Aaron Gray wrote: > On 10 October 2011 22:20, Frantisek Hanzlik <franta@xxxxxxxxxxx <mailto:franta@xxxxxxxxxxx>> > wrote: > > Aaron Gray wrote: > ... > > > > 4) if You use firewall (iptables), You should load nf_conntrack_tftp module, > > for tracking ephemeral ports. That means /etc/sysconfig/iptables-config should > > contain line as: > > ... > > IPTABLES_MODULES="nf_conntrack_tftp" > > ... > > (other module is for NATting tftp connection) > > > > > > using localhost > > loopback (lo interface) is subject to firewall rules too. And Your tcpdump > below show IP addresses 192.168.0.4 and 192.168.0.5 - they perhaps are not > at lo loopback interface? > Have You firewall active? > > > I wrote a firewall rule :- > > -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT Then You should have (best at beginning of filter table rules) rule: -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT (and nf_conntrack_tftp module listed in "/etc/sysconfig/iptables-config", as I wrote before). You must restart iptables after these changes. > > 5) /var/log/messages should contain entries as: > > Oct 10 20:28:32 ns xinetd[1908]: START: tftp pid=5315 from=192.168.1.22 > > Oct 10 20:28:42 ns xinetd[1908]: EXIT: tftp status=0 pid=5315 duration=10(sec) > > > > > > Oct 10 21:09:07 gold xinetd[13402]: Exiting... > > Oct 10 21:09:12 gold xinetd[13650]: xinetd Version 2.3.14 started with libwrap loadavg > > labeled-networking options compiled in. > > Oct 10 21:09:12 gold xinetd[13650]: Started working: 1 available service > > There isn't nothing about that xinetd starts tftp daemon. Mentioned > "1 available service" is tftp? > This command show only tftp: > > # grep '^[[:blank:]]*disable.*no' /etc/xinetd.d/* > /etc/xinetd.d/tftp: disable = no > > > I tested it and it is the only xinetd demon running > > > Next command display some similar at Your server?: > # netstat -a -n -p --ip|grep 69 > udp 0 0 0.0.0.0:69 0.0.0.0:* 1595/xinetd This command has probably no output at Your server, because... >> Can You post Your "/etc/xinetd.d/tftp" file? > > Attached. ... Your "/etc/xinetd.d/tftp" contains "disable = yes" line, thus tftp service is disabled. You must change it to "disable = no" and reload xinetd (using "service xinetd reload" or "systemctl reload xinetd.service"). "/var/log/messages" tail should indicate new service: Oct 11 00:25:10 franta xinetd[1556]: Starting reconfiguration Oct 11 00:25:10 franta xinetd[1556]: Swapping defaults Oct 11 00:25:10 franta xinetd[1556]: Reconfigured: new=1 old=0 dropped=0 (services) and above netstat command should display xinetd listening at udp port 69 -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
