On 11 October 2011 00:05, Frantisek Hanzlik <franta@xxxxxxxxxxx> wrote:
No contrack_tftp running, but it is not needed with localhost TFTP test.
How do I load conntrack_tftp ?
systemctl restart xinetd.service
Aaron Gray wrote:
> On 10 October 2011 23:31, Frantisek Hanzlik <franta@xxxxxxxxxxx <mailto:franta@xxxxxxxxxxx>>
> <mailto:franta@xxxxxxxxxxx> <mailto:franta@xxxxxxxxxxx <mailto:franta@xxxxxxxxxxx>>>
> > wrote:Is nf_conntrack_tftp module loaded? You should obtain similar output:
> >
> > Aaron Gray wrote:
> > ...
> > >
> > > 4) if You use firewall (iptables), You should load nf_conntrack_tftp module,
> > > for tracking ephemeral ports. That means /etc/sysconfig/iptables-config should
> > > contain line as:
> > > ...
> > > IPTABLES_MODULES="nf_conntrack_tftp"
> > > ...
> > > (other module is for NATting tftp connection)
> > >
> > >
> > > using localhost
> >
> > loopback (lo interface) is subject to firewall rules too. And Your tcpdump
> > below show IP addresses 192.168.0.4 and 192.168.0.5 - they perhaps are not
> > at lo loopback interface?
> > Have You firewall active?
> >
> >
> > I wrote a firewall rule :-
> >
> > -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
>
> Then You should have (best at beginning of filter table rules) rule:
>
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>
>
> Okay.
>
>
>
> (and nf_conntrack_tftp module listed in "/etc/sysconfig/iptables-config",
> as I wrote before). You must restart iptables after these changes.
# lsmod |grep tftp
nf_conntrack_tftp 3325 0
nf_conntrack 56162 4 nf_conntrack_tftp,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state
No contrack_tftp running, but it is not needed with localhost TFTP test.
How do I load conntrack_tftp ?
> > udp 0 0 0.0.0.0:69 <http://0.0.0.0:69> 0.0.0.0:* 1595/xinetd
> > > 5) /var/log/messages should contain entries as:
> > > Oct 10 20:28:32 ns xinetd[1908]: START: tftp pid=5315 from=192.168.1.22
> > > Oct 10 20:28:42 ns xinetd[1908]: EXIT: tftp status=0 pid=5315 duration=10(sec)
> > >
> > >
> > > Oct 10 21:09:07 gold xinetd[13402]: Exiting...
> > > Oct 10 21:09:12 gold xinetd[13650]: xinetd Version 2.3.14 started with libwrap loadavg
> > > labeled-networking options compiled in.
> > > Oct 10 21:09:12 gold xinetd[13650]: Started working: 1 available service
> >
> > There isn't nothing about that xinetd starts tftp daemon. Mentioned
> > "1 available service" is tftp?
> > This command show only tftp:
> >
> > # grep '^[[:blank:]]*disable.*no' /etc/xinetd.d/*
> > /etc/xinetd.d/tftp: disable = no
> >
> >
> > I tested it and it is the only xinetd demon running
> >
> >
> > Next command display some similar at Your server?:
> > # netstat -a -n -p --ip|grep 69
What netstat now displays? Is xinetd listening at udp 69 ??
Here too... :)
> This command has probably no output at Your server, because...
>
> >> Can You post Your "/etc/xinetd.d/tftp" file?
> >
> > Attached.
>
> ... Your "/etc/xinetd.d/tftp" contains "disable = yes" line, thus
>
>
> sorry, don't know how that happened ? Its late here !
Did You reload xinetd daemon after changes in "/etc/xinetd.d/tftp"?
systemctl restart xinetd.service
I understand maybe only partialy, sorry for my extrabad english.
> It still does not work with "disable = no"
>
> tftp service is disabled. You must change it to "disable = no" and
> reload xinetd (using "service xinetd reload" or
> "systemctl reload xinetd.service"). "/var/log/messages" tail
> should indicate new service:
>
> Oct 11 00:25:10 franta xinetd[1556]: Starting reconfiguration
> Oct 11 00:25:10 franta xinetd[1556]: Swapping defaults
> Oct 11 00:25:10 franta xinetd[1556]: Reconfigured: new=1 old=0 dropped=0 (services)
>
> and above netstat command should display xinetd listening at
> udp port 69
>
>
> Thanks for bearing with me on this.
>
> Just tried rsync and that works fine so its not xinetd.
What display "netstat -a -n -p|grep xinet" command?
[root@XXXX ang]# netstat -a -n -p|grep xinet
tcp 0 0 :::873 :::* LISTEN 1127/xinetd
udp 0 0 0.0.0.0:69 0.0.0.0:* 1127/xinetd
unix 2 [ ] DGRAM 17415 1127/xinetd
Thanks,
Aaron
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
