On 10 October 2011 23:31, Frantisek Hanzlik <franta@xxxxxxxxxxx> wrote:
Okay.
sorry, don't know how that happened ? Its late here !
It still does not work with "disable = no"
Aaron Gray wrote:
> On 10 October 2011 22:20, Frantisek Hanzlik <franta@xxxxxxxxxxx <mailto:franta@xxxxxxxxxxx>>
> wrote:Then You should have (best at beginning of filter table rules) rule:
>
> Aaron Gray wrote:
> ...
> >
> > 4) if You use firewall (iptables), You should load nf_conntrack_tftp module,
> > for tracking ephemeral ports. That means /etc/sysconfig/iptables-config should
> > contain line as:
> > ...
> > IPTABLES_MODULES="nf_conntrack_tftp"
> > ...
> > (other module is for NATting tftp connection)
> >
> >
> > using localhost
>
> loopback (lo interface) is subject to firewall rules too. And Your tcpdump
> below show IP addresses 192.168.0.4 and 192.168.0.5 - they perhaps are not
> at lo loopback interface?
> Have You firewall active?
>
>
> I wrote a firewall rule :-
>
> -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
Okay.
(and nf_conntrack_tftp module listed in "/etc/sysconfig/iptables-config",
as I wrote before). You must restart iptables after these changes.
This command has probably no output at Your server, because...
> > 5) /var/log/messages should contain entries as:
> > Oct 10 20:28:32 ns xinetd[1908]: START: tftp pid=5315 from=192.168.1.22
> > Oct 10 20:28:42 ns xinetd[1908]: EXIT: tftp status=0 pid=5315 duration=10(sec)
> >
> >
> > Oct 10 21:09:07 gold xinetd[13402]: Exiting...
> > Oct 10 21:09:12 gold xinetd[13650]: xinetd Version 2.3.14 started with libwrap loadavg
> > labeled-networking options compiled in.
> > Oct 10 21:09:12 gold xinetd[13650]: Started working: 1 available service
>
> There isn't nothing about that xinetd starts tftp daemon. Mentioned
> "1 available service" is tftp?
> This command show only tftp:
>
> # grep '^[[:blank:]]*disable.*no' /etc/xinetd.d/*
> /etc/xinetd.d/tftp: disable = no
>
>
> I tested it and it is the only xinetd demon running
>
>
> Next command display some similar at Your server?:
> # netstat -a -n -p --ip|grep 69
> udp 0 0 0.0.0.0:69 0.0.0.0:* 1595/xinetd
... Your "/etc/xinetd.d/tftp" contains "disable = yes" line, thus
>> Can You post Your "/etc/xinetd.d/tftp" file?
>
> Attached.
sorry, don't know how that happened ? Its late here !
It still does not work with "disable = no"
tftp service is disabled. You must change it to "disable = no" and
reload xinetd (using "service xinetd reload" or
"systemctl reload xinetd.service"). "/var/log/messages" tail
should indicate new service:
Oct 11 00:25:10 franta xinetd[1556]: Starting reconfiguration
Oct 11 00:25:10 franta xinetd[1556]: Swapping defaults
Oct 11 00:25:10 franta xinetd[1556]: Reconfigured: new=1 old=0 dropped=0 (services)
and above netstat command should display xinetd listening at
udp port 69
Thanks for bearing with me on this.
Just tried rsync and that works fine so its not xinetd.
Aaron
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
