Skip to content

Instantly share code, notes, and snippets.

Last active January 27, 2024 06:16
Show Gist options
  • Save NiKiZe/5c181471b96ac37a069af0a76688944d to your computer and use it in GitHub Desktop.
Save NiKiZe/5c181471b96ac37a069af0a76688944d to your computer and use it in GitHub Desktop.
Trying to chainload iPXE with full feature set from a lesser featured one. dnsmasq ProxyDHCP edition
# Known working dnsmasq version 2.85 config for iPXE proxydhcp usage
# things to replace:
# * - your subnet
# * eth0 - interface to listen on, or switch to bind-dynamic
# * - your tftp server ip
# * - script to run once inside iPXE
# Debug logging
# Disable DNS server
# send disable multicast and broadcast discovery, and to download the boot file immediately
# DHCP_PXE_DISCOVERY_CONTROL, should be vendor option? Needs more understanding and source
# This range(s) is for the public interface, where dnsmasq functions
# as a proxy DHCP server providing boot information but no IP leases.
# Any ip in the subnet will do, so you may just put your server NIC ip here.
# bind-dynamic - remove interface and use this instead to listen everywhere?
# Disable re-use of the DHCP servername and filename fields as extra
# option space. That's to avoid confusing some old or broken DHCP clients.
#dhcp-match=set:<tag>,<option number>|option:<option name>|vi-encap:<enterprise>[,<value>]
#dhcp-boot=[tag:<tag>,]<filename>,[<servername>[,<server address>|<tftp_servername>]]
# Based on logic in
# iPXE sends a 175 option, checking suboptions
# set ipxe-ok tag if we have correct combination
# http && menu && iscsi ((pxe && bzimage) || efi)
#pxe-service=[tag:<tag>,]<CSA>,<menu text>[,<basename>|<bootservicetype>][,<server address>|<server_name>]
# these create option 43 cruft, which is required in proxy mode
# TFTP IP is required on all dhcp-boot lines (unless dnsmasq itself acts as tftp server?)
# later match overrides previous, keep ipxe script last
# server address must be non zero, but can be anything as long as iPXE script is not fetched over TFTP
# To use internal TFTP server enabled these, recommended is otherwise atftp
Copy link

NiKiZe commented Aug 5, 2021

Some references linkified:

Tested with real HW, but initial testing was done with:

# BIOS with iPXE preloaded
qemu-system-x86_64 -enable-kvm -M q35 -m 2048 -cpu host -smp 2 -net nic,model=e1000 -net tap,script=no,downscript=no,ifname=tap0 -boot menu=on -usb -vga vmware

qemu-system-x86_64 -enable-kvm -M q35 -m 2048 -cpu host -smp 2 -net nic,model=virtio -net tap,script=no,downscript=no,ifname=tap0 -boot menu=on -usb -vga vmware -bios /usr/share/edk2-ovmf/OVMF_CODE.fd

Copy link

@NiKiZe Is this basically a port of my isc-dhcpd config to dnsmasq? It seems familiar, although I'm not so well versed with dnsmasq's syntax.

My personal preference for TFTP server is tftpd-hpa, but whatever floats your boat. :)

Copy link

NiKiZe commented Aug 5, 2021

Yes, almost identical in the logic, almost copied over, and thus all the credit to you.
Note though that this is for Proxy DHCP usage only, not when running dnsmasq as full DHCP (that is a different beast)

"# Based on logic in"

One small change is I expect iSCSI support to exist in efi builds as well, not just pcbios.
And then using undionly.kpxe and snponly.efi rather than ipxe.x

I'm sure the internal dnsmasq TFTP could be used as well, might investigate that later, but for now I just wanted the basic part up. (atftp has next to no configuration, and works out of the box in Gentoo)
Also created, still needs some review.

Copy link

@NiKiZe When I created that example, iSCSI support for EFI didn't exist, hence why it wasn't in that build. ;)

Good job on the proxydhcp setup. Can imagine that is useful for people that have minimal way to configure their existing DHCP server.

Copy link

NiKiZe commented Aug 6, 2021

Yes I know, just realized that iSCSI is default now so made that change.

I much prefer dhcpd, just that when you can't modify existing DHCP this is what you need to resort to :/
(even started to look into a freestanding iPXE proxydhcp solution, but in the end got this working, even tho I don't like the menu.)

Copy link

robinsmidsrod commented Aug 6, 2021

I seem to recall seeing someone trying to implement a DHCP server in Go, primarily for network-booting. Not sure what it was called, but Konobi might've been involved. There is also this Perl CPAN package,, that I thought of using at some point to create something, but I never found the time...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment