TFTP server, Fedora 24
2014-12-04 10:07![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
gdtThe major system management tools have altered in recent Fedora versions, so the long-remembered phrases no longer work. Here is how to install and make available to the world a TFTP server.
$ sudo pkcon install tftp tftp-server $ sudo cat <EOF >> /etc/hosts.allow in.tftpd: ALL EOF $ sudo firewall-cmd --add-service tftp $ sudo firewall-cmd --permanent --add-service tftp $ sudo systemctl enable tftp.socket $ sudo systemctl daemon-reload
Test with:
$ sudo cp example.bin /var/lib/tftpboot/
remote$ tftp server.example.com tftp> get example.bin tftp> quit
Use cp rather than mv so that SELinux sets the correct attribute on the file.
To see what is going on, use journalctl -f -l. You don't see much. Here's what a working download from the TFTP server looks like:
Jan 01 00:00:00 tftp-server.example.net in.tftpd[2]: RRQ from ::ffff:192.0.2.1 filename example.bin Jan 01 00:00:10 tftp-server.example.net in.tftpd[2]: Client :ffff:192.0.2.1 finished example.bin
To enable enough messages to see why a particular client is failing, to set a small blocksize to be compatible with a wide range of equipment, and to extend the timeout to allow enough time for routers with slow flash not to encounter confusing retransmissions, add the file /etc/systemd/system/tftp.service containing:
.include /lib/systemd/system/tftp.service [Service] ExecStart= ExecStart=/usr/sbin/in.tftpd --blocksize 1468 --retransmit 2000000 --verbose --secure /var/lib/tftpboot
If you want to use a different directory for the files the make sure you get your SELinux labelling correct. There are two setsebool nerb knobs: tftp_anon_write is needed to allow writing (along with changing flags on the daemon command line and getting the Unix permissions correct); and tftp_home_dir loosens the type matching enough so that a user home directory can do TFTP.
Consider that between Fedora 14 (2010) and Fedora 22 (2015) the package installation command, firewall configuration and init system configuration and log viewing of this common systems administration task all change. I wonder if that invalidation of years of practice accounts for some of the opposition to those changes.
no subject
Date: 2015-06-02 04:08 (UTC)no subject
Date: 2015-10-15 11:54 (UTC)Thank Lennart Poettering for much of this.
no subject
Date: 2015-12-02 05:38 (UTC)$ ls -Zd /var/lib/tftpboot/
drwxr-xr-x. root root system_u:object_r:tftpdir_rw_t:s0 /var/lib/tftpboot/
Your /home/xxx/Public directory won't have the same type:
$ ls -Zd Public/
drwxr-xr-x. vk5tu vk5tu unconfined_u:object_r:user_home_t:s0 Public/
Thank Lennart Poettering for much of this.
Um, no. Because you can't make something work that doesn't mean that (1) it is someone else's fault and (2) that personal attacks are *ever* OK. I used to enjoy working in the kernel community, and then on distributions. But these days I simply choose not to participate because I don't need the negative feelings which come from drive-by comments like this one.