Renumber PXE LAN from 10.9.100.0/24 to 172.16.9.0/24
Single-site bay-stuck issue at WJ: GE Intune Report IP script filters
Get-NetIPAddress on StartsWith("10.") and posts everything matching
to the GE Tines webhook. Bays at WJ get the PXE LAN 10.9.100.x IP
captured and reported -> GE backend tags bays as on a non-corp 10.x
subnet -> dynamic group eligibility for SFLD policy never matches.
Other GE sites work because their PXE LANs aren't on 10.x at all.
Renumber PXE LAN to RFC1918 172.16.9.0/24 so the GE filter naturally
skips wired PXE addresses without any disable-NIC dance.
Server-side already in flight (netplan dual-bound, dnsmasq scope +
boot URL repointed, blancco preferences + grub.cfg + iPXE GetPxeScript
all sed'd to 172.16.9.1). This commit is the playbook / scripts /
docs side: 109 hits across 35 files sed'd in one shot.
After this lands + boot.wim is rebuilt + bays renumber off DHCP,
the 10.9.100.1 binding will be dropped from netplan as the final
cleanup step.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
12
SETUP.md
12
SETUP.md
@@ -18,7 +18,7 @@ Client PXE boot
|
||||
|
||||
| Service | Port | Purpose |
|
||||
|-------------|-----------|------------------------------------------|
|
||||
| dnsmasq | 67/udp | DHCP (10.9.100.10-100) |
|
||||
| dnsmasq | 67/udp | DHCP (172.16.9.10-100) |
|
||||
| dnsmasq | 69/udp | TFTP (serves ipxe.efi) |
|
||||
| Apache | 80/tcp | HTTP (wimboot, WinPE boot files, proxy) |
|
||||
| Apache | 4433/tcp | iPXE boot script (GetPxeScript.aspx) |
|
||||
@@ -95,7 +95,7 @@ Move the server's wired NIC to the isolated switch for PXE clients.
|
||||
|
||||
### Step 6: Import WinPE Content (if not bundled in Step 3)
|
||||
|
||||
**Option A:** Use the web interface at `http://10.9.100.1:9009` to import from USB.
|
||||
**Option A:** Use the web interface at `http://172.16.9.1:9009` to import from USB.
|
||||
|
||||
**Option B:** Manual copy:
|
||||
```bash
|
||||
@@ -107,7 +107,7 @@ sudo umount /mnt/usb2
|
||||
|
||||
## Web Management Interface
|
||||
|
||||
Access at `http://10.9.100.1:9009` from any machine on the isolated network.
|
||||
Access at `http://172.16.9.1:9009` from any machine on the isolated network.
|
||||
|
||||
| Page | URL Path | Purpose |
|
||||
|-------------------|-------------|-----------------------------------------------|
|
||||
@@ -146,7 +146,7 @@ sudo ./test-vm.sh ~/Downloads/ubuntu-24.04.3-live-server-amd64.iso
|
||||
# Watch progress (Ctrl+] to detach)
|
||||
sudo virsh console pxe-test
|
||||
|
||||
# After install: ssh pxe@10.9.100.1 / http://10.9.100.1:9009
|
||||
# After install: ssh pxe@172.16.9.1 / http://172.16.9.1:9009
|
||||
|
||||
# Clean up
|
||||
sudo ./test-vm.sh --destroy
|
||||
@@ -215,8 +215,8 @@ pxe-server/
|
||||
|
||||
## Network Configuration
|
||||
|
||||
- PXE server static IP: `10.9.100.1/24`
|
||||
- DHCP range: `10.9.100.10` - `10.9.100.100`
|
||||
- PXE server static IP: `172.16.9.1/24`
|
||||
- DHCP range: `172.16.9.10` - `172.16.9.100`
|
||||
- Lease time: 12 hours
|
||||
- DNS: `8.8.8.8` (passed to clients, not used by server)
|
||||
- Firewall: UFW deny-by-default, allow 67/udp 69/udp 80/tcp 445/tcp 4433/tcp 9009/tcp
|
||||
|
||||
Reference in New Issue
Block a user