Getting timeouts on TFTP on F15 as well as F14
Frantisek Hanzlik
franta at hanzlici.cz
Mon Oct 10 22:31:31 UTC 2011
Aaron Gray wrote:
> On 10 October 2011 22:20, Frantisek Hanzlik <franta at hanzlici.cz <mailto:franta at hanzlici.cz>>
> wrote:
>
> Aaron Gray wrote:
> ...
> >
> > 4) if You use firewall (iptables), You should load nf_conntrack_tftp module,
> > for tracking ephemeral ports. That means /etc/sysconfig/iptables-config should
> > contain line as:
> > ...
> > IPTABLES_MODULES="nf_conntrack_tftp"
> > ...
> > (other module is for NATting tftp connection)
> >
> >
> > using localhost
>
> loopback (lo interface) is subject to firewall rules too. And Your tcpdump
> below show IP addresses 192.168.0.4 and 192.168.0.5 - they perhaps are not
> at lo loopback interface?
> Have You firewall active?
>
>
> I wrote a firewall rule :-
>
> -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
Then You should have (best at beginning of filter table rules) rule:
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
(and nf_conntrack_tftp module listed in "/etc/sysconfig/iptables-config",
as I wrote before). You must restart iptables after these changes.
> > 5) /var/log/messages should contain entries as:
> > Oct 10 20:28:32 ns xinetd[1908]: START: tftp pid=5315 from=192.168.1.22
> > Oct 10 20:28:42 ns xinetd[1908]: EXIT: tftp status=0 pid=5315 duration=10(sec)
> >
> >
> > Oct 10 21:09:07 gold xinetd[13402]: Exiting...
> > Oct 10 21:09:12 gold xinetd[13650]: xinetd Version 2.3.14 started with libwrap loadavg
> > labeled-networking options compiled in.
> > Oct 10 21:09:12 gold xinetd[13650]: Started working: 1 available service
>
> There isn't nothing about that xinetd starts tftp daemon. Mentioned
> "1 available service" is tftp?
> This command show only tftp:
>
> # grep '^[[:blank:]]*disable.*no' /etc/xinetd.d/*
> /etc/xinetd.d/tftp: disable = no
>
>
> I tested it and it is the only xinetd demon running
>
>
> Next command display some similar at Your server?:
> # netstat -a -n -p --ip|grep 69
> udp 0 0 0.0.0.0:69 0.0.0.0:* 1595/xinetd
This command has probably no output at Your server, because...
>> Can You post Your "/etc/xinetd.d/tftp" file?
>
> Attached.
... Your "/etc/xinetd.d/tftp" contains "disable = yes" line, thus
tftp service is disabled. You must change it to "disable = no" and
reload xinetd (using "service xinetd reload" or
"systemctl reload xinetd.service"). "/var/log/messages" tail
should indicate new service:
Oct 11 00:25:10 franta xinetd[1556]: Starting reconfiguration
Oct 11 00:25:10 franta xinetd[1556]: Swapping defaults
Oct 11 00:25:10 franta xinetd[1556]: Reconfigured: new=1 old=0 dropped=0 (services)
and above netstat command should display xinetd listening at
udp port 69
More information about the users
mailing list