New guy studying for lpi 101 unable to get tftp running on Centos 7 server

sumncguy · 04-22-2015, 06:34 AM

I am trying to get tftp working on Centos 7. I think the below gives all info .. except the getenforce results which is disabled.

Quote:

[root@centos ~]# systemctl status tftp.socket
tftp.socket - Tftp Server Activation Socket
Loaded: loaded (/usr/lib/systemd/system/tftp.socket; disabled)
Active: inactive (dead)
Listen: [::]:69 (Datagram)

[root@centos ~]# systemctl status tftp.service
tftp.service - Tftp Server
Loaded: loaded (/usr/lib/systemd/system/tftp.service; static)
Active: inactive (dead)

[root@centos ~]# systemctl start tftp.socket
[root@centos ~]# systemctl start tftp.service

[root@centos ~]# systemctl status tftp.socket
tftp.socket - Tftp Server Activation Socket
Loaded: loaded (/usr/lib/systemd/system/tftp.socket; disabled)
Active: active (running) since Tue 2015-04-21 19:35:18 EDT; 16s ago
Listen: [::]:69 (Datagram)

Apr 21 19:35:18 centos systemd[1]: Starting Tftp Server Activation Socket.
Apr 21 19:35:18 centos systemd[1]: Listening on Tftp Server Activation Socket.

[root@centos ~]# systemctl status tftp.service
tftp.service - Tftp Server
Loaded: loaded (/usr/lib/systemd/system/tftp.service; static)
Active: active (running) since Tue 2015-04-21 19:35:29 EDT; 12s ago
Main PID: 4177 (in.tftpd)
CGroup: /system.slice/tftp.service
4177 /usr/sbin/in.tftpd -s /tftpboot

Apr 21 19:35:29 centos systemd[1]: Starting Tftp Server...
Apr 21 19:35:29 centos systemd[1]: Started Tftp Server.

[root@centos ~]# [root@centos ~]# cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}

[root@centos ~]# cat /usr/lib/systemd/system/tftp.service
[Unit]
Description=Tftp Server

[Service]
#ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot
ExecStart=/usr/sbin/in.tftpd -s /tftpboot
StandardInput=socket

[root@centos ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
#SELINUXTYPE=targeted
SELINUXTYPE=minimum

[root@centos ~]# cat /etc/xinetd.conf
#
# This is the master xinetd configuration file. Settings in the
# default section will be inherited by all service configurations
# unless explicitly overridden in the service configuration. See
# xinetd.conf in the man pages for a more detailed explanation of
# these attributes.

defaults
{
# The next two items are intended to be a quick access place to
# temporarily enable or disable services.
#
# enabled =
# disabled =
disabled = no

# Define general logging characteristics.
log_type = SYSLOG daemon info
log_on_failure = HOST
log_on_success = PID HOST DURATION EXIT

# Define access restriction defaults
#
# no_access =
# only_from =
# max_load = 0
cps = 50 10
instances = 50
per_source = 10

# Address and networking defaults
#
# bind =
# mdns = yes
v6only = no

# setup environmental attributes
#
# passenv =
groups = yes
umask = 002

# Generally, banners are not used. This sets up their global defaults
#
# banner =
# banner_fail =
# banner_success =
}

includedir /etc/xinetd.d

[root@centos ~]# chkconfig --list | grep tftp

Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.

If you want to list systemd services use 'systemctl list-unit-files'.
To see services enabled on particular target use
'systemctl list-dependencies [target]'.

tftp: on

[root@centos ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
#SELINUXTYPE=targeted
SELINUXTYPE=minimum

[root@centos etc]# chkconfig xinetd off
Note: Forwarding request to 'systemctl disable xinetd.service'.
rm '/etc/systemd/system/multi-user.target.wants/xinetd.service'

[root@centos etc]# chkconfig xinetd on
Note: Forwarding request to 'systemctl enable xinetd.service'.
ln -s '/usr/lib/systemd/system/xinetd.service' '/etc/systemd/system/multi-user.target.wants/xinetd.service'

[root@centos etc]# service xinetd start
Redirecting to /bin/systemctl start xinetd.service

[root@centos etc]# tftp 192.168.47.3
tftp> get testit
tftp> get testifle
tftp> quit

[root@centos etc]# cat testifle
now da time

[root@centos etc]# ls -ld /tftpboot
drwxrwxrwx. 2 nobody root 67 Apr 21 16:28 /tftpboot

[root@centos etc]# ls -l /tftpboot/*
-rwxrwxrwx. 1 root root 0 Apr 21 16:28 /tftpboot/lanrtr1-confg
-rwxrwxrwx 1 sumncguy wheel 12 Apr 21 14:42 /tftpboot/testifle
-rwxrwxrwx. 1 root root 0 Apr 21 08:29 /tftpboot/testit
-rwxrwxrwx. 1 root root 1216 Apr 21 09:13 /tftpboot/tftpts

Ive been trying to solve this problem for a few days now without luck. I havent been able to find a resource on the web that tells/gives me a step by step process to troubleshoot.

I am unable to tftp a router config back to this server.
I am able to ssh between the server and router.
I am able to tftp between my router and my UBUNTU server.

When attempting tftp transfer from router to server, I receive Time outs.

Any help would greatly appreciated.

Thanks alot !!!

btmiller · 04-22-2015, 06:59 AM

Did you check to make sure that UDP port 69 is allowed through the firewall? IIRC CentOS 7 ships with firewalld turned on and set to restrict access to every port except TCP/22 (SSH).

sumncguy · 04-22-2015, 08:04 AM

getenforced and sestatus both show disable .. that means that the firewall is turned off right ?

edited

also just executed service iptables status which shows inactive dead.

btmiller · 04-23-2015, 06:55 AM

Neither getenforced or SELinux in general have anything to do with the firewall. On CentOS7 iptables was replaced with firewalld (part of systemd) ... it's firewalld that's likely your problem.

sumncguy · 04-23-2015, 07:54 AM

Thanks fellas .. firewalld was the problem.

I am currently taking a NOS220 class and figured that there was something I didnt know about related to the "block". I posted this problem on a few different boards and everyone was pointing me to iptables. I service stopped and chkconfig off .. but no luck.

I stopped and slowed down. Because frankly I was getting pissed. I executed tftp 127.0.0.1 and copied a file locally. I noted that tftp was working locally and therefore it had to be the firewall. I was given a command by someone that didnt work for firewalld.

I asked myself what havent I done.
That answer was ... I didnt start x and use the gui. I want to stay away from that approach because X is rare in a true production environment on a server.

Once I hit the tftp check box and retried my router tftp .. WELLLAH !!

So for the benefit of those that may be reading this thread to fix the Timeout issue. Assuming tftp is setup correctly and the proper permissions and directory structure is in place ..

1. execute tftp locally
tftp 127.0.0.1
tftp>get <filename>
tftp>quit
cat <filename>

If you are able to successfully tftp locally.

2. To disable the firewall
sudo service firewalld stop sysV or systemctl stop firewalld.service
sudo chkconfig firewalld off for syv or systemctl disable firewalld.service

NOTE THIS TOTALLY DISABLES THE FIREWALL AND IS PROBABLY NOT A GOOD IDEA IN A PRODUCTION ENVIRONMENT.

Thanks again guys .. as usual you guys are gems !!