<![CDATA[刘佳的技术日志、博客]]>

1:架设dhcpd服务
安装略
查看/etc/dhcpd.conf配置文件内容

引用

ddns-update-style interim;
ignore client-updates;

allow booting;
filename "pxelinux.0";

subnet 192.168.0.0 netmask 255.255.255.0 {

# --- default gateway
option routers 192.168.0.254;
option subnet-mask 255.255.255.0;

option nis-domain "domain.org";
option domain-name "domain.org";
option domain-name-servers 192.168.1.1;

option time-offset -18000; # Eastern Standard Time
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;

# range dynamic-bootp 192.168.0.128 192.168.0.254;
default-lease-time 21600;
max-lease-time 43200;

# we want the nameserver to appear at a fixed address
host ns {

next-server 192.168.0.254;

hardware ethernet 12:34:56:78:AB:CD;
fixed-address 192.168.0.100;
}
}

2:tftp服务配置
安装略
修改配置文件

引用

[root@rhce ~]# cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
disable = no
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot
per_source = 11
cps = 100 2
flags = IPv4
}

配置目录/tftpboot目录下的文件解析，pxelinux.0来源自syslinux,在tftpboot下面的默认位置目录文件
pxelinux.cfg/default,文件来自光盘CD中的isolinux目录。default来自isolinux.cfg。

[root@rhce tftpboot]# locate pxelinux.0
/usr/lib/syslinux/pxelinux.0
[root@rhce tftpboot]# cp /usr/lib/syslinux/pxelinux.0 /tftpboot/
[root@rhce tftpboot]# cp /misc/cd/isolinux/* /tftpboot/
[root@rhce tftpboot]# mkdir pxelinux.cfg
[root@rhce tftpboot]# cp isolinux.cfg pxelinux.cfg/default
[root@rhce ~]# tree -C /tftpboot/
/tftpboot/
|-- TRANS.TBL
|-- boot.cat
|-- boot.msg
|-- general.msg
|-- initrd.img
|-- isolinux.bin
|-- isolinux.cfg
|-- memtest
|-- options.msg
|-- param.msg
|-- pxelinux.0
|-- pxelinux.cfg
| `-- default
|-- rescue.msg
|-- splash.lss
`-- vmlinuz

1 directory, 15 files
[root@rhce tftpboot]# cat pxelinux.cfg/default
default linux
prompt 1
timeout 600
display boot.msg
F1 boot.msg
F2 options.msg
F3 general.msg
F4 param.msg
F5 rescue.msg
label linux
kernel vmlinuz
append initrd=initrd.img
label text
kernel vmlinuz
append initrd=initrd.img text
label ks
kernel vmlinuz
append ks initrd=initrd.img
label local
localboot 1
label memtest86
kernel memtest
append -

三：iptables的部分设置
从netstat获取xinetd的端口，或者/etc/services里面获取的
开放xinetd的端口69访问

[root@rhce ~]# netstat -nap | grep xinetd
udp 0 0 0.0.0.0:69 0.0.0.0:* 1682/xinetd
unix 2 [ ] DGRAM 4524 1682/xinetd
[root@rhce ~]# cat /etc/services | grep tftp
tftp 69/tcp
tftp 69/udp
tftp-mcast 1758/tcp
tftp-mcast 1758/udp
mtftp 1759/udp
subntbcst_tftp 247/tcp # SUBNTBCST_TFTP
subntbcst_tftp 247/udp # SUBNTBCST_TFTP
etftp 1818/tcp # Enhanced Trivial File Transfer Protocol
etftp 1818/udp # Enhanced Trivial File Transfer Protocol
tftps 3713/tcp # TFTP over TLS
tftps 3713/udp # TFTP over TLS
[root@rhce ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

四:重启服务、添加服务,开机自启动。

[root@rhce ~]# /etc/init.d/dhcpd restart
关闭 dhcpd： [确定]
启动 dhcpd： [确定]
[root@rhce ~]# /etc/init.d/xinetd restart
停止 xinetd： [确定]
启动 xinetd： [确定]
[root@rhce ~]# /etc/init.d/iptables restart
清除防火墙规则： [确定]
把 chains 设置为 ACCEPT 策略：filter [确定]
正在卸载 Iiptables 模块： [确定]
应用 iptables 防火墙规则： [确定]
载入额外 iptables 模块：ip_conntrack_netbios_ns ip_conntrac[确定]
[root@rhce ~]# chkconfig dhcpd on
[root@rhce ~]# chkconfig xinetd on
[root@rhce ~]# chkconfig iptables on
[root@rhce ~]# chkconfig tftp on

]]>