FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 10-10-2011, 05:28 PM
Aaron Gray
 
Default Getting timeouts on TFTP on F15 as well as F14

I am getting timeouts on TFTP on F15,

Aaron


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 10-10-2011, 06:01 PM
Aaron Gray
 
Default Getting timeouts on TFTP on F15 as well as F14

On 10 October 2011 18:28, Aaron Gray <aaronngray.lists@gmail.com> wrote:


I am getting timeouts on TFTP on F15,


It works fine on my F15 laptop and used to work on this machine with F14 before I updated it

*

Aaron




--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 10-10-2011, 07:25 PM
Frantisek Hanzlik
 
Default Getting timeouts on TFTP on F15 as well as F14

Aaron Gray wrote:
> I am getting timeouts on TFTP on F15,
>
> Aaron

You should check at server side:

1) if tftp service is enabled:
# chkconfig --list tftp

Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.

tftp on


2) if xinetd daemon is running (also "service xinetd status"):
# systemctl status xinetd.service
xinetd.service - LSB: start and stop xinetd
Loaded: loaded (/etc/rc.d/init.d/xinetd)
Active: active (running) since Wed, 21 Sep 2011 04:46:34 +0200; 2 weeks and 5 days ago
Main PID: 1908 (xinetd)
CGroup: name=systemd:/system/xinetd.service
└ 1908 xinetd -stayalive -pidfile /var/run/xinetd.pid


3) /etc/hosts.allow (if You use hosts.allow/hosts.deny) should contain:
...
# we allow access from 192.168.1.0/24 :
in.tftpd: 192.168.1.0/255.255.255.0
...


4) if You use firewall (iptables), You should load nf_conntrack_tftp module,
for tracking ephemeral ports. That means /etc/sysconfig/iptables-config should
contain line as:
...
IPTABLES_MODULES="nf_conntrack_tftp"
...
(other module is for NATting tftp connection)


5) /var/log/messages should contain entries as:
Oct 10 20:28:32 ns xinetd[1908]: START: tftp pid=5315 from=192.168.1.22
Oct 10 20:28:42 ns xinetd[1908]: EXIT: tftp status=0 pid=5315 duration=10(sec)


6) tcpdump on relevant interface (here eth0) should display traffic,
at minimal incomming packet:
# tcpdump -i eth0 -l -nn udp port 69
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
20:43:13.612200 IP 192.168.1.22.58949 > 192.168.1.254.69: 17 RRQ "b.log" netascii


Best, Franta
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 10-10-2011, 08:35 PM
Aaron Gray
 
Default Getting timeouts on TFTP on F15 as well as F14

On 10 October 2011 20:25, Frantisek Hanzlik <franta@hanzlici.cz> wrote:



Aaron Gray wrote:

> I am getting timeouts on TFTP on F15,

>

> Aaron



You should check at server side:



1) if tftp service is enabled:

# chkconfig --list tftp



Note: This output shows SysV services only and does not include native

* * *systemd services. SysV configuration data might be overridden by native

* * *systemd configuration.



tftp * * * * * *on



Okay
*



2) if xinetd daemon is running (also "service xinetd status"):

# systemctl status xinetd.service

xinetd.service - LSB: start and stop xinetd

* * * * *Loaded: loaded (/etc/rc.d/init.d/xinetd)

* * * * *Active: active (running) since Wed, 21 Sep 2011 04:46:34 +0200; 2 weeks and 5 days ago

* * * *Main PID: 1908 (xinetd)

* * * * *CGroup: name=systemd:/system/xinetd.service

* * * * * * * * *└ 1908 xinetd -stayalive -pidfile /var/run/xinetd.pid




Okay

*
3) /etc/hosts.allow (if You use hosts.allow/hosts.deny) should contain:

...

# we allow access from 192.168.1.0/24 :

in.tftpd: * * * 192.168.1.0/255.255.255.0

...


Added makes no difference
*



4) if You use firewall (iptables), You should load nf_conntrack_tftp module,

for tracking ephemeral ports. That means /etc/sysconfig/iptables-config should

contain line as:

...

IPTABLES_MODULES="nf_conntrack_tftp"

...

(other module is for NATting tftp connection)



using localhost
*



5) /var/log/messages should contain entries as:

Oct 10 20:28:32 ns xinetd[1908]: START: tftp pid=5315 from=192.168.1.22

Oct 10 20:28:42 ns xinetd[1908]: EXIT: tftp status=0 pid=5315 duration=10(sec)

Oct 10 21:09:07 gold xinetd[13402]: Exiting...
Oct 10 21:09:12 gold xinetd[13650]: xinetd Version 2.3.14 started with libwrap loadavg labeled-networking options compiled in.



Oct 10 21:09:12 gold xinetd[13650]: Started working: 1 available service

is all I am getting in messages

Checked tfpt is the only one enabled
*








6) tcpdump on relevant interface (here eth0) should display traffic,

at minimal incomming packet:

# tcpdump -i eth0 -l -nn udp port 69

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

20:43:13.612200 IP 192.168.1.22.58949 > 192.168.1.254.69: *17 RRQ "b.log" netascii



[root@xxxxx /]# tcpdump -i em1 -l -nn udp port 69
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes


21:33:08.653033 IP 192.168.0.5.47352 > 192.168.0.4.69:* 19 RRQ "vmlinuz" netascii
21:33:13.653306 IP 192.168.0.5.47352 > 192.168.0.4.69:* 19 RRQ "vmlinuz" netascii
21:33:18.653565 IP 192.168.0.5.47352 > 192.168.0.4.69:* 19 RRQ "vmlinuz" netascii


21:33:23.653963 IP 192.168.0.5.47352 > 192.168.0.4.69:* 19 RRQ "vmlinuz" netascii
21:33:28.654212 IP 192.168.0.5.47352 > 192.168.0.4.69:* 19 RRQ "vmlinuz" netascii
^C
5 packets captured


5 packets received by filter
0 packets dropped by kernel

Well thats it I am stumped tftp seem to be running but ignoring requests

Aaron
*





Best, Franta



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 10-10-2011, 09:20 PM
Frantisek Hanzlik
 
Default Getting timeouts on TFTP on F15 as well as F14

Aaron Gray wrote:
...
>
> 4) if You use firewall (iptables), You should load nf_conntrack_tftp module,
> for tracking ephemeral ports. That means /etc/sysconfig/iptables-config should
> contain line as:
> ...
> IPTABLES_MODULES="nf_conntrack_tftp"
> ...
> (other module is for NATting tftp connection)
>
>
> using localhost

loopback (lo interface) is subject to firewall rules too. And Your tcpdump
below show IP addresses 192.168.0.4 and 192.168.0.5 - they perhaps are not
at lo loopback interface?
Have You firewall active?

>
>
>
> 5) /var/log/messages should contain entries as:
> Oct 10 20:28:32 ns xinetd[1908]: START: tftp pid=5315 from=192.168.1.22
> Oct 10 20:28:42 ns xinetd[1908]: EXIT: tftp status=0 pid=5315 duration=10(sec)
>
>
> Oct 10 21:09:07 gold xinetd[13402]: Exiting...
> Oct 10 21:09:12 gold xinetd[13650]: xinetd Version 2.3.14 started with libwrap loadavg
> labeled-networking options compiled in.
> Oct 10 21:09:12 gold xinetd[13650]: Started working: 1 available service

There isn't nothing about that xinetd starts tftp daemon. Mentioned
"1 available service" is tftp?
This command show only tftp:

# grep '^[[:blank:]]*disable.*no' /etc/xinetd.d/*
/etc/xinetd.d/tftp: disable = no

Next command display some similar at Your server?:
# netstat -a -n -p --ip|grep 69
udp 0 0 0.0.0.0:69 0.0.0.0:* 1595/xinetd

Can You post Your "/etc/xinetd.d/tftp" file?

>
> is all I am getting in messages
>
> Checked tfpt is the only one enabled
>
>
>
>
> 6) tcpdump on relevant interface (here eth0) should display traffic,
> at minimal incomming packet:
> # tcpdump -i eth0 -l -nn udp port 69
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
> 20:43:13.612200 IP 192.168.1.22.58949 > 192.168.1.254.69: 17 RRQ "b.log" netascii
>
>
> [root@xxxxx /]# tcpdump -i em1 -l -nn udp port 69
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes
> 21:33:08.653033 IP 192.168.0.5.47352 > 192.168.0.4.69: 19 RRQ "vmlinuz" netascii
> 21:33:13.653306 IP 192.168.0.5.47352 > 192.168.0.4.69: 19 RRQ "vmlinuz" netascii
> 21:33:18.653565 IP 192.168.0.5.47352 > 192.168.0.4.69: 19 RRQ "vmlinuz" netascii
> 21:33:23.653963 IP 192.168.0.5.47352 > 192.168.0.4.69: 19 RRQ "vmlinuz" netascii
> 21:33:28.654212 IP 192.168.0.5.47352 > 192.168.0.4.69: 19 RRQ "vmlinuz" netascii
> ^C
> 5 packets captured
> 5 packets received by filter
> 0 packets dropped by kernel

It isn't traffic at localhost, as You wrote above, em1 is external interface.

With default timeout (900 sec=15min), You should be seing tftp running.
E.g. "ps xa|grep tftp" should display it. But there isn't line in messages
that xinetd start tftp daemon.

Most likely there is firewall or SELinux blocking incomming packets - can
You stop them?

tcpdump usualy not display something other than first packet, as next dialog
(second and next packets) run at ephemeral port.

>
> Well thats it I am stumped tftp seem to be running but ignoring requests
>
> Aaron


Franta
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 10-10-2011, 09:42 PM
Aaron Gray
 
Default Getting timeouts on TFTP on F15 as well as F14

On 10 October 2011 22:20, Frantisek Hanzlik <franta@hanzlici.cz> wrote:


Aaron Gray wrote:

...

>

> * * 4) if You use firewall (iptables), You should load nf_conntrack_tftp module,

> * * for tracking ephemeral ports. That means /etc/sysconfig/iptables-config should

> * * contain line as:

> * * ...

> * * IPTABLES_MODULES="nf_conntrack_tftp"

> * * ...

> * * (other module is for NATting tftp connection)

>

>

> using localhost



loopback (lo interface) is subject to firewall rules too. And Your tcpdump

below show IP addresses 192.168.0.4 and 192.168.0.5 - they perhaps are not

at lo loopback interface?

Have You firewall active?

I wrote a firewall rule :-
*
-A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT






>

>

>

> * * 5) /var/log/messages should contain entries as:

> * * Oct 10 20:28:32 ns xinetd[1908]: START: tftp pid=5315 from=192.168.1.22

> * * Oct 10 20:28:42 ns xinetd[1908]: EXIT: tftp status=0 pid=5315 duration=10(sec)

>

>

> Oct 10 21:09:07 gold xinetd[13402]: Exiting...

> Oct 10 21:09:12 gold xinetd[13650]: xinetd Version 2.3.14 started with libwrap loadavg

> labeled-networking options compiled in.

> Oct 10 21:09:12 gold xinetd[13650]: Started working: 1 available service



There isn't nothing about that xinetd starts tftp daemon. Mentioned

"1 available service" is tftp?

This command show only tftp:



# grep '^[[:blank:]]*disable.*no' /etc/xinetd.d/*

/etc/xinetd.d/tftp: * * disable = no

I tested it and it is the only xinetd demon running





Next command display some similar at Your server?:

# netstat -a -n -p --ip|grep 69

udp * * * *0 * * *0 0.0.0.0:69 * * * * * 0.0.0.0:* * * *1595/xinetd



Can You post Your "/etc/xinetd.d/tftp" file?

Attached.
*





>

> is all I am getting in messages

>

> Checked tfpt is the only one enabled

>

>

>

>

> * * 6) tcpdump on relevant interface (here eth0) should display traffic,

> * * at minimal incomming packet:

> * * # tcpdump -i eth0 -l -nn udp port 69

> * * tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

> * * listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

> * * 20:43:13.612200 IP 192.168.1.22.58949 > 192.168.1.254.69: *17 RRQ "b.log" netascii

>

>

> [root@xxxxx /]# tcpdump -i em1 -l -nn udp port 69

> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

> listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes

> 21:33:08.653033 IP 192.168.0.5.47352 > 192.168.0.4.69: *19 RRQ "vmlinuz" netascii

> 21:33:13.653306 IP 192.168.0.5.47352 > 192.168.0.4.69: *19 RRQ "vmlinuz" netascii

> 21:33:18.653565 IP 192.168.0.5.47352 > 192.168.0.4.69: *19 RRQ "vmlinuz" netascii

> 21:33:23.653963 IP 192.168.0.5.47352 > 192.168.0.4.69: *19 RRQ "vmlinuz" netascii

> 21:33:28.654212 IP 192.168.0.5.47352 > 192.168.0.4.69: *19 RRQ "vmlinuz" netascii

> ^C

> 5 packets captured

> 5 packets received by filter

> 0 packets dropped by kernel



It isn't traffic at localhost, as You wrote above, em1 is external interface.

No I tried it remote because I did not know how to use tcpdump locally without reading the manual and I had another machine handy. The F15 laptop that does run tftp fine with the same xinetd.d/tftp configuration file thats why I am so confused !






With default timeout (900 sec=15min), You should be seing tftp running.

E.g. "ps xa|grep tftp" should display it. But there isn't line in messages

that xinetd start tftp daemon.



Most likely there is firewall or SELinux blocking incomming packets - can

You stop them?

Tried that before with F14, made no difference, but I will try again.
*





tcpdump usualy not display something other than first packet, as next dialog

(second and next packets) run at ephemeral port.



>

> Well thats it I am stumped tftp seem to be running but ignoring requests

>

> Aaron





Franta



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 10-10-2011, 10:03 PM
Aaron Gray
 
Default Getting timeouts on TFTP on F15 as well as F14

On 10 October 2011 22:42, Aaron Gray <aaronngray.lists@gmail.com> wrote:


On 10 October 2011 22:20, Frantisek Hanzlik <franta@hanzlici.cz> wrote:



Aaron Gray wrote:Tried that before with F14, made no difference, but I will try again.

No its not SELinux

Aaron


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 10-10-2011, 10:31 PM
Frantisek Hanzlik
 
Default Getting timeouts on TFTP on F15 as well as F14

Aaron Gray wrote:
> On 10 October 2011 22:20, Frantisek Hanzlik <franta@hanzlici.cz <mailto:franta@hanzlici.cz>>
> wrote:
>
> Aaron Gray wrote:
> ...
> >
> > 4) if You use firewall (iptables), You should load nf_conntrack_tftp module,
> > for tracking ephemeral ports. That means /etc/sysconfig/iptables-config should
> > contain line as:
> > ...
> > IPTABLES_MODULES="nf_conntrack_tftp"
> > ...
> > (other module is for NATting tftp connection)
> >
> >
> > using localhost
>
> loopback (lo interface) is subject to firewall rules too. And Your tcpdump
> below show IP addresses 192.168.0.4 and 192.168.0.5 - they perhaps are not
> at lo loopback interface?
> Have You firewall active?
>
>
> I wrote a firewall rule :-
>
> -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT

Then You should have (best at beginning of filter table rules) rule:

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

(and nf_conntrack_tftp module listed in "/etc/sysconfig/iptables-config",
as I wrote before). You must restart iptables after these changes.


> > 5) /var/log/messages should contain entries as:
> > Oct 10 20:28:32 ns xinetd[1908]: START: tftp pid=5315 from=192.168.1.22
> > Oct 10 20:28:42 ns xinetd[1908]: EXIT: tftp status=0 pid=5315 duration=10(sec)
> >
> >
> > Oct 10 21:09:07 gold xinetd[13402]: Exiting...
> > Oct 10 21:09:12 gold xinetd[13650]: xinetd Version 2.3.14 started with libwrap loadavg
> > labeled-networking options compiled in.
> > Oct 10 21:09:12 gold xinetd[13650]: Started working: 1 available service
>
> There isn't nothing about that xinetd starts tftp daemon. Mentioned
> "1 available service" is tftp?
> This command show only tftp:
>
> # grep '^[[:blank:]]*disable.*no' /etc/xinetd.d/*
> /etc/xinetd.d/tftp: disable = no
>
>
> I tested it and it is the only xinetd demon running
>
>
> Next command display some similar at Your server?:
> # netstat -a -n -p --ip|grep 69
> udp 0 0 0.0.0.0:69 0.0.0.0:* 1595/xinetd

This command has probably no output at Your server, because...

>> Can You post Your "/etc/xinetd.d/tftp" file?
>
> Attached.

... Your "/etc/xinetd.d/tftp" contains "disable = yes" line, thus
tftp service is disabled. You must change it to "disable = no" and
reload xinetd (using "service xinetd reload" or
"systemctl reload xinetd.service"). "/var/log/messages" tail
should indicate new service:

Oct 11 00:25:10 franta xinetd[1556]: Starting reconfiguration
Oct 11 00:25:10 franta xinetd[1556]: Swapping defaults
Oct 11 00:25:10 franta xinetd[1556]: Reconfigured: new=1 old=0 dropped=0 (services)

and above netstat command should display xinetd listening at
udp port 69
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 10-10-2011, 10:44 PM
Aaron Gray
 
Default Getting timeouts on TFTP on F15 as well as F14

On 10 October 2011 23:31, Frantisek Hanzlik <franta@hanzlici.cz> wrote:


Aaron Gray wrote:

> On 10 October 2011 22:20, Frantisek Hanzlik <franta@hanzlici.cz <mailto:franta@hanzlici.cz>>

> wrote:

>

> * * Aaron Gray wrote:

> * * ...

> * * >

> * * > * * 4) if You use firewall (iptables), You should load nf_conntrack_tftp module,

> * * > * * for tracking ephemeral ports. That means /etc/sysconfig/iptables-config should

> * * > * * contain line as:

> * * > * * ...

> * * > * * IPTABLES_MODULES="nf_conntrack_tftp"

> * * > * * ...

> * * > * * (other module is for NATting tftp connection)

> * * >

> * * >

> * * > using localhost

>

> * * loopback (lo interface) is subject to firewall rules too. And Your tcpdump

> * * below show IP addresses 192.168.0.4 and 192.168.0.5 - they perhaps are not

> * * at lo loopback interface?

> * * Have You firewall active?

>

>

> I wrote a firewall rule :-

>

> -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT



Then You should have (best at beginning of filter table rules) rule:



-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Okay.
*





(and nf_conntrack_tftp module listed in "/etc/sysconfig/iptables-config",

as I wrote before). You must restart iptables after these changes.





> * * > * * 5) /var/log/messages should contain entries as:

> * * > * * Oct 10 20:28:32 ns xinetd[1908]: START: tftp pid=5315 from=192.168.1.22

> * * > * * Oct 10 20:28:42 ns xinetd[1908]: EXIT: tftp status=0 pid=5315 duration=10(sec)

> * * >

> * * >

> * * > Oct 10 21:09:07 gold xinetd[13402]: Exiting...

> * * > Oct 10 21:09:12 gold xinetd[13650]: xinetd Version 2.3.14 started with libwrap loadavg

> * * > labeled-networking options compiled in.

> * * > Oct 10 21:09:12 gold xinetd[13650]: Started working: 1 available service

>

> * * There isn't nothing about that xinetd starts tftp daemon. Mentioned

> * * "1 available service" is tftp?

> * * This command show only tftp:

>

> * * # grep '^[[:blank:]]*disable.*no' /etc/xinetd.d/*

> * * /etc/xinetd.d/tftp: * * disable = no

>

>

> I tested it and it is the only xinetd demon running

>

>

> * * Next command display some similar at Your server?:

> * * # netstat -a -n -p --ip|grep 69

> * * udp * * * *0 * * *0 0.0.0.0:69 * * * * * 0.0.0.0:* * * *1595/xinetd



This command has probably no output at Your server, because...



>> * * Can You post Your "/etc/xinetd.d/tftp" file?

>

> Attached.



... Your "/etc/xinetd.d/tftp" contains "disable = yes" line, thus

sorry, don't know how that happened ? Its late here !

It still does not work with "disable = no"




tftp service is disabled. You must change it to "disable = no" and

reload xinetd (using "service xinetd reload" or

"systemctl reload xinetd.service"). "/var/log/messages" tail

should indicate new service:



Oct 11 00:25:10 franta xinetd[1556]: Starting reconfiguration

Oct 11 00:25:10 franta xinetd[1556]: Swapping defaults

Oct 11 00:25:10 franta xinetd[1556]: Reconfigured: new=1 old=0 dropped=0 (services)



and above netstat command should display xinetd listening at

udp port 69


Thanks for bearing with me on this.

Just tried rsync and that works fine so its not xinetd.

Aaron


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 10-10-2011, 11:05 PM
Frantisek Hanzlik
 
Default Getting timeouts on TFTP on F15 as well as F14

Aaron Gray wrote:
> On 10 October 2011 23:31, Frantisek Hanzlik <franta@hanzlici.cz <mailto:franta@hanzlici.cz>>
> wrote:
>
> Aaron Gray wrote:
> > On 10 October 2011 22:20, Frantisek Hanzlik <franta@hanzlici.cz
> <mailto:franta@hanzlici.cz> <mailto:franta@hanzlici.cz <mailto:franta@hanzlici.cz>>>
> > wrote:
> >
> > Aaron Gray wrote:
> > ...
> > >
> > > 4) if You use firewall (iptables), You should load nf_conntrack_tftp module,
> > > for tracking ephemeral ports. That means /etc/sysconfig/iptables-config should
> > > contain line as:
> > > ...
> > > IPTABLES_MODULES="nf_conntrack_tftp"
> > > ...
> > > (other module is for NATting tftp connection)
> > >
> > >
> > > using localhost
> >
> > loopback (lo interface) is subject to firewall rules too. And Your tcpdump
> > below show IP addresses 192.168.0.4 and 192.168.0.5 - they perhaps are not
> > at lo loopback interface?
> > Have You firewall active?
> >
> >
> > I wrote a firewall rule :-
> >
> > -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
>
> Then You should have (best at beginning of filter table rules) rule:
>
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>
>
> Okay.
>
>
>
> (and nf_conntrack_tftp module listed in "/etc/sysconfig/iptables-config",
> as I wrote before). You must restart iptables after these changes.

Is nf_conntrack_tftp module loaded? You should obtain similar output:
# lsmod |grep tftp
nf_conntrack_tftp 3325 0
nf_conntrack 56162 4 nf_conntrack_tftp,nf_conntrack_ipv4,nf_conntrack_i pv6,xt_state


> > > 5) /var/log/messages should contain entries as:
> > > Oct 10 20:28:32 ns xinetd[1908]: START: tftp pid=5315 from=192.168.1.22
> > > Oct 10 20:28:42 ns xinetd[1908]: EXIT: tftp status=0 pid=5315 duration=10(sec)
> > >
> > >
> > > Oct 10 21:09:07 gold xinetd[13402]: Exiting...
> > > Oct 10 21:09:12 gold xinetd[13650]: xinetd Version 2.3.14 started with libwrap loadavg
> > > labeled-networking options compiled in.
> > > Oct 10 21:09:12 gold xinetd[13650]: Started working: 1 available service
> >
> > There isn't nothing about that xinetd starts tftp daemon. Mentioned
> > "1 available service" is tftp?
> > This command show only tftp:
> >
> > # grep '^[[:blank:]]*disable.*no' /etc/xinetd.d/*
> > /etc/xinetd.d/tftp: disable = no
> >
> >
> > I tested it and it is the only xinetd demon running
> >
> >
> > Next command display some similar at Your server?:
> > # netstat -a -n -p --ip|grep 69
> > udp 0 0 0.0.0.0:69 <http://0.0.0.0:69> 0.0.0.0:* 1595/xinetd

What netstat now displays? Is xinetd listening at udp 69 ??



> This command has probably no output at Your server, because...
>
> >> Can You post Your "/etc/xinetd.d/tftp" file?
> >
> > Attached.
>
> ... Your "/etc/xinetd.d/tftp" contains "disable = yes" line, thus
>
>
> sorry, don't know how that happened ? Its late here !

Here too...
Did You reload xinetd daemon after changes in "/etc/xinetd.d/tftp"?

> It still does not work with "disable = no"
>
> tftp service is disabled. You must change it to "disable = no" and
> reload xinetd (using "service xinetd reload" or
> "systemctl reload xinetd.service"). "/var/log/messages" tail
> should indicate new service:
>
> Oct 11 00:25:10 franta xinetd[1556]: Starting reconfiguration
> Oct 11 00:25:10 franta xinetd[1556]: Swapping defaults
> Oct 11 00:25:10 franta xinetd[1556]: Reconfigured: new=1 old=0 dropped=0 (services)
>
> and above netstat command should display xinetd listening at
> udp port 69
>
>
> Thanks for bearing with me on this.
>
> Just tried rsync and that works fine so its not xinetd.

I understand maybe only partialy, sorry for my extrabad english.
What display "netstat -a -n -p|grep xinet" command?
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 10:43 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org