My Issue is I am attempting to set up tftp on a server, Everything appers to be running correctly exept when I try to download a file from tftp it never responds, There are not any error's that I see, Just silence, When I sniff the trafic from the server that should be responding, I see the request But the server never responds back with the file
I am running a computer with Fedora 17
(I know it is end of life, but that is not changeable at this time)
I am trying to get tftp
running on it, I installed tftp (yum install -y tftp-server
) and set to to run, opened UDP
port 69
, and set the permissions of the folder, but it does not respond with anything, Here are some outputs and config files
When I Run tftp [ip of server]
get test
Any Help would be greatly appreciated
SELinux
:
# setenforce 0
setenforce: SELinux is disabled
tftp config
:
cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /copos/tftp -vvv
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
The Directory
:
# ls -lah /copos/tftp/
total 48K
drwxrwxrwx 4 root root 4.0K Feb 3 14:42 .
drwxr-xr-x. 31 coposuser coposuser 4.0K Feb 3 14:46 ..
drwxrwxrwx 3 root root 4.0K Feb 3 14:42 clonezilla
-rwxrwxrwx 1 root root 27K Feb 3 14:42 pxelinux.0
drwxrwxrwx 2 root root 4.0K Feb 3 14:42 pxelinux.cfg
-rwxrwxrwx 1 root root 9 Feb 3 14:42 test
The Port is opened
:
# netstat -anp|grep 69|grep xinet
udp 0 0 0.0.0.0:69 0.0.0.0:* 3533/xinetd
Best Answer
You could either have a firewall rule blocking access
or
Your /copos directory does not have full permissions.
You should be able to figure it out by doing a:
while you attempt to download a file. If you don't get any entries then its a firewall issue, if you get something like:
then its a permissions issue.
Also keep in mind that doing a capture on port 69 alone will not show you all the trace. The tftp server will use a different source port than 69 for the transfer. This is why tftp usually breaks down if there is some NAT involved.
So the full exchange usually goes like this for example:
As you can see a tcpdump capture on port 69 will not show you the full dialog. Also if you have NAT, once the server attemps to send a file from a source port other than 69, most NAT implementations will fail to forward the packet (only a full cone or restricted cone NAT will work, but Port Restricted or Symmetric NAT will not).