Difference between pages "Squid" and "PXE Network Windows Installation"

From Funtoo
(Difference between pages)
Jump to: navigation, search
(The Squid Proxy Server)
 
(Creating a Setup Instruction File)
 
Line 1: Line 1:
== The Squid Proxy Server ==
+
''Howto use your Funtoo machine to serve a MS Windows installation over the network''
 +
In this guide we will assume that you have followed the [[PXE network boot server]] Wiki article and have a working network/pxe boot setup. As of now this guide will cover Windows XP. Soon it will be expanded to also cover Windows 7.
 +
==Prerequisites==
 +
#A working Funtoo installation
 +
#A working PXE Setup (DHCP, TFTP, PXELinux)
 +
#app-arch/cabextract
 +
#A legitimate copy of Microsoft Windows
 +
#Driver for your NIC - ''Suggested to use a complete driver pack with all major supported NIC hardware for the version of Windows to be installed.''
 +
#RIS Linux toolkit >=0.4
 +
#A working Samba server setup
  
'''This is a quick and dirty howto about getting Squid up und running in 5min...'''
+
== Creating the Windows XP Image ==
  
What benefits one may get from using an anonymous proxy server? Well, I would say many things but the most important one is that you can browse the web anonymously without exposing your IP, location etc.. out there. Anyhow, even though I usually use OpenVPN or PPTP for safe browsing and such things, having a private anonymous proxy server in your toolbox is a nice thing.
+
*In the previous guide, [http://www.funtoo.org/wiki/PXE_network_boot_server PXE Network Boot Server], we used /tftproot as the working directory so we will also use it in this guide for convenience. If you chose to use a different working directory then please apply it where needed in place of the /tftproot we will be going by here.
Furthermore, a cache is speeding up you daily internet connection with repeating objects getting out of the cache instead of downloading it again. Advanced filtering technics (Antivirus, Content, Ad-Blocks, etc) are also possible.
+
  
Please start always by refreshing your portage tree, like:
+
First you will need to create an ISO from your Windows XP installation disc. If you already have the ISO image you may skip this step.
  
 
<console>
 
<console>
###i## emerge --sync
+
###i## dd if=/dev/sr0 of=/tftproot/winxp.iso
 
</console>
 
</console>
next, we search the portage tree for {{Package|net-proxy/squid}}:
+
If your cdrom device isn't ''<code>/dev/sr0</code>'' please use the appropriate device in this command.
 +
 
 +
== Mount the ISO and Prepare Installation Sources ==
 +
Mount the image to ''<code>/tftproot/cdrom</code>'':  
 
<console>
 
<console>
###i## emerge --search squid
+
###i## mkdir /tftproot/cdrom; mount -o loop /tftproot/winxp.iso /tftproot/cdrom
=> net-analyzer/squid-graph
+
</console>
=> net-analyzer/squidsites
+
Create the new directory for the network installation files and copy the needed files to it:
=> net-analyzer/squidview
+
<console>
=> net-proxy/squid
+
###i## mkdir /tftproot/winxp; cp -R /tftproot/cdrom/i386 /tftproot/winxp/i386
=> net-proxy/squidclamav
+
</console>
=> net-proxy/squidguard
+
Depending on your CD/DVD copy of windows the directory name may be I386 as opposed to i386, if that is the case you will just need to change the first part of the command, keeping the new directory name i386 - this is going to be very important later on when creating the remap file!
=> sec-policy/selinux-squid
+
Check the contents of your newly created i386 directory to see if the filenames are in all CAPS or if they are already in lowercase.
 +
<console>
 +
###i## ls /tftproot/winxp/i386
 +
</console>
 +
If you happen to have all UPPERCASE filenames, lets go ahead and run a script to convert it to all lowercase:
 +
<console>
 +
###i## cd /tftproot/winxp/i386;ls | awk '$0!=tolower($0){printf "mv \"%s\" \"%s\"\n",$0,tolower($0)}' | sh
 
</console>
 
</console>
  
Next, we emerge ''<code>squid</code>'' using:
+
==Extracting and Modifying the Required Boot Files ==
 +
Install {{Package|app-arch/cabextract}}
 
<console>
 
<console>
###i## emerge -av net-proxy/squid
+
###i## emerge -av app-arch/cabextract
 +
</console>
 +
Extract the prepackaged drivers:
 +
<console>
 +
###i## cd /tftproot/winxp/i386;cabextract driver.cab
 +
</console>
 +
Install support for a large list of network cards:
 +
<console>
 +
###i## cd /tftproot/;wget http://downloads.sourceforge.net/project/bootfloppy/pxefiles.tar.gz
 +
###i## tar zxvf pxefiles.tar.gz; cp pxefiles/drivers/* winxp/i386/
 +
</console>
 +
Copy the BINLSRV /INFParser tools to /tftproot:
 +
<console>
 +
###i## cp pxefiles/script/* /tftproot/
 +
</console>
 +
Extract the netboot startrom:
 +
<console>
 +
###i## cd /tftproot; cabextract winxp/i386/startrom.n1_
 +
</console>
 +
Fix the startrom for netbooting xp:
 +
<console>
 +
###i## sed -i -e 's/NTLDR/XPLDR/gi' startrom.n12
 +
###i## mv startrom.n12 winxp.0
 +
</console>
 +
Fix XPLDR:
 +
<console>
 +
###i## cabextract winxp/i386/setupldr.ex_
 +
###i## sed -i -e 's/winnt\.sif/winxp\.sif/gi' setupldr.exe
 +
###i## sed -i -e 's/ntdetect\.com/ntdetect\.wxp/gi' setupldr.exe
 +
###i## mv setupldr.exe xpldr
 +
###i## cp winxp/i386/ntdetect.com ntdetect.wxp
 
</console>
 
</console>
  
Once it got installed, since this squid proxy setup will be using authentication to authenticate users via the ‘ncsa_auth‘ helper, we need to know the location of this helper so we can use it in our squid.confconfiguration file. To find this I’ll be using a tool named as ‘qfile‘ which is shipped in ‘app-portage/portage-utils‘.
+
== Creating a remapping file ==
 +
Create the file <code>/tftproot/tftpd.remap</code> and add the following to it:
 +
{{File
 +
|/tftproot/tftpd.remap|<pre>
 +
ri ^[az]: # Remove “drive letters”
 +
rg \\ / # Convert backslashes to slashes
 +
rg \# @ # Convert hash marks to @ signs
 +
rg /../ /..no../ # Convert /../ to /..no../
 +
rg A a
 +
rg B b
 +
rg C c
 +
rg D d
 +
rg E e
 +
rg F f
 +
rg G g
 +
rg H h
 +
rg I i
 +
rg J j
 +
rg K k
 +
rg L l
 +
rg M m
 +
rg N n
 +
rg O o
 +
rg P p
 +
rg Q q
 +
rg R r
 +
rg S s
 +
rg T t
 +
rg U u
 +
rg V v
 +
rg W w
 +
rg X x
 +
rg Y y
 +
rg Z z
 +
r ^/(.*) \1
 +
r ^xpldr xpldr
 +
r ^ntdetect.wxp ntdetect.wxp
 +
r ^winxp.sif winxp.sif
 +
</pre>}}
  
# qfile ncsa_auth
+
==Install/Configure Samba ==
net-proxy/squid (/usr/libexec/squid/ncsa_auth)
+
If you don't already have {{Package|net-fs/samba}} installed, then:
 +
<console>
 +
###i## emerge -av net-fs/samba
 +
</console>
 +
Create a Samba share for your tftp server in <code>/etc/samba/smb.conf</code>
  
ok, so the auth helper is located in ‘/usr/libexec/squid/ncsa_auth’ so let’s setup Squid’s configuration file (/etc/squid/squid.conf). Make sure you change ‘XXX.XX.XX.XXX’ with your actual server’s IP address and edit anything else you want to suit your needs.
+
{{Note}} Be sure you have the other required samba settings configured in the file
 +
{{File
 +
|/etc/samba/smb.conf|<pre>
 +
[Global]
 +
interfaces = lo eth0 wlan0
 +
bind interfaces only = yes
 +
workgroup = WORKGROUP
 +
security = user
  
 +
[tftproot]
 +
path = /tftproot
 +
browsable = true
 +
read only = yes
 +
writable = no
 +
guest ok = yes
 +
</pre>}}
 +
Start Samba:
 +
<console>
 +
###i## /etc/init.d/samba start
 +
</console> 
 +
or if samba has already been started:
 +
<console>
 +
###i## /etc/init.d/samba restart
 +
</console>
  
 +
== Creating a Setup Instruction File ==
 +
Create the file <code>/tftproot/winxp.sif</code> and add the following, replacing <tt>SAMBA_SERVER_IP</tt> with the local IP address of your samba server:
 +
{{File
 +
|/tftproot/winxp.sif|<pre>
 +
[data]
 +
floppyless = "1"
 +
msdosinitiated = "1"
 +
; Needed for second stage
 +
OriSrc = "\\SAMBA_SERVER_IP\tftproot\winxp\i386"
 +
OriTyp = "4"
 +
LocalSourceOnCD = 1
 +
DisableAdminAccountOnDomainJoin = 1
 +
 +
[SetupData]
 +
OsLoadOptions = "/fastdetect"
 +
; Needed for first stage
 +
SetupSourceDevice = "\Device\LanmanRedirector\SAMBA_SERVER_IP\tftproot\winxp"
 +
 +
[UserData]
 +
ComputerName = *
 +
</pre>}}
 +
 +
== Editing the pxelinux.cfg/default boot menu ==
 +
Edit your boot menu so that it contains the following entry:
 
<console>
 
<console>
###i## cp /etc/squid/squid.conf{,_orig} && \cat > /etc/squid/squid.conf <<EOF
+
LABEL WinXP
auth_param basic program /usr/libexec/squid/ncsa_auth /etc/squid/passwd
+
MENU LABEL Install MS Windows XP
auth_param basic children 5
+
KERNEL winxp.0
auth_param basic realm please login?
+
</console>
auth_param basic credentialsttl 2 hours
+
auth_param basic casesensitive off
+
acl ncsa_users proxy_auth REQUIRED
+
http_access allow ncsa_users
+
acl manager proto cache_object
+
acl localhost src 127.0.0.1/32 ::1
+
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
+
acl localnet src 10.0.0.0/8   
+
# RFC 1918 possible internal network
+
acl localnet src 172.16.0.0/12 
+
# RFC 1918 possible internal network
+
acl localnet src 192.168.0.0/16
+
# RFC 1918 possible internal network
+
acl localnet src fc00::/7     
+
# RFC 4193 local private network range
+
acl localnet src fe80::/10     
+
# RFC 4291 link-local (directly plugged) machines
+
acl SSL_ports port 443
+
acl Safe_ports port 80          # http
+
acl Safe_ports port 21          # ftp
+
acl Safe_ports port 443        # https
+
acl Safe_ports port 70          # gopher
+
acl Safe_ports port 210        # wais
+
acl Safe_ports port 1025-65535  # unregistered ports
+
acl Safe_ports port 280        # http-mgmt
+
acl Safe_ports port 488        # gss-http
+
acl Safe_ports port 591        # filemaker
+
acl Safe_ports port 777        # multiling http
+
acl Safe_ports port 901        # SWAT
+
acl CONNECT method CONNECT
+
http_access allow manager localhost
+
http_access deny manager
+
http_access deny !Safe_ports
+
http_access deny CONNECT !SSL_ports
+
http_access allow localnet
+
http_access allow localhost
+
http_access allow localhost
+
http_access deny all
+
http_port 2222
+
coredump_dir /var/cache/squid
+
refresh_pattern ^ftp:          1440    20%    10080
+
refresh_pattern ^gopher:        1440    0%      1440
+
refresh_pattern -i (/cgi-bin/|\?) 0    0%      0
+
refresh_pattern .              0      20%    4320
+
icp_access allow localnet
+
icp_access deny all
+
acl ip1 myip XXX.XX.XX.XXX
+
tcp_outgoing_address XXX.XX.XX.XXX ip1
+
cache_mgr mail@maiwald.tk
+
cache_mem 128 MB
+
visible_hostname ViruSzZ
+
maximum_object_size 20 MB
+
cache_dir ufs /var/cache/squid 512 32 512
+
  
forwarded_for off
+
== Re-Start all required daemons ==
request_header_access Allow allow all
+
If the daemon isn't already running use start instead or restart in the following commands
request_header_access Authorization allow all
+
<console>
request_header_access WWW-Authenticate allow all
+
###i## /etc/init.d/dnsmasq restart
request_header_access Proxy-Authorization allow all
+
###i## /etc/init.d/in.tftpd restart
request_header_access Proxy-Authenticate allow all
+
request_header_access Cache-Control allow all
+
request_header_access Content-Encoding allow all
+
request_header_access Content-Length allow all
+
request_header_access Content-Type allow all
+
request_header_access Date allow all
+
request_header_access Expires allow all
+
request_header_access Host allow all
+
request_header_access If-Modified-Since allow all
+
request_header_access Last-Modified allow all
+
request_header_access Location allow all
+
request_header_access Pragma allow all
+
request_header_access Accept allow all
+
request_header_access Accept-Charset allow all
+
request_header_access Accept-Encoding allow all
+
request_header_access Accept-Language allow all
+
request_header_access Content-Language allow all
+
request_header_access Mime-Version allow all
+
request_header_access Retry-After allow all
+
request_header_access Title allow all
+
request_header_access Connection allow all
+
request_header_access Proxy-Connection allow all
+
request_header_access User-Agent allow all
+
request_header_access Cookie allow all
+
request_header_access All deny all
+
shutdown_lifetime 3 seconds
+
EOF
+
 
</console>
 
</console>
  
proceed with creating the ‘/etc/squid/passwd’ file and adding your user by executing:
+
== Modify Binlsrv, update driver cache, and start driver hosting service ==
# htpasswd -c /etc/squid/passwd your_user
+
Change the BASEPATH= variable at or around line #62 of ''<code>binlsrv.py</code>'' so that it is:
(note that you need to omit the ‘-c’ switch when adding another user to the file)
+
<console>
 
+
###i## nano binlsrv.py
then do a <code># squid -z</code> to create the cache direcory.
+
BASEPATH='/tftproot/winxp/i386/'
Finally, restart your squid server and check if it’s actually listening using:
+
</console>
# /etc/init.d/squid restart
+
Generate driver cache:
# netstat -tunlp | grep 2222
+
<console>
tcp        0      0 0.0.0.0:2222            0.0.0.0:*              LISTEN      482/(squid)
+
###i## cd /tftproot;./infparser.py winxp/i386/
if you like it to start on your system’s start-up, then you can execute:
+
</console>
# rc-update add squid default
+
Start binlservice:
To test it, for example I use Opera for this so I just go to ‘Settings → Preferences → Advanced → Network → Proxy Servers’ and set the browser to use the proxy server we just created.
+
<console>
 +
###i## ./binlsrv.py
 +
</console>
  
 +
== Booting the client ==
 +
If all is well, you should be able to boot the client choosing to ''boot from network'' in the boot options, you should get to your PXELinux bootloader, and see the Install Windows XP option after pressing enter you *should* kick off your XP installation via network!! Congratulations!
  
 
[[Category:HOWTO]]
 
[[Category:HOWTO]]

Revision as of 23:52, 14 January 2014

Howto use your Funtoo machine to serve a MS Windows installation over the network In this guide we will assume that you have followed the PXE network boot server Wiki article and have a working network/pxe boot setup. As of now this guide will cover Windows XP. Soon it will be expanded to also cover Windows 7.

Contents

Prerequisites

  1. A working Funtoo installation
  2. A working PXE Setup (DHCP, TFTP, PXELinux)
  3. app-arch/cabextract
  4. A legitimate copy of Microsoft Windows
  5. Driver for your NIC - Suggested to use a complete driver pack with all major supported NIC hardware for the version of Windows to be installed.
  6. RIS Linux toolkit >=0.4
  7. A working Samba server setup

Creating the Windows XP Image

  • In the previous guide, PXE Network Boot Server, we used /tftproot as the working directory so we will also use it in this guide for convenience. If you chose to use a different working directory then please apply it where needed in place of the /tftproot we will be going by here.

First you will need to create an ISO from your Windows XP installation disc. If you already have the ISO image you may skip this step.

# dd if=/dev/sr0 of=/tftproot/winxp.iso

If your cdrom device isn't /dev/sr0 please use the appropriate device in this command.

Mount the ISO and Prepare Installation Sources

Mount the image to /tftproot/cdrom:

# mkdir /tftproot/cdrom; mount -o loop /tftproot/winxp.iso /tftproot/cdrom

Create the new directory for the network installation files and copy the needed files to it:

# mkdir /tftproot/winxp; cp -R /tftproot/cdrom/i386 /tftproot/winxp/i386

Depending on your CD/DVD copy of windows the directory name may be I386 as opposed to i386, if that is the case you will just need to change the first part of the command, keeping the new directory name i386 - this is going to be very important later on when creating the remap file! Check the contents of your newly created i386 directory to see if the filenames are in all CAPS or if they are already in lowercase.

# ls /tftproot/winxp/i386

If you happen to have all UPPERCASE filenames, lets go ahead and run a script to convert it to all lowercase:

# cd /tftproot/winxp/i386;ls | awk '$0!=tolower($0){printf "mv \"%s\" \"%s\"\n",$0,tolower($0)}' | sh

Extracting and Modifying the Required Boot Files

Install app-arch/cabextract

# emerge -av app-arch/cabextract

Extract the prepackaged drivers:

# cd /tftproot/winxp/i386;cabextract driver.cab

Install support for a large list of network cards:

# cd /tftproot/;wget http://downloads.sourceforge.net/project/bootfloppy/pxefiles.tar.gz
# tar zxvf pxefiles.tar.gz; cp pxefiles/drivers/* winxp/i386/

Copy the BINLSRV /INFParser tools to /tftproot:

# cp pxefiles/script/* /tftproot/

Extract the netboot startrom:

# cd /tftproot; cabextract winxp/i386/startrom.n1_

Fix the startrom for netbooting xp:

# sed -i -e 's/NTLDR/XPLDR/gi' startrom.n12
# mv startrom.n12 winxp.0

Fix XPLDR:

# cabextract winxp/i386/setupldr.ex_
# sed -i -e 's/winnt\.sif/winxp\.sif/gi' setupldr.exe
# sed -i -e 's/ntdetect\.com/ntdetect\.wxp/gi' setupldr.exe
# mv setupldr.exe xpldr
# cp winxp/i386/ntdetect.com ntdetect.wxp

Creating a remapping file

Create the file /tftproot/tftpd.remap and add the following to it:

ri ^[az]: # Remove “drive letters”
rg \\ / # Convert backslashes to slashes
rg \# @ # Convert hash marks to @ signs
rg /../ /..no../ # Convert /../ to /..no../
rg A a
rg B b
rg C c
rg D d
rg E e
rg F f
rg G g
rg H h
rg I i
rg J j
rg K k
rg L l
rg M m
rg N n
rg O o
rg P p
rg Q q
rg R r
rg S s
rg T t
rg U u
rg V v
rg W w
rg X x
rg Y y
rg Z z
r ^/(.*) \1
r ^xpldr xpldr
r ^ntdetect.wxp ntdetect.wxp
r ^winxp.sif winxp.sif

Install/Configure Samba

If you don't already have net-fs/samba installed, then:

# emerge -av net-fs/samba

Create a Samba share for your tftp server in /etc/samba/smb.conf

Note Note: Be sure you have the other required samba settings configured in the file

[Global]
interfaces = lo eth0 wlan0
bind interfaces only = yes
workgroup = WORKGROUP
security = user

[tftproot]
path = /tftproot
browsable = true
read only = yes
writable = no
guest ok = yes

Start Samba:

# /etc/init.d/samba start

or if samba has already been started:

# /etc/init.d/samba restart

Creating a Setup Instruction File

Create the file /tftproot/winxp.sif and add the following, replacing SAMBA_SERVER_IP with the local IP address of your samba server:

[data]
floppyless = "1"
msdosinitiated = "1"
; Needed for second stage
OriSrc = "\\SAMBA_SERVER_IP\tftproot\winxp\i386"
OriTyp = "4"
LocalSourceOnCD = 1
DisableAdminAccountOnDomainJoin = 1

[SetupData]
OsLoadOptions = "/fastdetect"
; Needed for first stage
SetupSourceDevice = "\Device\LanmanRedirector\SAMBA_SERVER_IP\tftproot\winxp"

[UserData]
ComputerName = *

Editing the pxelinux.cfg/default boot menu

Edit your boot menu so that it contains the following entry:

LABEL WinXP
	MENU LABEL Install MS Windows XP
	KERNEL winxp.0

Re-Start all required daemons

If the daemon isn't already running use start instead or restart in the following commands

# /etc/init.d/dnsmasq restart
# /etc/init.d/in.tftpd restart

Modify Binlsrv, update driver cache, and start driver hosting service

Change the BASEPATH= variable at or around line #62 of binlsrv.py so that it is:

# nano binlsrv.py
BASEPATH='/tftproot/winxp/i386/'

Generate driver cache:

# cd /tftproot;./infparser.py winxp/i386/

Start binlservice:

# ./binlsrv.py

Booting the client

If all is well, you should be able to boot the client choosing to boot from network in the boot options, you should get to your PXELinux bootloader, and see the Install Windows XP option after pressing enter you *should* kick off your XP installation via network!! Congratulations!