• @brakcounty Thats my question really, do I need to leave a setting in (66 67 or 150) to tell the Watchguard to send the PXE request to FOG? I presume I need to put a setting in somewhere or the client wont know where to go for it’s PXE boot


  • @rogerbrowntdl dnsmasq runs on the FOG server to detect architecture and boot type then serve the boot files over tftp. This is my understanding of how it all works:
    PC sends DHCP server a request for an IP address with a pxe packet.
    DHCP assigns an IP address then directs (relays) the PC to the FOG server.
    FOG Server handles this request by sending either undionly.kpxe or ipxe.efi depending on the architecture of the PC (dnsmasq tftp service).
    PC downloads and executes the correct file.
    After that FOG loads the boot menus.


  • @george1421 So in effect, I just leave the Watchguard as a DHCP server, set option 66 and 150 to point to my FOG box, remove option 67 and then install DNSMasq? Or do I remove ALL options from my Watchguard and install DNSMasq?

    Forgive my lack of knowledge on the subject lol. How does the PXE request then get to the FOG server? Does the client, send a DHCP request to the Watchguard and then a broadcast for PXE or do I need to leave something in the Watchguard to tell the client to go to FOG?


  • This post is deleted!
  • Moderator

    @rogerbrowntdl We would typically use this if your dhcp server is managed by an outside party, or your dhcp server settings can’t be changed or your dhcp server does not support dynamic pxe booting (pfsense router does by the way so dnsmasq on the fog server isn’t needed here).

  • Moderator

    @rogerbrowntdl With this setup the dnsmasq server only provides pxe boot information using the proxydhcp protocol. It does not manage ip address with this configuration. Its intended to augment your existing dhcp server.


  • @george1421 @brakcounty

    So the DHCP server runs off our Watchguard and is a separate network (we have one for our production lan and one for our build lab)

    I can change the Watchguard interface from a DHCP server to a relay server but that would mean it wouldnt hand out DHCP leases right?


  • @rogerbrowntdl We have the Fortigate DHCP relay set up with the FOG server IP. I did however have to install dnsmasq on my FOG server and disable tftpd.service. Here is where I found the instructions: https://forums.fogproject.org/topic/12133/fog-on-existing-dhcp-server

    The code posted by @george1421 needed one line added which is marked below. Just remove the asterisks:

    # Don't function as a DNS server:
    port=0
    
    # Log lots of extra information about DHCP transactions.
    log-dhcp
    
    **# Enable TFTP
    enable-tftp**
    
    # Set the root directory for files available via FTP.
    tftp-root=/tftpboot
    
    # The boot filename, Server name, Server Ip Address
    dhcp-boot=undionly.kpxe,,<fog_server_IP>
    
    # Disable re-use of the DHCP servername and filename fields as extra
    # option space. That's to avoid confusing some old or broken DHCP clients.
    dhcp-no-override
    
    # inspect the vendor class string and match the text to set the tag
    dhcp-vendorclass=BIOS,PXEClient:Arch:00000
    
  • Moderator

    @rogerbrowntdl https://forums.fogproject.org/topic/12796/installing-dnsmasq-on-your-fog-server

    This is the easiest solution, it takes about 10 minutes to setup. If you are running subnets on your network you (after dnsmasq is installed and you remove the pxe boot info from your firewall/router) add the fog server’s IP address as the last server in your dhcp-relay /dhcp-helper service on your subnet router. This is only needed if you need to pxe boot computers not on the same subnet as the fog/dnsmasq server.

    A bit longer answer is that your firewall/routers dhcp server most likely doesn’t support dynamic pxe booting, in that it will change the boot file name based on bios or uefi pxe booting computer.


  • @brakcounty How is your relay setup? Is it a different server or running from fortigate itself?


  • @rogerbrowntdl Yes very similar to Fortigate. So I have a Fortigate 70D in my offline lab, and have it set up same as you, but for ipxe (UEFI only) boot. DHCP option 67 can only specify one file name. My suggestion is to see if your DHCP server supports DHCP relay. If it does, specify your FOG server IP address. Since your FOG server is already set up to not hand out IP addresses, you should be good to go after that. We have DHCP relay set up on our prod network and both UEFI and Legacy pxe boot work just fine.

    Oh and unfortunately you cannot add UEFI to a legacy device as far as I know. Not sure if it is a hardware or firmware limitation.


  • @brakcounty

    Currently configured as:
    Code Name Type Kind Value
    150 TFTP Server IP IP Address(es) Predefined 192.168.15.251
    66 TFTP Server Name Text Predefined 192.168.15.251
    67 TFTP Boot Filename Text Predefined undionly.kpxe


  • @rogerbrowntdl How is your DHCP server currently configured for PXE boot?

188
Online

9.8k
Users

16.1k
Topics

148.5k
Posts