3

I have a server which runs cobbler and tftp server. My task is to configure a read-write tftp server.

tftp is configured through xinetd and the configuration file looks like so:

service tftp
{
        disable                 = no
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -B 1380 -v -s -c /var/lib/tftpboot
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}

The problem is that I'm even though it seems like it works, it doesn't accept connections and exiting with "transfer timed out" message.

Some details:

  • tftp directory is: /var/lib/tftpboot
  • selinux and iptables are disabled
  • permissions on folder are as follows:

drwxrw-rw-. 8 root root 4096 2015-12-20 11:17 /var/lib/tftpboot/

  • netstat shows that the port is opened:

udp 0 0 0.0.0.0:69 0.0.0.0:* 21455/xinetd

  • There are no errors in the /var/log/messages log

This is how I test the configuration:

[root@ams2srv1 ~]# touch file.test
[root@ams2srv1 ~]# tftp localhost
tftp> put file.test
Transfer timed out.

tftp> quit
[root@ams2srv1 ~]# tftp localhost -c put file.test
Transfer timed out.
[root@ams2srv1 ~]#

[root@ams2srv1 ~]# touch /var/lib/tftpboot/test.file
[root@ams2srv1 ~]# tftp localhost -c get test.file
Transfer timed out.

Edit #1: When trying the same commands while connecting to the real IP of the machine there's a new error message which looks like so:

[root@ams2srv1 ~]# tftp 10.x.x.38
tftp> put test
Error code 0: Permission denied
tftp>

But the permissions on the /var/lib/tftpboot folder are 777 as shown above.

Any ideas about how to solve this issue?

Itai Ganot
  • 10,424
  • 27
  • 88
  • 143
  • What if anything is in syslog on the server side? Does it mention anything about admin restrictions? If so, perhaps you or someone have configured tcp wrappers /etc/hosts.allow or /etc/hostst.deny. If you do a tcpdump on the tftp server side, do you see anything getting to the server? – Aaron Dec 21 '15 at 01:53

1 Answers1

1

iptables is disabled, but have you flushed any rules that were loaded before you disable the service?

Also, I'd test with the most basic server_args in /etc/xinetd.d/tftp... eg:

   server_args             = -s /var/lib/tftpboot

Edit: On my machine, tftp 127.0.0.1, and tftp 192.168.0.2 both work correctly, but tftp localhost gives the same results you observe.

Richard Curtis
  • 26
  • 2
  • Sorry, I forgot to mention that I've tried it as well, any other idea? iptables and selinux have been disabled since the server has been installed about 4 years go. – Itai Ganot Dec 20 '15 at 12:35
  • 1
    Rather than trying tftp localhost, use tftp – Richard Curtis Dec 20 '15 at 15:44
  • Just done it, getting permission denied, please check Edit #1, thanks. – Itai Ganot Dec 21 '15 at 08:42
  • start with a get to a known file in the tftp root....I suspect that will succeed. Then regarding getting uploads to work, I've never tried, but 777 is not the way to go! – Richard Curtis Dec 22 '15 at 21:06
  • Check you have the -c flag to server_args.... `server_args = -c -s /var/lib/tftpboot` Then create a file in the tftp directory, and from then on you should be able to "tftp 192.168.0.2 -m binary -c put dob.s". NOTE: This should work with perms of 755 on the tftpboot folder – Richard Curtis Dec 22 '15 at 21:11