PXE server - broadcast port restriction on boot client demand
I don't think your plan will work the way you want. The OS that gets booted by PXE will typically do its own DHCP network setup. The DHCP client packets from the second network setup probably won't include PXE options.
However, it is certainly possible to detect DHCP client packets with PXE options. This is a common approach so PXE response options can be provided dynamically. What can be done depends on the DHCP service being used.
This is a sample config for isc-dhcp-server DHCP service. It that will offer PXE clients a different pool. It does not offer separate subnets as you want, but it might be adapted.
class "pxeclient" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
filename "pxelinux.0";
}
subnet 192.168.1.0 netmask 255.255.255.0
{
option routers 192.168.1.1;
next-server 192.168.1.1;
max-lease-time 3600;
pool {
range 192.168.1.100 192.168.1.109;
allow members of "pxeclient";
}
pool {
range 192.168.1.110 192.168.1.119;
allow unknown-clients;
}
}
Another common DHCP service is dnsmasq. This is a sample config that does the same as above.
log-dhcp
dhcp-option=3,192.168.1.1
dhcp-match=set:pxe,60,PXEClient
dhcp-boot=tag:pxe,pxelinux.0,server,192.168.1.1
dhcp-range=tag:pxe,192.168.1.100,192.168.1.109,255.255.255.0,1h
dhcp-range=tag:!pxe,192.168.1.110,192.168.1.119,255.255.255.0,1h
Other interesting topics include
- PXE response options based on the PXE client architecture (e.g. BIOS vs UEFI)
- proxyDHCP service (
dnsmasqsupports this feature)
Helpful Links
- https://wiki.fogproject.org/wiki/index.php/BIOS_and_UEFI_Co-Existence
- https://wiki.archlinux.org/title/Diskless_system#DHCP
- https://wiki.archlinux.org/title/Dnsmasq#PXE_server