Roy Vestal wrote:
After further reading, I have questions on the security of NFS and the
dhcpd.conf.
NFS:
I'm thinking of creating a subnet that is ONLY for these diskless
clients and allowing ONLY this IP range to read my NFS OS share (ro of
course). Sound right?
Yeah, you're pretty much only going to be able to lock down NFS reliably
(during pxe bootup, at least) by IP address. Having a dedicated range
for your clients is essentially a must.
dhcpd.conf:
In dhcpd.conf I want to create a range of IP's, say 192.168.1.10 -
192.168.1.50 and I want to tell dhcpd to use these for 50 specific
MAC's. However, I do not want to reserve a specific IP for a specific
MAC, I want the MAC to be assigned and IP out of the pool, in this
example 192.168.1.10 - .50 . How would we go about this?
subnet 192.168.1.10 netmask 255.255.255.0 {
range dynamic-bootp 192.168.1.10 192.168.1.50;
allow bootp;
deny unknown-clients;
}
group {
host foo {
hardware ethernet 00:00:00:00:00:00;
}
That should do the trick. Repeat foo with appropriate hostname as many
times as desired.
Aaron S. Joyner
TIA
Roy Vestal wrote:
I need to setup a PXE env for diskless clients at work. We have an
internal network that is shared acrossed multiple departments here. I
want ONLY my departments diskless clients to connect to it. I'm
familiar with setting up the PXE, but I'm not 100% sure on securing
this.
Has anyone a suggestion or two? I'm looking through the RHEL
documentation but no real security measures are discussed in detail.
Also, we will eventually have over 100 clients on this network, not
necessarily at one time, but there will be over 100 clients that will
need to connect. I need a secure solution on sharing the OS they will
be using.
Any suggestions would be greatly appreciated...
Roy
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
