dnsmasq configuration for TFTP + ProxyDHCP in Ubuntu Server 22.04.3 LTS

I’m trying to configure a PXE setup, in which my Ubuntu Server 22.04.3 LTS would act as TFTP server + ProxyDHCP (current DHCP server has to remain untouched). I’ve googled a lot, and tried a lot of different configurations, but didn’t succeed. Let me show you the current /etc/dnsmasq.conf content:

#to disable DNS server
port=0

#enable TFTP server and set its root path
enable-tftp
tftp-root=/free/pxe

#enable ProxyDHCP server. The address 192.168.1.2 corresponds to the subnet in which the ProxyDHCP server will act (I read somewhere that any address inside the IP subnet is valid for this)
#The address 192.168.1.2 is that of my Ubuntu Server.
interface=enp2s0
dhcp-range=192.168.1.2,proxy

#boot configuration files for PXE clients
# boot config for BIOS systems
dhcp-match=set:bios-x86,option:client-arch,0
dhcp-boot=tag:bios-x86,firmware/ipxe.pxe
# boot config for UEFI systems
dhcp-match=set:efi-x86_64,option:client-arch,7
dhcp-match=set:efi-x86_64,option:client-arch,9
dhcp-boot=tag:efi-x86_64,firmware/ipxe.efi

Currently, the TFTP server is not working (tried with my Windows 10 as a TFTP client), and when trying to PXE boot, the error "No boot filename received" appears.

I can provide more information if requested.

Can anybody tell me how to correctly configure dnsmasq to fix TFTP and ProxyDHCP functionality?

Asked By: Free

||

This is the dnsmasq configuration I have used, modified to match what you provided. I put this in /etc/dnsmasq.d/pxe.conf

# Disable DNS Server
port=0

# Enable TFTP server
enable-tftp
tftp-root=/srv/tftp

# Enable DHCP logging
log-dhcp

# Respond to PXE requests for the specified network;
# run as DHCP proxy
dhcp-range=192.168.1.0,proxy,255.255.255.0

# match all pxe clients
dhcp-match=set:pxe,60,PXEClient
# set tag based on client-arch
dhcp-match=set:bios,option:client-arch,0
dhcp-match=set:efi-x86,option:client-arch,6
dhcp-match=set:efi-x86_64,option:client-arch,7
dhcp-match=set:efi-x86_64,option:client-arch,9
dhcp-match=set:efi-arm32,option:client-arch,10
dhcp-match=set:efi-arm64,option:client-arch,11

# match ipxe, which can help chainload
dhcp-match=set:ipxe,175

# bios
pxe-service=tag:pxe,tag:bios,X86PC,"Network Boot BIOS",ipxe.pxe,192.168.1.2

# uefi
pxe-service=tag:pxe,tag:efi-x86_64,x86-64_EFI,"Network Boot UEFI x86_64",ipxe.efi,192.168.1.2

# chainload ipxe
#pxe-service=tag:bios,tag:!ipxe,X86PC,"iPXE BIOS",ipxe.pxe,192.168.1.2
#pxe-service=tag:efi-x86_64,tag:!ipxe,x86-64_EFI,"iPXE UEFI",ipxe.efi,192.168.1.2
#pxe-service=tag:bios,tag:ipxe,X86PC,"iPXE BIOS script",script.ipxe,192.168.1.2

Notes

  • I have used this configuration on Ubuntu 20.04 (dnsmasq 2.90-0ubuntu0.20.04.1).
  • The dnsmasq logs are very useful for debugging. E.g. journalctl -b -u dnsmasq.service
  • ipxe worked with ProxyDHCP when I tested it, but it did not work if Secure Boot was enabled.
  • with ipxe you may need to chainload a script file. I added a commented out example.
  • There are alternative options to ipxe, and each has their own drawbacks. E.g. the last time I tested grub did not support ProxyDHCP. However, the Fedora version of grub has been patched to support ProxyDHCP.
Answered By: Andrew Lowther

After analyzing Andrew’s post, reading documentation at archlinux wiki and man dnsmasq and testing myself, I got to the final solution which is working for both BIOS PXE and UEFI PXE. Content of the /etc/dnsmasq.d/pxe.conf file:

#to disable DNS server
port=0

#enable TFTP server and set its root path
enable-tftp
tftp-root=/free/pxe

# Enable DHCP logging
log-dhcp

#enable ProxyDHCP server. The address 192.168.1.0 corresponds to the subnet in which the ProxyDHCP server will act
dhcp-range=192.168.1.0,proxy,255.255.255.0

# bios
pxe-service=x86PC,"Network Boot BIOS",firmware/ipxe.pxe

# uefi
pxe-service=X86-64_EFI,"Network Boot UEFI x86_64",firmware/ipxe.efi

The key in this case was to use pxe-service entries instead of dhcp-match and dhcp-boot entries. Those are surely adequate to other cases, which may differ on the operating system or other things. I don’t know, but just know that for this case, pxe-service entries worked fine.

In case someone needs to know this, the X86PC value and X86-64_EFI are the client system type, or CSA as mentioned in this man article: man dnsmasq.

Also, in this case, I didn’t add the TFTP server address to the end of the pxe-service entry, because the TFTP server is the same host as the ProxyDHCP server, and obviously has the same address. But if it was a different one, you have to add the IP address of TFTP server at the end of the pxe-service statement, as described in the man article.

Answered By: Free
Categories: Answers Tags: , , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.