Aaron Gray wrote: > On 10 October 2011 23:31, Frantisek Hanzlik <franta@xxxxxxxxxxx <mailto:franta@xxxxxxxxxxx>> > wrote: > > Aaron Gray wrote: > > On 10 October 2011 22:20, Frantisek Hanzlik <franta@xxxxxxxxxxx > <mailto:franta@xxxxxxxxxxx> <mailto:franta@xxxxxxxxxxx <mailto:franta@xxxxxxxxxxx>>> > > wrote: > > > > Aaron Gray wrote: > > ... > > > > > > 4) if You use firewall (iptables), You should load nf_conntrack_tftp module, > > > for tracking ephemeral ports. That means /etc/sysconfig/iptables-config should > > > contain line as: > > > ... > > > IPTABLES_MODULES="nf_conntrack_tftp" > > > ... > > > (other module is for NATting tftp connection) > > > > > > > > > using localhost > > > > loopback (lo interface) is subject to firewall rules too. And Your tcpdump > > below show IP addresses 192.168.0.4 and 192.168.0.5 - they perhaps are not > > at lo loopback interface? > > Have You firewall active? > > > > > > I wrote a firewall rule :- > > > > -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT > > Then You should have (best at beginning of filter table rules) rule: > > -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > > Okay. > > > > (and nf_conntrack_tftp module listed in "/etc/sysconfig/iptables-config", > as I wrote before). You must restart iptables after these changes. Is nf_conntrack_tftp module loaded? You should obtain similar output: # lsmod |grep tftp nf_conntrack_tftp 3325 0 nf_conntrack 56162 4 nf_conntrack_tftp,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state > > > 5) /var/log/messages should contain entries as: > > > Oct 10 20:28:32 ns xinetd[1908]: START: tftp pid=5315 from=192.168.1.22 > > > Oct 10 20:28:42 ns xinetd[1908]: EXIT: tftp status=0 pid=5315 duration=10(sec) > > > > > > > > > Oct 10 21:09:07 gold xinetd[13402]: Exiting... > > > Oct 10 21:09:12 gold xinetd[13650]: xinetd Version 2.3.14 started with libwrap loadavg > > > labeled-networking options compiled in. > > > Oct 10 21:09:12 gold xinetd[13650]: Started working: 1 available service > > > > There isn't nothing about that xinetd starts tftp daemon. Mentioned > > "1 available service" is tftp? > > This command show only tftp: > > > > # grep '^[[:blank:]]*disable.*no' /etc/xinetd.d/* > > /etc/xinetd.d/tftp: disable = no > > > > > > I tested it and it is the only xinetd demon running > > > > > > Next command display some similar at Your server?: > > # netstat -a -n -p --ip|grep 69 > > udp 0 0 0.0.0.0:69 <http://0.0.0.0:69> 0.0.0.0:* 1595/xinetd What netstat now displays? Is xinetd listening at udp 69 ?? > This command has probably no output at Your server, because... > > >> Can You post Your "/etc/xinetd.d/tftp" file? > > > > Attached. > > ... Your "/etc/xinetd.d/tftp" contains "disable = yes" line, thus > > > sorry, don't know how that happened ? Its late here ! Here too... :) Did You reload xinetd daemon after changes in "/etc/xinetd.d/tftp"? > It still does not work with "disable = no" > > tftp service is disabled. You must change it to "disable = no" and > reload xinetd (using "service xinetd reload" or > "systemctl reload xinetd.service"). "/var/log/messages" tail > should indicate new service: > > Oct 11 00:25:10 franta xinetd[1556]: Starting reconfiguration > Oct 11 00:25:10 franta xinetd[1556]: Swapping defaults > Oct 11 00:25:10 franta xinetd[1556]: Reconfigured: new=1 old=0 dropped=0 (services) > > and above netstat command should display xinetd listening at > udp port 69 > > > Thanks for bearing with me on this. > > Just tried rsync and that works fine so its not xinetd. I understand maybe only partialy, sorry for my extrabad english. What display "netstat -a -n -p|grep xinet" command? -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
