tftp and pix error
Hi. I am attempting to copy the running-config on a pix to my machine using tftp. I have configured my computer to use tftp as follows:
# mkdir /tftpboot # chown nobody:nobody /tftpboot service tftp { socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s -c /tftpboot disable = no per_source = 11 cps = 100 2 flags = IPv4 } /etc/rc.d/init.d/xinetd reload The command i use to copy the running config is: copy running-config tftp://x.x.x.x/running-config.cfg I get either of this two errors: 1. Only absolute filenames allowed 2. Permission denied How can i get this fixed? I need to make a backup of the pix's configuration. Thanks in advanced for all the help. |
FWIW: I have never been able to "write/put" to the linux based tftpd, just read. Although, when using the Solarwinds tftpd server on my XP box, I can read/write files without any problems from my cisco routers/switches. If you ever get tftpd writes working, I would like to know the solution. To me, this is a permissions based problem on the directories, but I have even done chmod 777 on /tmp and /tftpboot directories during my tests, but still no cigar.
If you need to backup your cisco device, I would suggest using the tftp client on your linux box and pull/get the startup-config from your cisco device. Thats what I ended up doing at my end (I admin a little over 100 cisco routers/switches). I simply wrote a shell script that loops for each cisco device listed in a variable. Then I added this script to the daily cron job. |
Oops! Missed the part about the PIX. So my previous reply is probably useless.
In order for me to backup my PIX's, I currently have to use the solarwinds tftp server on my XP box (I know!). I added this step as part of my change control procedures, since I cannot pull the pix startup-config using the shell script that I use for my routers/switches. FWIW: The following is a copy/paste of my manual process of backing up a PIX device using the solarwinds tftp server: Code:
pix-idc# sh ver |
Oh darn, i guess i will have to back it up through windows. But i will not give up. And yes, i have given even chmod 777 and disabled the firewall on linux, to no avail. I followed every step on cisco related material, and nothing seems to work.
:scratch: I guess i will keep on trying. |
TFTP Setting
I ran across this a while back. The problem I had was my TFTP server was configured to only transmit files by default.
|
Using debian and the regular NSA TFTPD downloaded with apt-get install tftpd, the configuration for TFTPd is held in /etc/inetd.conf. I am not sure where the read or read-write is defined for the running server but the following may help you:
To write a file to the TFPTd server, the file must already exist and have world writable attribute. This where you can control read or read write permissions also... So: touch /path/to/tftp/filename.bin chmod a+rw /path/to/tftp/filename.bin you mentioned setting the permission on the directory so i assume you would have mentioned the "existing" file's permissions also had you already created it. Hope this helps. |
Sorry i haven't replied in a while. I am doing it again. I will not stop now until i get it done. I will be trying all these things you have written down here; i will also post back whatever i find, and hopefully, the way to get tftp working with the pix.
I'll keep you guys posted. Ok, i performed the actions you suggested here. Installed the tftp server, configured /etc/xined.d/tftp, created the file /tftpboot/pix.cfg and gave a+rw permissions to it. I also went into System Settings > Security Level > SELinux and checked the box under 'SELinux Service Protection' that says 'Disable SELinux protection for tftpd daemon'. I still get: Code:
Cryptochecksum: 1f7b7f24 2ded26d5 037f7dc6 e11f73ab |
Quote:
|
looks like the -c option would come in there, to allow brand new files to be created.
|
Quote:
|
I am not at work right now. But i do believe that the xinetd.conf file does have the -c option along with a -s option, if i remember correctly. I'll check it up as soon as i get back to work.
Thanks, i'll be posting if it works and if it doesn't. Wish me luck and thanks a lot. |
The /etc/xinetd.d/tftp file i wrote looks like this:
Code:
# default: off |
Just for kicks, try leaving off the -s so it doesn't expect a relative path? The -s is primarily for compatibility with Sun boot ROMs. It's worth a shot.
|
Code:
Source filename [running-config]? So, nothing changed after performing chmod. I don't know if there is a particular line one has to change in some file to tell it to store in /tftpboot directory. I guess that's gotta be a default path, which i know it is. And the directory has permissions to do anything: 'drwxrwxrwx 2 nobody nobody 4096 Dec 11 16:16 tftpboot' Could the fact that 'nobody' owns the directory and that user in /etc/xinetd.d/tftp is 'root' be the cuase of this problem? |
not tried it myself, but i'd not expect a filename with a ; to be accepted, and wouldn't the second slash before the filename also be grounds to whine?
|
All times are GMT -5. The time now is 10:43 PM. |