LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 04-29-2006, 10:58 AM   #1
trebek
Member
 
Registered: Feb 2005
Location: Costa Rica
Distribution: Ubuntu, gOS, Debian & Slack 12
Posts: 426

Rep: Reputation: 30
tftp and pix error


Hi. I am attempting to copy the running-config on a pix to my machine using tftp. I have configured my computer to use tftp as follows:

# mkdir /tftpboot
# chown nobody:nobody /tftpboot

service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s -c /tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}

/etc/rc.d/init.d/xinetd reload

The command i use to copy the running config is:

copy running-config tftp://x.x.x.x/running-config.cfg

I get either of this two errors:
1. Only absolute filenames allowed
2. Permission denied

How can i get this fixed? I need to make a backup of the pix's configuration. Thanks in advanced for all the help.
 
Old 04-30-2006, 06:41 AM   #2
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
FWIW: I have never been able to "write/put" to the linux based tftpd, just read. Although, when using the Solarwinds tftpd server on my XP box, I can read/write files without any problems from my cisco routers/switches. If you ever get tftpd writes working, I would like to know the solution. To me, this is a permissions based problem on the directories, but I have even done chmod 777 on /tmp and /tftpboot directories during my tests, but still no cigar.

If you need to backup your cisco device, I would suggest using the tftp client on your linux box and pull/get the startup-config from your cisco device. Thats what I ended up doing at my end (I admin a little over 100 cisco routers/switches). I simply wrote a shell script that loops for each cisco device listed in a variable. Then I added this script to the daily cron job.
 
Old 04-30-2006, 07:37 AM   #3
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
Oops! Missed the part about the PIX. So my previous reply is probably useless.

In order for me to backup my PIX's, I currently have to use the solarwinds tftp server on my XP box (I know!). I added this step as part of my change control procedures, since I cannot pull the pix startup-config using the shell script that I use for my routers/switches.

FWIW: The following is a copy/paste of my manual process of backing up a PIX device using the solarwinds tftp server:
Code:
pix-idc# sh ver

Cisco PIX Security Appliance Software Version 7.0(2)
Device Manager Version 5.0(1)

Compiled on Fri 15-Jul-05 22:55 by builders
System image file is "flash:/pix-702.bin"
Config file at boot was "startup-config"
....
pix-idc# copy startup-config tftp:

Address or name of remote host []? 192.168.32.10

Destination filename [startup-config]?
!!!!!!!
28544 bytes copied in 2.600 secs (14272 bytes/sec)
pix-idc#
Again, if you ever get the linux tftpd server working for writes, I would be interested in the solution. It would be nice to backup the PIX's directly to my linux box where all other cisco device startup-configs are stored.
 
Old 05-01-2006, 02:19 PM   #4
trebek
Member
 
Registered: Feb 2005
Location: Costa Rica
Distribution: Ubuntu, gOS, Debian & Slack 12
Posts: 426

Original Poster
Rep: Reputation: 30
Oh darn, i guess i will have to back it up through windows. But i will not give up. And yes, i have given even chmod 777 and disabled the firewall on linux, to no avail. I followed every step on cisco related material, and nothing seems to work.

I guess i will keep on trying.
 
Old 05-18-2006, 07:49 AM   #5
Csargent1
LQ Newbie
 
Registered: May 2006
Posts: 1

Rep: Reputation: 0
TFTP Setting

I ran across this a while back. The problem I had was my TFTP server was configured to only transmit files by default.
 
Old 05-28-2006, 08:47 PM   #6
spcsys
LQ Newbie
 
Registered: May 2006
Location: Alabama
Distribution: Debian and OpenBSD
Posts: 1

Rep: Reputation: 0
Thumbs up

Using debian and the regular NSA TFTPD downloaded with apt-get install tftpd, the configuration for TFTPd is held in /etc/inetd.conf. I am not sure where the read or read-write is defined for the running server but the following may help you:

To write a file to the TFPTd server, the file must already exist and have world writable attribute. This where you can control read or read write permissions also...

So:

touch /path/to/tftp/filename.bin
chmod a+rw /path/to/tftp/filename.bin

you mentioned setting the permission on the directory so i assume you would have mentioned the "existing" file's permissions also had you already created it. Hope this helps.
 
Old 12-08-2006, 10:00 AM   #7
trebek
Member
 
Registered: Feb 2005
Location: Costa Rica
Distribution: Ubuntu, gOS, Debian & Slack 12
Posts: 426

Original Poster
Rep: Reputation: 30
Sorry i haven't replied in a while. I am doing it again. I will not stop now until i get it done. I will be trying all these things you have written down here; i will also post back whatever i find, and hopefully, the way to get tftp working with the pix.

I'll keep you guys posted.

Ok, i performed the actions you suggested here. Installed the tftp server, configured /etc/xined.d/tftp, created the file /tftpboot/pix.cfg and gave a+rw permissions to it. I also went into System Settings > Security Level > SELinux and checked the box under 'SELinux Service Protection' that says 'Disable SELinux protection for tftpd daemon'.

I still get:
Code:
Cryptochecksum: 1f7b7f24 2ded26d5 037f7dc6 e11f73ab
!!!!!!!!!!
%Error writing tftp://192.168.220.214//pix.cfg;int=inside (Permission denied)

Last edited by trebek; 12-08-2006 at 10:40 AM.
 
Old 12-08-2006, 10:45 AM   #8
trebek
Member
 
Registered: Feb 2005
Location: Costa Rica
Distribution: Ubuntu, gOS, Debian & Slack 12
Posts: 426

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Csargent1
I ran across this a while back. The problem I had was my TFTP server was configured to only transmit files by default.
How did you tell it to not only transmit but receive as well?
 
Old 12-09-2006, 03:41 PM   #9
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,345

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
looks like the -c option would come in there, to allow brand new files to be created.
 
Old 12-09-2006, 07:52 PM   #10
ARC1450
Member
 
Registered: Jun 2005
Location: Odenton, MD
Distribution: Gentoo
Posts: 290

Rep: Reputation: 30
Quote:
Originally Posted by acid_kewpie
looks like the -c option would come in there, to allow brand new files to be created.
I had the same issue, and that's what I had to do. Poking around in the man files I figured that out.
 
Old 12-09-2006, 11:32 PM   #11
trebek
Member
 
Registered: Feb 2005
Location: Costa Rica
Distribution: Ubuntu, gOS, Debian & Slack 12
Posts: 426

Original Poster
Rep: Reputation: 30
I am not at work right now. But i do believe that the xinetd.conf file does have the -c option along with a -s option, if i remember correctly. I'll check it up as soon as i get back to work.

Thanks, i'll be posting if it works and if it doesn't. Wish me luck and thanks a lot.
 
Old 12-11-2006, 03:37 PM   #12
trebek
Member
 
Registered: Feb 2005
Location: Costa Rica
Distribution: Ubuntu, gOS, Debian & Slack 12
Posts: 426

Original Poster
Rep: Reputation: 30
The /etc/xinetd.d/tftp file i wrote looks like this:

Code:
# default: off
# description: The tftp server serves files using the trivial file transfer \
#       protocol.  The tftp protocol is often used to boot diskless \
#       workstations, download configuration files to network-aware printers, \
#       and to start the installation process for some operating systems.
service tftp
{
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -c -s /tftpboot
        disable                 = no
        per_source              = 11
        cps                     = 100 2
}
Notice that i have the -c option in server_args to make sure i have write privileges. I don't know what else to do.
 
Old 12-11-2006, 04:12 PM   #13
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Just for kicks, try leaving off the -s so it doesn't expect a relative path? The -s is primarily for compatibility with Sun boot ROMs. It's worth a shot.
 
Old 12-11-2006, 04:17 PM   #14
trebek
Member
 
Registered: Feb 2005
Location: Costa Rica
Distribution: Ubuntu, gOS, Debian & Slack 12
Posts: 426

Original Poster
Rep: Reputation: 30
Code:
Source filename [running-config]?

Address or name of remote host [192.168.220.214]?

Destination filename [pix.cfg;int=inside]?
Cryptochecksum: 1cad74ed d34a66f8 c96a4a09 56890a74
!!!!!!!!!!
%Error writing tftp://192.168.220.214//pix.cfg;int=inside (Forbidden directory)
Dude, this is a different error message; now i have 'forbidden directory'. It did apparently find something deeper than access to the machine itself. Now the problem could be directory permissions. I will 'chmod 777 /tftpboot' to see what happens. I'll post back with the results.

So, nothing changed after performing chmod. I don't know if there is a particular line one has to change in some file to tell it to store in /tftpboot directory. I guess that's gotta be a default path, which i know it is. And the directory has permissions to do anything:
'drwxrwxrwx 2 nobody nobody 4096 Dec 11 16:16 tftpboot'
Could the fact that 'nobody' owns the directory and that user in /etc/xinetd.d/tftp is 'root' be the cuase of this problem?

Last edited by trebek; 12-11-2006 at 04:24 PM.
 
Old 12-11-2006, 04:20 PM   #15
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,345

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
not tried it myself, but i'd not expect a filename with a ; to be accepted, and wouldn't the second slash before the filename also be grounds to whine?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Error "TFTP open timeout" Ogi Linux - Networking 5 10-07-2009 09:16 AM
Cisco PIX 500 Series Secure Firewall (PIX-520) robertwolfe Linux - Networking 1 01-19-2006 04:37 AM
IPTables vs PIX noorania Linux - Security 8 11-26-2004 07:58 PM
LTSP server TFTP file not found error LinuxRam Linux - Networking 11 09-02-2004 12:13 AM
TFTP-Problem: TFTP timed out Bikerpete Linux - General 2 08-14-2003 05:25 AM


All times are GMT -5. The time now is 01:21 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration