Re: Getting timeouts on TFTP on F15 as well as F14

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Aaron Gray wrote:
> On 10 October 2011 22:20, Frantisek Hanzlik <franta@xxxxxxxxxxx <mailto:franta@xxxxxxxxxxx>>
> wrote:
> 
>     Aaron Gray wrote:
>     ...
>     >
>     >     4) if You use firewall (iptables), You should load nf_conntrack_tftp module,
>     >     for tracking ephemeral ports. That means /etc/sysconfig/iptables-config should
>     >     contain line as:
>     >     ...
>     >     IPTABLES_MODULES="nf_conntrack_tftp"
>     >     ...
>     >     (other module is for NATting tftp connection)
>     >
>     >
>     > using localhost
> 
>     loopback (lo interface) is subject to firewall rules too. And Your tcpdump
>     below show IP addresses 192.168.0.4 and 192.168.0.5 - they perhaps are not
>     at lo loopback interface?
>     Have You firewall active?
> 
> 
> I wrote a firewall rule :-
>  
> -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT

Then You should have (best at beginning of filter table rules) rule:

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

(and nf_conntrack_tftp module listed in "/etc/sysconfig/iptables-config",
as I wrote before). You must restart iptables after these changes.


>     >     5) /var/log/messages should contain entries as:
>     >     Oct 10 20:28:32 ns xinetd[1908]: START: tftp pid=5315 from=192.168.1.22
>     >     Oct 10 20:28:42 ns xinetd[1908]: EXIT: tftp status=0 pid=5315 duration=10(sec)
>     >
>     >
>     > Oct 10 21:09:07 gold xinetd[13402]: Exiting...
>     > Oct 10 21:09:12 gold xinetd[13650]: xinetd Version 2.3.14 started with libwrap loadavg
>     > labeled-networking options compiled in.
>     > Oct 10 21:09:12 gold xinetd[13650]: Started working: 1 available service
> 
>     There isn't nothing about that xinetd starts tftp daemon. Mentioned
>     "1 available service" is tftp?
>     This command show only tftp:
> 
>     # grep '^[[:blank:]]*disable.*no' /etc/xinetd.d/*
>     /etc/xinetd.d/tftp:     disable = no
> 
> 
> I tested it and it is the only xinetd demon running
> 
> 
>     Next command display some similar at Your server?:
>     # netstat -a -n -p --ip|grep 69
>     udp        0      0 0.0.0.0:69           0.0.0.0:*      1595/xinetd

This command has probably no output at Your server, because...

>>     Can You post Your "/etc/xinetd.d/tftp" file?
> 
> Attached.

... Your "/etc/xinetd.d/tftp" contains "disable = yes" line, thus
tftp service is disabled. You must change it to "disable = no" and
reload xinetd (using "service xinetd reload" or
"systemctl reload xinetd.service"). "/var/log/messages" tail
should indicate new service:

Oct 11 00:25:10 franta xinetd[1556]: Starting reconfiguration
Oct 11 00:25:10 franta xinetd[1556]: Swapping defaults
Oct 11 00:25:10 franta xinetd[1556]: Reconfigured: new=1 old=0 dropped=0 (services)

and above netstat command should display xinetd listening at
udp port 69
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux