Discussion:
Request for a firewalld secondary DHCP + PXEBOOT HOWTO
Aaron Gray
2013-02-07 16:23:31 UTC
Permalink
Can someone who knows firewalld please do a HOWTO to on setting up a
secondary DHCP with DNS and HTTPS access for PXEBOOTing of Fedora18 please
to go with the PXEBOOT HOWTO :-

http://linux-sxs.org/internet_serving/pxeboot.html

Hope someone can help, I put I message on the User List but got no response.

Aaron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130207/6591fc45/attachment.html>
&quot;Jóhann B. Guðmundsson&quot;
2013-02-07 16:41:59 UTC
Permalink
Post by Aaron Gray
Can someone who knows firewalld please do a HOWTO to on setting up a
secondary DHCP with DNS and HTTPS access for PXEBOOTing of Fedora18
please to go with the PXEBOOT HOWTO :-
http://linux-sxs.org/internet_serving/pxeboot.html
Hope someone can help, I put I message on the User List but got no response.
Well what seems to be standards sysadmin practice with firewalld on
servers is to disable it and enable iptables.

Firewalld is aimed at desktop users and roaming hardware which makes
"zones" useless concept for static server within an corporate
infrastructure.

So the missing steps for your guide simply are...

systemctl stop firewalld*
systemctl disable firewalld*
systemctl enable iptables.service
systemctl start iptables.service

JBG
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130207/49074c8f/attachment.html>
Aaron Gray
2013-02-09 10:47:19 UTC
Permalink
Post by Aaron Gray
Can someone who knows firewalld please do a HOWTO to on setting up a
secondary DHCP with DNS and HTTPS access for PXEBOOTing of Fedora18 please
to go with the PXEBOOT HOWTO :-
http://linux-sxs.org/internet_serving/pxeboot.html
Hope someone can help, I put I message on the User List but got no response.
Well what seems to be standards sysadmin practice with firewalld on
servers is to disable it and enable iptables.
Firewalld is aimed at desktop users and roaming hardware which makes
"zones" useless concept for static server within an corporate
infrastructure.
So the missing steps for your guide simply are...
systemctl stop firewalld*
systemctl disable firewalld*
systemctl enable iptables.service
systemctl start iptables.service
Jóhann,

That's okay so far, sort of makes sense, but I though firewalld had
equivalent functionality to iptables. Anyway I still need a HOWTO on
setting up a secondary DHCP on a second Ethernet controller in order to run
PXEBOOT.

Thanks for the reply anyway,

Aaron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130209/1a1e907a/attachment.html>
Pete Travis
2013-02-14 19:03:55 UTC
Permalink
On 7 February 2013 16:41, "Jóhann B. Guðmundsson" <johannbg at gmail.com>
Post by &quot;Jóhann B. Guðmundsson&quot;
Post by Aaron Gray
Can someone who knows firewalld please do a HOWTO to on setting up a
secondary DHCP with DNS and HTTPS access for PXEBOOTing of Fedora18 please
to go with the PXEBOOT HOWTO :-
Post by &quot;Jóhann B. Guðmundsson&quot;
Post by Aaron Gray
http://linux-sxs.org/internet_serving/pxeboot.html
Hope someone can help, I put I message on the User List but got no response.
Well what seems to be standards sysadmin practice with firewalld on
servers is to disable it and enable iptables.
Post by &quot;Jóhann B. Guðmundsson&quot;
Firewalld is aimed at desktop users and roaming hardware which makes
"zones" useless concept for static server within an corporate
infrastructure.
Post by &quot;Jóhann B. Guðmundsson&quot;
So the missing steps for your guide simply are...
systemctl stop firewalld*
systemctl disable firewalld*
systemctl enable iptables.service
systemctl start iptables.service
Jóhann,
That's okay so far, sort of makes sense, but I though firewalld had
equivalent functionality to iptables. Anyway I still need a HOWTO on
setting up a secondary DHCP on a second Ethernet controller in order to run
PXEBOOT.
Thanks for the reply anyway,
Aaron
Have you looked at
http://docs.fedoraproject.org/en-US/Fedora/17/html/Installation_Guide/sn-pxe-server-manual.html?
If so, can you elaborate on what is missing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130214/0d91d6be/attachment-0001.html>
Pete Travis
2013-02-14 19:16:34 UTC
Permalink
Post by Pete Travis
On 7 February 2013 16:41, "Jóhann B. Guðmundsson" <johannbg at gmail.com>
Post by &quot;Jóhann B. Guðmundsson&quot;
Post by Aaron Gray
Can someone who knows firewalld please do a HOWTO to on setting up a
secondary DHCP with DNS and HTTPS access for PXEBOOTing of Fedora18 please
to go with the PXEBOOT HOWTO :-
Post by Pete Travis
Post by &quot;Jóhann B. Guðmundsson&quot;
Post by Aaron Gray
http://linux-sxs.org/internet_serving/pxeboot.html
Hope someone can help, I put I message on the User List but got no response.
Well what seems to be standards sysadmin practice with firewalld on
servers is to disable it and enable iptables.
Post by Pete Travis
Post by &quot;Jóhann B. Guðmundsson&quot;
Firewalld is aimed at desktop users and roaming hardware which makes
"zones" useless concept for static server within an corporate
infrastructure.
Post by Pete Travis
Post by &quot;Jóhann B. Guðmundsson&quot;
So the missing steps for your guide simply are...
systemctl stop firewalld*
systemctl disable firewalld*
systemctl enable iptables.service
systemctl start iptables.service
Jóhann,
That's okay so far, sort of makes sense, but I though firewalld had
equivalent functionality to iptables. Anyway I still need a HOWTO on
setting up a secondary DHCP on a second Ethernet controller in order to run
PXEBOOT.
Post by Pete Travis
Thanks for the reply anyway,
Aaron
Have you looked at
http://docs.fedoraproject.org/en-US/Fedora/17/html/Installation_Guide/sn-pxe-server-manual.html?
If so, can you elaborate on what is missing?

Oops, that should be
http://docs.fedoraproject.org/en-US/Fedora/18/html/Installation_Guide/sn-pxe-server-manual.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130214/8fb7acf0/attachment-0001.html>
Aaron Gray
2013-02-15 04:12:24 UTC
Permalink
Post by Aaron Gray
Post by Pete Travis
On 7 February 2013 16:41, "Jóhann B. Guðmundsson" <johannbg at gmail.com>
Post by &quot;Jóhann B. Guðmundsson&quot;
Post by Aaron Gray
Can someone who knows firewalld please do a HOWTO to on setting up a
secondary DHCP with DNS and HTTPS access for PXEBOOTing of Fedora18 please
to go with the PXEBOOT HOWTO :-
Post by Pete Travis
Post by &quot;Jóhann B. Guðmundsson&quot;
Post by Aaron Gray
http://linux-sxs.org/internet_serving/pxeboot.html
Hope someone can help, I put I message on the User List but got no
response.
Post by Pete Travis
Post by &quot;Jóhann B. Guðmundsson&quot;
Well what seems to be standards sysadmin practice with firewalld on
servers is to disable it and enable iptables.
Post by Pete Travis
Post by &quot;Jóhann B. Guðmundsson&quot;
Firewalld is aimed at desktop users and roaming hardware which makes
"zones" useless concept for static server within an corporate
infrastructure.
Post by Pete Travis
Post by &quot;Jóhann B. Guðmundsson&quot;
So the missing steps for your guide simply are...
systemctl stop firewalld*
systemctl disable firewalld*
systemctl enable iptables.service
systemctl start iptables.service
Jóhann,
That's okay so far, sort of makes sense, but I though firewalld had
equivalent functionality to iptables. Anyway I still need a HOWTO on
setting up a secondary DHCP on a second Ethernet controller in order to run
PXEBOOT.
Post by Pete Travis
Thanks for the reply anyway,
Aaron
Have you looked at
http://docs.fedoraproject.org/en-US/Fedora/17/html/Installation_Guide/sn-pxe-server-manual.html? If so, can you elaborate on what is missing?
Oops, that should be
http://docs.fedoraproject.org/en-US/Fedora/18/html/Installation_Guide/sn-pxe-server-manual.html
Pete,

Yeah that's the easy bits, they need details too. The bit I have yet to
find out how to do is to forward HTTPS and DNS ports between the
primary internet network and the secondary DHCP BOOTP network on
192.168.1.x. I had this working on Shorewall but have taken the time to
work it out on iptables or firewalld ideally and was hoping for a quick fix
without having to reread iptables docs or learn firewalld configuration.

Cheers for the link,

Aaron
Post by Aaron Gray
--
devel mailing list
devel at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130215/a9a19b81/attachment-0001.html>
Pete Travis
2013-02-15 17:07:12 UTC
Permalink
Post by Aaron Gray
Pete,
Yeah that's the easy bits, they need details too. The bit I have yet to
find out how to do is to forward HTTPS and DNS ports between the
primary internet network and the secondary DHCP BOOTP network on
192.168.1.x. I had this working on Shorewall but have taken the time to
work it out on iptables or firewalld ideally and was hoping for a quick fix
without having to reread iptables docs or learn firewalld configuration.
Post by Aaron Gray
Cheers for the link,
Aaron
Port forwarding is simply and clearly documented in 'man firewall-cmd'.
Unless you're looking for masquerading, which is easily done per the man
page as well. I believe there are some firewalld docs in the works, fwiw.

Serving the installation repository from an outside network is a use case
straying from the norm; I wouldn't consider the installation guide lacking
because it does not document it.

--pete
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130215/e66d2d0d/attachment-0001.html>
Thomas Woerner
2013-02-14 14:13:18 UTC
Permalink
Post by Aaron Gray
Can someone who knows firewalld please do a HOWTO to on setting up a
secondary DHCP with DNS and HTTPS access for PXEBOOTing of Fedora18
please to go with the PXEBOOT HOWTO :-
http://linux-sxs.org/internet_serving/pxeboot.html
Hope someone can help, I put I message on the User List but got no response.
Aaron
Do you want to provide this for IPv4 or IPv6 or both?
The ports that need to be opened are different for DHCPv4 and DHCPv6.

Thomas
Aaron Gray
2013-02-14 18:31:24 UTC
Permalink
Post by Thomas Woerner
Post by Aaron Gray
Can someone who knows firewalld please do a HOWTO to on setting up a
secondary DHCP with DNS and HTTPS access for PXEBOOTing of Fedora18
please to go with the PXEBOOT HOWTO :-
http://linux-sxs.org/internet_**serving/pxeboot.html<http://linux-sxs.org/internet_serving/pxeboot.html>
Hope someone can help, I put I message on the User List but got no response.
Aaron
Do you want to provide this for IPv4 or IPv6 or both?
The ports that need to be opened are different for DHCPv4 and DHCPv6.
Hi Thomas,

Thanks for the reply. Its for installing Fedora 18 from Fedora 18 on old CD
less servers so IPv4 ideally but it would be good to do a HOWTO for IPv6 as
well. The DHCP part is relatively simple and have done this before its the
routing from one subnet to another that is the part I have not been able to
work out. I don't know whether this can be done directly with firewalld or
whether as suggested earlier in the thread to revert to using iptables.

Aaron
Post by Thomas Woerner
Thomas
--
devel mailing list
devel at lists.fedoraproject.org
https://admin.fedoraproject.**org/mailman/listinfo/devel<https://admin.fedoraproject.org/mailman/listinfo/devel>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130214/827dbfab/attachment-0001.html>
Loading...