2

My Issue is I am attempting to set up tftp on a server, Everything appers to be running correctly exept when I try to download a file from tftp it never responds, There are not any error's that I see, Just silence, When I sniff the trafic from the server that should be responding, I see the request But the server never responds back with the file

I am running a computer with Fedora 17 (I know it is end of life, but that is not changeable at this time)

I am trying to get tftp running on it, I installed tftp (yum install -y tftp-server) and set to to run, opened UDP port 69, and set the permissions of the folder, but it does not respond with anything, Here are some outputs and config files

When I Run tftp [ip of server] get test

Any Help would be greatly appreciated

SELinux:

# setenforce 0
setenforce: SELinux is disabled

tftp config:

cat /etc/xinetd.d/tftp 
# default: off
# description: The tftp server serves files using the trivial file transfer \
#   protocol.  The tftp protocol is often used to boot diskless \
#   workstations, download configuration files to network-aware printers, \
#   and to start the installation process for some operating systems.
service tftp
{
    socket_type     = dgram
    protocol        = udp
    wait            = yes
    user            = root
    server          = /usr/sbin/in.tftpd
    server_args     = -s /copos/tftp -vvv
    disable         = no
    per_source      = 11
    cps         = 100 2
    flags           = IPv4
}

The Directory:

# ls -lah /copos/tftp/
total 48K
drwxrwxrwx   4 root      root      4.0K Feb  3 14:42 .
drwxr-xr-x. 31 coposuser coposuser 4.0K Feb  3 14:46 ..
drwxrwxrwx   3 root      root      4.0K Feb  3 14:42 clonezilla
-rwxrwxrwx   1 root      root       27K Feb  3 14:42 pxelinux.0
drwxrwxrwx   2 root      root      4.0K Feb  3 14:42 pxelinux.cfg
-rwxrwxrwx   1 root      root         9 Feb  3 14:42 test

The Port is opened:

# netstat -anp|grep 69|grep xinet 
udp        0      0 0.0.0.0:69              0.0.0.0:*                           3533/xinetd
Tim Holum
  • 125
  • 1
  • 6
  • I just reworded it to better explain the issue – Tim Holum Feb 03 '15 at 21:22
  • Fedora 17 is long out of support. The oldest version with support is Fedora 20. – Sven Feb 03 '15 at 21:31
  • I know that Fedora 17 is not supported anymore, I just got put on this project after the last developer quit. I am planning on switching this over to Centos, But that is out of the question at this phase – Tim Holum Feb 03 '15 at 21:38

1 Answers1

0

You could either have a firewall rule blocking access

or

Your /copos directory does not have full permissions.

You should be able to figure it out by doing a:

tail -f /var/log/messages

while you attempt to download a file. If you don't get any entries then its a firewall issue, if you get something like:

Feb  3 18:50:48 host1 in.tftpd[10298]: RRQ from 192.168.4.190 filename test.xml
Feb  3 18:50:48 host1 in.tftpd[10298]: sending NAK (0, Permission denied) to 192.168.4.190

then its a permissions issue.

Also keep in mind that doing a capture on port 69 alone will not show you all the trace. The tftp server will use a different source port than 69 for the transfer. This is why tftp usually breaks down if there is some NAT involved.

So the full exchange usually goes like this for example:

client requests file via tftp (source port random_client -> dest port 69)
server send back tftp file (source port random_server -> dest port random_client)

As you can see a tcpdump capture on port 69 will not show you the full dialog. Also if you have NAT, once the server attemps to send a file from a source port other than 69, most NAT implementations will fail to forward the packet (only a full cone or restricted cone NAT will work, but Port Restricted or Symmetric NAT will not).

Ricardo
  • 721
  • 4
  • 5