[lug] Backup
David L. Anselmi
anselmi at anselmi.us
Mon Jan 2 10:18:56 MST 2006
Bear Giles wrote:
> Siegfried Heintze wrote:
>
>> Is it possible to do a network boot thru a firewall from an internet
>> on someone else's machine?
>
> No. I don't recall the details on "PXE", but "BOOTP" is essentially
> DHCP with an additional payload that specifies where the hardware can
> download (via TFTP) a boot image.
Bear is incorrect, except in the case of using bootp (like Sun's jumpstart).
When a PXE machine boots off the network it gets its IP address from
DHCP. The DHCP server can also serve it a boot server and image path
that PXE will use to download the kernel image, load it, and boot it.
DHCP, even though it is a broadcast protocol, can be relayed across
routers. ISC's suite of DHCP software will do this. Cisco has a "DHCP
helper" or some such that does the same thing. So does Microsoft. So
as long as there's a relay agent on your subnet the DHCP server can be
anywhere.
The kernel image is downloaded with TFTP, which is a typical point to
point protocol using TCP.
The problem with bootp is that it is an earlier form of DHCP and doesn't
provide the extensions needed to relay it. So it only works on the
local subnet. (Sun's jumpstart requirements list a bootp server for
each subnet. Jumpstart can use DHCP but that isn't the out of the box
way to do it.)
Whether you can do all this through various firewalls depends entirely
on their security policies and whether they allow it (and are configured
to implement that part of the policy correctly).
Dave
More information about the LUG
mailing list