Netboot with Proxy DHCP

samdbmg/dhcp-netboot.xyz is a Docker container that can be dropped into your network to netbook various OS installers and tools. It lets your existing DHCP server hand out addresses, and then acts as a PXE Proxy for clients that want to use netboot.

I made it because I can never find a serviceable USB stick or the right assortment of .iso files when I want to do an OS install. But I'd rather not have to completely replace my DHCP server (e.g. my home router) just to netboot one system.

It's built on netboot.xyz which provides a bootable environment with a huge assortment of Linux live CDs, installers, utilities like memtest86 and GParted and even support for the Windows installer (if you bring your own Windows ISO and mount it on your network).

Connecting the container is a little tricky: standard Docker networking creates a network for containers and then routes traffic between that and the host's network interface using iptables rules, allowing for example traffic to port 8443 on the host to be sent to port 443 on the container. That doesn't work very well with DHCP, which relies on the ability to make and receive broadcasts. All of the participants have to be on the same LAN segment, which means port forwarding isn't going to work. One easy solution is to use Docker's host network mode which makes the container behave as if it were a process on the host from a networking perspective; although that doesn't work if anything else wants to listen on the ports the container uses (which includes port 80 used by netboot.xyz). Another approach demonstrated using a docker-compose file in the repo uses the ipvlan network driver to effectively create a new network interface connected to the same network as the host, in the same IP range as if it were a separate device (akin to how VMs can be connected directly to the host network), which avoids theses issues.

I've used this to install various new systems at home, to boot into tools when I need to do partition maintenance or test some memory, and also when I want to build a new VM on my workstation (although note that if you're using Hyper-V Generation 2, Secure Boot has to be off for it to work)

0
Subscribe to my newsletter

Read articles from Sam Mesterton-Gibbons directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Sam Mesterton-Gibbons
Sam Mesterton-Gibbons

I'm a Manchester-based techie who likes building systems to solve interesting problems, with interests in media and video production and sustainability.