tftp and pix error
 

Hi. I am attempting to copy the running-config on a pix to my machine using tftp. I have configured my computer to use tftp as follows:

# mkdir /tftpboot
# chown nobody:nobody /tftpboot

service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s -c /tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}

/etc/rc.d/init.d/xinetd reload

The command i use to copy the running config is:

copy running-config tftp://x.x.x.x/running-config.cfg

I get either of this two errors:
1. Only absolute filenames allowed
2. Permission denied

How can i get this fixed? I need to make a backup of the pix's configuration. Thanks in advanced for all the help.

FWIW: I have never been able to "write/put" to the linux based tftpd, just read. Although, when using the Solarwinds tftpd server on my XP box, I can read/write files without any problems from my cisco routers/switches. If you ever get tftpd writes working, I would like to know the solution. To me, this is a permissions based problem on the directories, but I have even done chmod 777 on /tmp and /tftpboot directories during my tests, but still no cigar.

If you need to backup your cisco device, I would suggest using the tftp client on your linux box and pull/get the startup-config from your cisco device. Thats what I ended up doing at my end (I admin a little over 100 cisco routers/switches). I simply wrote a shell script that loops for each cisco device listed in a variable. Then I added this script to the daily cron job.

Oops! Missed the part about the PIX. So my previous reply is probably useless.

In order for me to backup my PIX's, I currently have to use the solarwinds tftp server on my XP box (I know!). I added this step as part of my change control procedures, since I cannot pull the pix startup-config using the shell script that I use for my routers/switches.

FWIW: The following is a copy/paste of my manual process of backing up a PIX device using the solarwinds tftp server:
Again, if you ever get the linux tftpd server working for writes, I would be interested in the solution. It would be nice to backup the PIX's directly to my linux box where all other cisco device startup-configs are stored.

Oh darn, i guess i will have to back it up through windows. But i will not give up. And yes, i have given even chmod 777 and disabled the firewall on linux, to no avail. I followed every step on cisco related material, and nothing seems to work.

:scratch: I guess i will keep on trying.

TFTP Setting
 

I ran across this a while back. The problem I had was my TFTP server was configured to only transmit files by default.

Using debian and the regular NSA TFTPD downloaded with apt-get install tftpd, the configuration for TFTPd is held in /etc/inetd.conf. I am not sure where the read or read-write is defined for the running server but the following may help you:

To write a file to the TFPTd server, the file must already exist and have world writable attribute. This where you can control read or read write permissions also...

So:

touch /path/to/tftp/filename.bin
chmod a+rw /path/to/tftp/filename.bin

you mentioned setting the permission on the directory so i assume you would have mentioned the "existing" file's permissions also had you already created it. Hope this helps.

Sorry i haven't replied in a while. I am doing it again. I will not stop now until i get it done. I will be trying all these things you have written down here; i will also post back whatever i find, and hopefully, the way to get tftp working with the pix.

I'll keep you guys posted.

Ok, i performed the actions you suggested here. Installed the tftp server, configured /etc/xined.d/tftp, created the file /tftpboot/pix.cfg and gave a+rw permissions to it. I also went into System Settings > Security Level > SELinux and checked the box under 'SELinux Service Protection' that says 'Disable SELinux protection for tftpd daemon'.

I still get:

How did you tell it to not only transmit but receive as well?:scratch:

looks like the -c option would come in there, to allow brand new files to be created.

I had the same issue, and that's what I had to do. Poking around in the man files I figured that out.

I am not at work right now. But i do believe that the xinetd.conf file does have the -c option along with a -s option, if i remember correctly. I'll check it up as soon as i get back to work.

Thanks, i'll be posting if it works and if it doesn't. Wish me luck and thanks a lot.

The /etc/xinetd.d/tftp file i wrote looks like this:

Notice that i have the -c option in server_args to make sure i have write privileges. I don't know what else to do.

Just for kicks, try leaving off the -s so it doesn't expect a relative path? The -s is primarily for compatibility with Sun boot ROMs. It's worth a shot.

Dude, this is a different error message; now i have 'forbidden directory'. It did apparently find something deeper than access to the machine itself. Now the problem could be directory permissions. I will 'chmod 777 /tftpboot' to see what happens. I'll post back with the results.

So, nothing changed after performing chmod. I don't know if there is a particular line one has to change in some file to tell it to store in /tftpboot directory. I guess that's gotta be a default path, which i know it is. And the directory has permissions to do anything:
'drwxrwxrwx 2 nobody nobody 4096 Dec 11 16:16 tftpboot'
Could the fact that 'nobody' owns the directory and that user in /etc/xinetd.d/tftp is 'root' be the cuase of this problem?

not tried it myself, but i'd not expect a filename with a ; to be accepted, and wouldn't the second slash before the filename also be grounds to whine?