Re: Unable to connect using tftp other than over openvpn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



CSB wrote:
I am trying to configure a tftp server and am having difficulty connecting
to it from a tftp client

vi /etc/xinetd.d/tftp
service tftp
{
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -s /tftpboot
        disable                 = no
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
        log_type                = FILE /var/log/tftp.log
}

>From client
tftp -v 203.89.001.001 -c get cfg000b82024216 Connected to 203.89.001.001
(203.89.001.001), port 69 getting from 203.89.001.001:cfg000b82024216 to
cfg000b82024216 [netascii] Transfer timed out.

The server is running open vpn and the client is connected to it. I can
successfully connect using tftp over openvpn so it's not a permissions
issue.
tftp -v 10.8.0.1 -c get cfg000b82024216
Connected to 10.8.0.1 (10.8.0.1), port 69 getting from
10.8.0.1:cfg000b82024216 to cfg000b82024216 [netascii] Received 890 bytes in
4.4 seconds [1611 bit/s]

If I add the bind directive then I still can't connect over the public ip
(and I can no longer connect over the vpn either):
        bind                    = 203.89.001.001

If I stop the openvpn service I still cannot connect over the public ip
address.

If I flush the firewall rules I still cannot connect over the public ip
address.

Any help appreciated

Cameron

ifconfig
eth1      Link encap:Ethernet  HWaddr 00:18:71:8C:32:FF
          inet addr:203.89.001.001  Bcast:203.89.001.255  Mask:255.255.255.0
          inet6 addr: fe88::208:88ff:fe8c:32ff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:34918988 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34021478 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1462983820 (1.3 GiB)  TX bytes:1275513509 (1.1 GiB)
          Interrupt:193

eth1:1    Link encap:Ethernet  HWaddr 00:18:71:8C:32:FF
          inet addr:203.89.001.007  Bcast:203.89.001.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:193

eth1:2    Link encap:Ethernet  HWaddr 00:18:71:8C:32:FF
          inet addr:203.89.001.008  Bcast:203.89.001.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:193

eth1:3    Link encap:Ethernet  HWaddr 00:18:71:8C:32:FF
          inet addr:203.89.001.009  Bcast:203.89.001.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:193

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:7470203 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7470203 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1010165066 (963.3 MiB)  TX bytes:1010165066 (963.3 MiB)

tun0      Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)



All the documentation I read when learning to set up tftp stated that it's an insecure protocol ill-suited to sharing stuff over public networks. It's best left for its intended purpose, sharing firmware, boot code and such over networks under one's own control.

One of the risks is that, with a default installation[1], anyone who can read your data can change your data.

If you control both ends of the VPN then that would seem to meet that guideline.

If you want to persist with sharing over the public internet, then look at your firewall rules to see whether
1, There's a problem restricting your transfer
2. You have adequate controls over who can share your data.


For more general data sharing I recommend and use http.

[1] The Fedora/Red Hat installations are not default, they're secured and configured to a special purpose, sharing boot code. Changing that setup isn't hard, but one needs to understand the possible consequences.

--

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux