RHCE环境创建、简单架设dhcpd、tftp,客户端实现网络启动
来源:
作者:
时间:2007-12-03
Tag:
点击:
配置目录/tftpboot目录下的文件解析,pxelinux.0来源自syslinux,在tftpboot下面的默认位置目录文件
pxelinux.cfg/default,文件来自光盘CD中的isolinux目录。default来自isolinux.cfg。
pxelinux.cfg/default,文件来自光盘CD中的isolinux目录。default来自isolinux.cfg。
[root@rhce tftpboot]# locate pxelinux.0
/usr/lib/syslinux/pxelinux.0
[root@rhce tftpboot]# cp /usr/lib/syslinux/pxelinux.0 /tftpboot/
[root@rhce tftpboot]# cp /misc/cd/isolinux/* /tftpboot/
[root@rhce tftpboot]# mkdir pxelinux.cfg
[root@rhce tftpboot]# cp isolinux.cfg pxelinux.cfg/default
[root@rhce ~]# tree -C /tftpboot/
/tftpboot/
|-- TRANS.TBL
|-- boot.cat
|-- boot.msg
|-- general.msg
|-- initrd.img
|-- isolinux.bin
|-- isolinux.cfg
|-- memtest
|-- options.msg
|-- param.msg
|-- pxelinux.0
|-- pxelinux.cfg
| `-- default
|-- rescue.msg
|-- splash.lss
`-- vmlinuz
1 directory, 15 files
[root@rhce tftpboot]# cat pxelinux.cfg/default
default linux
prompt 1
timeout 600
display boot.msg
F1 boot.msg
F2 options.msg
F3 general.msg
F4 param.msg
F5 rescue.msg
label linux
kernel vmlinuz
append initrd=initrd.img
label text
kernel vmlinuz
append initrd=initrd.img text
label ks
kernel vmlinuz
append ks initrd=initrd.img
label local
localboot 1
label memtest86
kernel memtest
append -
[root@rhce tftpboot]# cat pxelinux.cfg/default
default linux
prompt 1
timeout 600
display boot.msg
F1 boot.msg
F2 options.msg
F3 general.msg
F4 param.msg
F5 rescue.msg
label linux
kernel vmlinuz
append initrd=initrd.img
label text
kernel vmlinuz
append initrd=initrd.img text
label ks
kernel vmlinuz
append ks initrd=initrd.img
label local
localboot 1
label memtest86
kernel memtest
append -
也可以参考以下文章:
三:iptables的部分设置
从netstat获取xinetd的端口,或者/etc/services里面获取的
开放xinetd的端口69访问
从netstat获取xinetd的端口,或者/etc/services里面获取的
开放xinetd的端口69访问
[root@rhce ~]# netstat -nap | grep xinetd
udp 0 0 0.0.0.0:69 0.0.0.0:* 1682/xinetd
unix 2 [ ] DGRAM 4524 1682/xinetd
[root@rhce ~]# cat /etc/services | grep tftp
tftp 69/tcp
tftp 69/udp
tftp-mcast 1758/tcp
tftp-mcast 1758/udp
mtftp 1759/udp
subntbcst_tftp 247/tcp # SUBNTBCST_TFTP
subntbcst_tftp 247/udp # SUBNTBCST_TFTP
etftp 1818/tcp # Enhanced Trivial File Transfer Protocol
etftp 1818/udp # Enhanced Trivial File Transfer Protocol
tftps 3713/tcp # TFTP over TLS
tftps 3713/udp # TFTP over TLS
[root@rhce ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
0