06-07-2007 01:32 AM
I understand that HP does not support Ignite across firewalls but wondered if you were aware of a preferred method of getting this done.
At the moment, we are looking into providing boot helpers on each relevant subnet and then archiving using NFS.
It is NFS that is causing us a problem across firewalls.
Any help you can provide with this will be most appreciated.
Solved! Go to Solution.
06-07-2007 02:08 AM
This document talks about setting up Ignite with Bastille:
As some of the security levels in bastille involve enabling the IPfilter firewall, there is plenty of data in here on what ports you need open for Ignite to run.
Unfortunately as NFS is involved thats a LOT of ports.
06-07-2007 02:20 AM
Realistically there is no practical way to run Ignite across a firewall. NFS is used to tranfer the image, tftp is used to boot. The client and server need to be on the same network or have a boothelper.
No firewall administrator in her right mind would have those ports open on a firewall that is designed to protect something.
NFS 4 does have the ability to specify what ports portmapper will use. I did this in RHCE class. So in a situation where you were using NFS 4, you might be able to do this. NFS 3 needs a random port for portmapper in version 3. Dave Olker however probably has a solution to this issue concerning the NFS portion of the problem.
The real solution problem is booting. That uses priviledged ports below 1024 and protocols such as bootp that are simply not very secure.
Owner of ISN Corporation
06-07-2007 02:33 AM
What I found is that in order for Ignite to work across a firewall, you have to compromise security to a point where there is no security.
We wound up purchasing a tape drive and performing a local make_tape_recovery
If you have multiple systems on the other side of the firewall, you could set one of them up to an ignite server for the those systems.
06-07-2007 03:04 AM