Getting timeouts on TFTP on F15 as well as F14

Aaron Gray aaronngray.lists at gmail.com
Tue Oct 11 11:26:59 UTC 2011 

On 11 October 2011 00:05, Frantisek Hanzlik <franta at hanzlici.cz> wrote:

> Aaron Gray wrote:
> > On 10 October 2011 23:31, Frantisek Hanzlik <franta at hanzlici.cz <mailto:
> franta at hanzlici.cz>>
> > wrote:
> >
> >     Aaron Gray wrote:
> >     > On 10 October 2011 22:20, Frantisek Hanzlik <franta at hanzlici.cz
> >     <mailto:franta at hanzlici.cz> <mailto:franta at hanzlici.cz <mailto:
> franta at hanzlici.cz>>>
> >     > wrote:
> >     >
> >     >     Aaron Gray wrote:
> >     >     ...
> >     >     >
> >     >     >     4) if You use firewall (iptables), You should load
> nf_conntrack_tftp module,
> >     >     >     for tracking ephemeral ports. That means
> /etc/sysconfig/iptables-config should
> >     >     >     contain line as:
> >     >     >     ...
> >     >     >     IPTABLES_MODULES="nf_conntrack_tftp"
> >     >     >     ...
> >     >     >     (other module is for NATting tftp connection)
> >     >     >
> >     >     >
> >     >     > using localhost
> >     >
> >     >     loopback (lo interface) is subject to firewall rules too. And
> Your tcpdump
> >     >     below show IP addresses 192.168.0.4 and 192.168.0.5 - they
> perhaps are not
> >     >     at lo loopback interface?
> >     >     Have You firewall active?
> >     >
> >     >
> >     > I wrote a firewall rule :-
> >     >
> >     > -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
> >
> >     Then You should have (best at beginning of filter table rules) rule:
> >
> >     -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> >
> >
> > Okay.
> >
> >
> >
> >     (and nf_conntrack_tftp module listed in
> "/etc/sysconfig/iptables-config",
> >     as I wrote before). You must restart iptables after these changes.
>
> Is nf_conntrack_tftp module loaded? You should obtain similar output:
> # lsmod |grep tftp
> nf_conntrack_tftp       3325  0
> nf_conntrack           56162  4
> nf_conntrack_tftp,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state
>

No contrack_tftp running, but it is not needed with localhost TFTP test.

How do I load conntrack_tftp ?

>
>
> >     >     >     5) /var/log/messages should contain entries as:
> >     >     >     Oct 10 20:28:32 ns xinetd[1908]: START: tftp pid=5315
> from=192.168.1.22
> >     >     >     Oct 10 20:28:42 ns xinetd[1908]: EXIT: tftp status=0
> pid=5315 duration=10(sec)
> >     >     >
> >     >     >
> >     >     > Oct 10 21:09:07 gold xinetd[13402]: Exiting...
> >     >     > Oct 10 21:09:12 gold xinetd[13650]: xinetd Version 2.3.14
> started with libwrap loadavg
> >     >     > labeled-networking options compiled in.
> >     >     > Oct 10 21:09:12 gold xinetd[13650]: Started working: 1
> available service
> >     >
> >     >     There isn't nothing about that xinetd starts tftp daemon.
> Mentioned
> >     >     "1 available service" is tftp?
> >     >     This command show only tftp:
> >     >
> >     >     # grep '^[[:blank:]]*disable.*no' /etc/xinetd.d/*
> >     >     /etc/xinetd.d/tftp:     disable = no
> >     >
> >     >
> >     > I tested it and it is the only xinetd demon running
> >     >
> >     >
> >     >     Next command display some similar at Your server?:
> >     >     # netstat -a -n -p --ip|grep 69
> >     >     udp        0      0 0.0.0.0:69 <http://0.0.0.0:69>
> 0.0.0.0:*      1595/xinetd
>
> What netstat now displays? Is xinetd listening at udp 69 ??
>
> [root at XXXX ang]# netstat -a -n -p --ip|grep 69
udp        0      0 0.0.0.0:69                  0.0.0.0:*
1127/xinetd


> >     This command has probably no output at Your server, because...
> >
> >     >>     Can You post Your "/etc/xinetd.d/tftp" file?
> >     >
> >     > Attached.
> >
> >     ... Your "/etc/xinetd.d/tftp" contains "disable = yes" line, thus
> >
> >
> > sorry, don't know how that happened ? Its late here !
>
> Here too... :)
> Did You reload xinetd daemon after changes in "/etc/xinetd.d/tftp"?
>

systemctl restart xinetd.service


>
> > It still does not work with "disable = no"
> >
> >     tftp service is disabled. You must change it to "disable = no" and
> >     reload xinetd (using "service xinetd reload" or
> >     "systemctl reload xinetd.service"). "/var/log/messages" tail
> >     should indicate new service:
> >
> >     Oct 11 00:25:10 franta xinetd[1556]: Starting reconfiguration
> >     Oct 11 00:25:10 franta xinetd[1556]: Swapping defaults
> >     Oct 11 00:25:10 franta xinetd[1556]: Reconfigured: new=1 old=0
> dropped=0 (services)
> >
> >     and above netstat command should display xinetd listening at
> >     udp port 69
> >
> >
> > Thanks for bearing with me on this.
> >
> > Just tried rsync and that works fine so its not xinetd.
>
> I understand maybe only partialy, sorry for my extrabad english.
> What display "netstat -a -n -p|grep xinet" command?
>

[root at XXXX ang]# netstat -a -n -p|grep xinet
tcp        0      0 :::873                      :::*
LISTEN      1127/xinetd
udp        0      0 0.0.0.0:69                  0.0.0.0:*
1127/xinetd
unix  2      [ ]         DGRAM                    17415  1127/xinetd


Thanks,

Aaron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20111011/f4b98568/attachment.html

More information about the users mailing list