0";
allow-update { key "rndc-key"; };
notify yes;
};
include "/etc/bind/rndc.key";
:wq
-----------------------------------------------------------
configure dhcp server =>
#vim /etc/dhcp3/dhcpd.conf
# Basic stuff to name the server and switch on updating
server-identifier 192.168.0.194;
ddns-updates on;
ddns-update-style interim;
ddns-domainname "irfan.com.";
ddns-rev-domainname "in-addr.arpa.";
# Ignore Windows FQDN updates
ignore client-updates;
# Include the key so that DHCP can authenticate itself to BIND9
include "/etc/bind/rndc.key";
# This is the communication zone
zone irfan.com. {
primary 127.0.0.1;
key rndc-key;
}
# Normal DHCP stuff
option domain-name "irfan.com";
option domain-name-servers 192.168.0.194;
option ip-forwarding off;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
allow booting;
allow bootp;
# Tell the server it is authoritative on that subnet (essential)
authoritative;
subnet 192.168.0.0 netmask 255.255.240.0 {
range 192.168.9.50 192.168.9.254;
option broadcast-address 192.168.1.255;
option routers 192.168.0.194;
allow unknown-clients;
filename "pxelinux.0";
next-server 192.168.0.194;
zone 0.168.192.in-addr.arpa. {
primary 192.168.0.194;
key "rndc-key";
}
zone localdomain. {
primary 192.168.0.194;
key "rndc-key";
}
}
:wq
#vim /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
8.8.8.8;8.8.2.2;
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
:wq
Assign permissionz
#chmod g+w /etc/bind
#chmod +r /etc/bind/rndc.key
Apparmour changes
Add following line in apparmour before closing “}”
#vi /etc/apparmor.d/usr.sbin.dhcpd3
/etc/bind/ rw,
/etc/bind/** rw,
example :
#vi /etc/apparmor.d/usr.sbin.dhcpd3
# vim:syntax=apparmor
# Author: Irfan Pathan <pathanirfan6@gmail.com>
#include <tunables/global>
/usr/sbin/dhcpd3 {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/ssl_keys>
capability net_bind_service,
capability net_raw,
capability setgid,
capability setuid,
network inet raw,
network packet packet,
/etc/hosts.allow r,
/etc/hosts.deny r,
/etc/dhcp3/ r,
/etc/dhcp3/** r,
/etc/dhcpd.conf r,
/etc/dhcpd_ldap.conf r,
/usr/sbin/dhcpd3 mr,
/var/lib/dhcp3/dhcpd.leases* lrw,
/var/log/ r,
/var/log/** rw,
/var/run/dhcp3-server/dhcpd.pid w,
# LTSP. See:
/etc/ltsp/ r,
/etc/ltsp/** r,
/etc/dhcpd-k12ltsp.conf r,
/etc/dhcpd.leases* lrw,
/ltsp/ r,
/ltsp/** r,
# Eucalyptus
/var/run/eucalyptus/net/ r,
/var/run/eucalyptus/net/** r,
/var/run/eucalyptus/net/*.pid lrw,
/var/run/eucalyptus/net/*.leases* lrw,
/var/run/eucalyptus/net/*.trace lrw,
/etc/bind/ rw,
/etc/bind/** rw,
}
:wq
#/etc/init.d/apparmor restart
#/etc/init.d/dhcp3-server start
#/etc/init.d/bind9 restart
----------------------------------------------------------------------------------
PXE boot server=>
#apt-get install tftpd-hpa syslinux
configurting TFTP server
#/etc/init.d/openbsd-inetd stop
#update-rc.d -f openbsd-inetd remove
#sed -i s/no/yes/ /etc/default/tftpd-hpa
#/etc/init.d/tftpd-hpa start
#/etc/init.d/dhcp3-server restart
* copy needed files from syslinux to tftpboot directory
#cp /usr/lib/syslinux/pxelinux.0 /var/lib/tftpboot
#cp /usr/lib/syslinux/pxelinux.0 /var/lib/tftpboot
#cp /usr/lib/syslinux/menu.c32 /var/lib/tftpboot
#cp /usr/lib/syslinux/memdisk /var/lib/tftpboot
#cp /usr/lib/syslinux/mboot.c32 /var/lib/tftpboot
#cp /usr/lib/syslinux/chain.c32 /var/lib/tftpboot
#mkdir /var/lib/tftpboot/pxelinux.cfg
#vim /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
prompt 0
timeout 100
ONTIMEOUT localboot
MENU TITLE Irfan Pathan's PXE Server...
LABEL localboot
MENU LABEL Boot From Hard Disk
LOCALBOOT 0
LABEL Ubuntu 10.04 64 bit Desktop Installer
MENU Ubuntu 10.04 64 bit Desktop Installer...
KERNEL ubuntu10.04_64bit/vmlinuz
append boot=casper netboot=nfs nfsroot=192.168.0.194:/ubuntu/ vga=normal initrd=ubuntu10.04_64bit/initrd.lz ramdisk_size=32768
LABEL Ubuntu 10.04 32 bit Desktop Installer
MENU Ubuntu 10.04 32 bit Desktop Installer...
KERNEL ubuntu10.04_32bit/vmlinuz
append boot=casper netboot=nfs nfsroot=192.168.0.194:/ubuntu_10.04_32_bit_desktop initrd=ubuntu10.04_32bit/initrd.lz ramdisk_size=32768
LABEL Ubuntu 12.04 64 bit Desktop Installer
MENU Ubuntu 12.04 64 bit Desktop Installer...
KERNEL ubuntu12.04_64bit/vmlinuz
append boot=casper netboot=nfs nfsroot=192.168.0.194:/ubuntu_12.04_64_bit_desktop initrd=ubuntu12.04_64bit/initrd.lz ramdisk_size=32768
LABEL Ubuntu 11.10 64 bit Desktop Installer
MENU Ubuntu 11.10 64 bit Desktop Installer...
KERNEL ubuntu11.10_64bit/vmlinuz
append boot=casper netboot=nfs nfsroot=192.168.0.194:/ubuntu_11.10_64_bit_desktop initrd=ubuntu11.10_64bit/initrd.lz ramdisk_size=32768
:wq
create folder for kernel files
#mkdir /var/lib/tftpboot/ubuntu10.04_32bit
#mkdir /var/lib/tftpboot/ubuntu10.04_64bit
#mkdir /var/lib/tftpboot/ubuntu11.10_64bit
#mkdir /var/lib/tftpboot/ubuntu12.04_64bit
create folder for images data
#mkdir /ubuntu
#mkdir /ubuntu_10.04_32_bit_desktop
#mkdir /ubuntu_11.10_64_bit_desktop
#mkdir /ubuntu_12.04_64_bit_desktop
mount iso images
#mount -o loop /ubuntu10.04_64bit.iso /mnt
#cp -rv /mnt/* /ubuntu/
#cp -rv /mnt/.disk /ubuntu/
#cp -rv /mnt/casper/initrd.lz /var/lib/tftpboot/ubuntu10.04_64bit
#cp -rv /mnt/casper/vmlinuz /var/lib/tftpboot/ubuntu10.04_64bit
#umount /mnt
#mount -o loop /ubuntu10.04_32bit.iso /mnt
#cp -rv /mnt/* /ubuntu_10.04_32_bit_desktop/
#cp -rv /mnt/.disk /ubuntu_10.04_32_bit_desktop/
#cp -rv /mnt/casper/initrd.lz /var/lib/tftpboot/ubuntu10.04_32bit
#cp -rv /mnt/casper/vmlinuz /var/lib/tftpboot/ubuntu10.04_32bit
#umount /mnt
#mount -o loop /ubuntu11.10_64bit.iso /mnt
#cp -rv /mnt/* /ubuntu_11.10_64_bit_desktop/
#cp -rv /mnt/.disk /ubuntu_11.10_64_bit_desktop/
#cp -rv /mnt/casper/initrd.lz /var/lib/tftpboot/ubuntu11.10_64bit
#cp -rv /mnt/casper/vmlinuz /var/lib/tftpboot/ubuntu11.10_64bit
#umount /mnt
#mount -o loop /ubuntu12.04_64bit.iso /mnt
#cp -rv /mnt/* /ubuntu_12.04_64_bit_desktop/
#cp -rv /mnt/.disk /ubuntu_12.04_64_bit_desktop/
#cp -rv /mnt/casper/initrd.lz /var/lib/tftpboot/ubuntu12.04_64bit
#cp -rv /mnt/casper/vmlinuz /var/lib/tftpboot/ubuntu12.04_64bit
#umount /mnt
--------------------------------------------------------------
install nfs server
#apt-get install nfs-kernel-server
#/etc/init.d/nfs-kernel-server start
#vim /etc/exports
/ubuntu *(ro,async,no_root_squash,no_subtree_check)
/ubuntu_10.04_32_bit_desktop *(ro,async,no_root_squash,no_subtree_check)
/ubuntu_12.04_64_bit_desktop *(ro,async,no_root_squash,no_subtree_check)
/ubuntu_11.10_64_bit_desktop *(ro,async,no_root_squash,no_subtree_check)
:wq
#exportfs -rv
#/etc/init.d/nfs-kernel-server restart
#/etc/init.d/tftpd-hpa restart