On 10 October 2011 22:20, Frantisek Hanzlik <franta@xxxxxxxxxxx> wrote:
I wrote a firewall rule :-
-A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
I tested it and it is the only xinetd demon running
Attached.
No I tried it remote because I did not know how to use tcpdump locally without reading the manual and I had another machine handy. The F15 laptop that does run tftp fine with the same xinetd.d/tftp configuration file thats why I am so confused !
Tried that before with F14, made no difference, but I will try again.
Aaron Gray wrote:
...
>loopback (lo interface) is subject to firewall rules too. And Your tcpdump
> 4) if You use firewall (iptables), You should load nf_conntrack_tftp module,
> for tracking ephemeral ports. That means /etc/sysconfig/iptables-config should
> contain line as:
> ...
> IPTABLES_MODULES="nf_conntrack_tftp"
> ...
> (other module is for NATting tftp connection)
>
>
> using localhost
below show IP addresses 192.168.0.4 and 192.168.0.5 - they perhaps are not
at lo loopback interface?
Have You firewall active?
I wrote a firewall rule :-
-A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
There isn't nothing about that xinetd starts tftp daemon. Mentioned
>
>
>
> 5) /var/log/messages should contain entries as:
> Oct 10 20:28:32 ns xinetd[1908]: START: tftp pid=5315 from=192.168.1.22
> Oct 10 20:28:42 ns xinetd[1908]: EXIT: tftp status=0 pid=5315 duration=10(sec)
>
>
> Oct 10 21:09:07 gold xinetd[13402]: Exiting...
> Oct 10 21:09:12 gold xinetd[13650]: xinetd Version 2.3.14 started with libwrap loadavg
> labeled-networking options compiled in.
> Oct 10 21:09:12 gold xinetd[13650]: Started working: 1 available service
"1 available service" is tftp?
This command show only tftp:
# grep '^[[:blank:]]*disable.*no' /etc/xinetd.d/*
/etc/xinetd.d/tftp: disable = no
I tested it and it is the only xinetd demon running
Next command display some similar at Your server?:
# netstat -a -n -p --ip|grep 69
udp 0 0 0.0.0.0:69 0.0.0.0:* 1595/xinetd
Can You post Your "/etc/xinetd.d/tftp" file?
Attached.
It isn't traffic at localhost, as You wrote above, em1 is external interface.
>
> is all I am getting in messages
>
> Checked tfpt is the only one enabled
>
>
>
>
> 6) tcpdump on relevant interface (here eth0) should display traffic,
> at minimal incomming packet:
> # tcpdump -i eth0 -l -nn udp port 69
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
> 20:43:13.612200 IP 192.168.1.22.58949 > 192.168.1.254.69: 17 RRQ "b.log" netascii
>
>
> [root@xxxxx /]# tcpdump -i em1 -l -nn udp port 69
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes
> 21:33:08.653033 IP 192.168.0.5.47352 > 192.168.0.4.69: 19 RRQ "vmlinuz" netascii
> 21:33:13.653306 IP 192.168.0.5.47352 > 192.168.0.4.69: 19 RRQ "vmlinuz" netascii
> 21:33:18.653565 IP 192.168.0.5.47352 > 192.168.0.4.69: 19 RRQ "vmlinuz" netascii
> 21:33:23.653963 IP 192.168.0.5.47352 > 192.168.0.4.69: 19 RRQ "vmlinuz" netascii
> 21:33:28.654212 IP 192.168.0.5.47352 > 192.168.0.4.69: 19 RRQ "vmlinuz" netascii
> ^C
> 5 packets captured
> 5 packets received by filter
> 0 packets dropped by kernel
No I tried it remote because I did not know how to use tcpdump locally without reading the manual and I had another machine handy. The F15 laptop that does run tftp fine with the same xinetd.d/tftp configuration file thats why I am so confused !
With default timeout (900 sec=15min), You should be seing tftp running.
E.g. "ps xa|grep tftp" should display it. But there isn't line in messages
that xinetd start tftp daemon.
Most likely there is firewall or SELinux blocking incomming packets - can
You stop them?
Tried that before with F14, made no difference, but I will try again.
tcpdump usualy not display something other than first packet, as next dialog
(second and next packets) run at ephemeral port.
Franta
>
> Well thats it I am stumped tftp seem to be running but ignoring requests
>
> Aaron
Attachment:
tftp
Description: Binary data
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
