DHCP if statements

  • I am trying to see if pfsense is going to work for me in this experiment.  I am wanting to run a gpxe based network booting system.  However, to avoid having to install gPXE in the client systems, I want to chainload it from the factory PXE implementations present in pretty much every PC.  So, what needs to happen, is when a computer requests a lease, it checks if that request is tagged with the user-class "gPXE", if it is NOT, then it directs it to my gPXE image (gpxe.pxe, in this case).  Then, one gpxe initializes on the client, it will then make a new DHCP request, this time WITH the "gPXE" user-class, in which case, it is then directed to an iSCSI target for sanboot (selected by mac address, ideally).  unfortunately, to acomplish this, it must be done with DHCPD.CONF if statements:

    if exists user-class and option user-class = "gPXE" {
         filename "";
         option root-path "iscsi:xxx.xxx.xxx.xxx::::iqn.2009-01.blah.lah.la";
    } else {
         filename "gpxe.pxe";

    Is this possible?  IT appears it is not really easy to alter the dhcpd.conf file, because the webconfigurator will just overwrite the changes in the future.  Is there a supplemental file that can include custom items?  in my search, I found an email thread that mentioned 2.0 would include the ability to add these custom lines to the conf file, but I can't find it in the UI anywhere.

  • Looks like I've had to find another method.  Fortunately, the folks over at SYSLINUX had upgraded teh classic pxelinux.0 image to a newer gpxelinux.0 image, that does support iscsi booting.  That way, i can use various pxelinux.cfg files to direct individual clients (by mac address) to individual iscsi targets.

    So, I've not got the pfsense DHCP server's network boot config set to next-server: <pfsense ip="">; filename gpxelinux.0.

    I've got the TFTP package installed, and in it, I have included gpxelinux.0, sanboot.c32, menu.c32, and a folder called pxelinux.cfg.

    In that folder, I've got a default file that brings up a simple menu for testing purposes, and so far, the clients load that far just fine.  I can then make individual config files for each client, as I get that far.  Anyone see potential complications with this setup?</pfsense>

  • Rebel Alliance Developer Netgate

    On 2.1 I added the ability to make multiple pools each with their own settings like this and you can allow/deny access to the pools based on MAC address.

    So you might be able to leverage that to help with this. It's not exactly what you're after, but it's the closest way to get it done in our GUI at the moment.

Log in to reply