[personal profile] gdt

The major system management tools have altered in recent Fedora versions, so the long-remembered phrases no longer work. Here is how to install and make available to the world a TFTP server.

$ sudo pkcon install tftp tftp-server
$ sudo cat <EOF >> /etc/hosts.allow
in.tftpd: ALL
$ sudo firewall-cmd --add-service tftp
$ sudo firewall-cmd --permanent --add-service tftp
$ sudo systemctl enable tftp.socket
$ sudo systemctl daemon-reload

Test with:

$ sudo cp example.bin /var/lib/tftpboot/
remote$ tftp server.example.com
tftp> get example.bin
tftp> quit

Use cp rather than mv so that SELinux sets the correct attribute on the file.

To see what is going on, use journalctl -f -l. You don't see much. Here's what a working download from the TFTP server looks like:

Jan 01 00:00:00 tftp-server.example.net in.tftpd[2]: RRQ from ::ffff: filename example.bin
Jan 01 00:00:10 tftp-server.example.net in.tftpd[2]: Client :ffff: finished example.bin

To enable enough messages to see why a particular client is failing, to set a small blocksize to be compatible with a wide range of equipment, and to extend the timeout to allow enough time for routers with slow flash not to encounter confusing retransmissions, add the file /etc/systemd/system/tftp.service containing:

.include /lib/systemd/system/tftp.service
ExecStart=/usr/sbin/in.tftpd --blocksize 1468 --retransmit 2000000 --verbose --secure /var/lib/tftpboot

If you want to use a different directory for the files the make sure you get your SELinux labelling correct. There are two setsebool nerb knobs: tftp_anon_write is needed to allow writing (along with changing flags on the daemon command line and getting the Unix permissions correct); and tftp_home_dir loosens the type matching enough so that a user home directory can do TFTP.

Consider that between Fedora 14 (2010) and Fedora 22 (2015) the package installation command, firewall configuration and init system configuration and log viewing of this common systems administration task all change. I wonder if that invalidation of years of practice accounts for some of the opposition to those changes.

Date: 2015-06-02 04:08 (UTC)
From: (Anonymous)
From the client side, it is also important to disable firewall. Otherwise, the "No route to host" error will be logged by tftpd.

Date: 2015-10-15 11:54 (UTC)
From: (Anonymous)
Can you please help with some hints on how I could get this to work with a different directory? Looking in /usr/lib/system/system/tftp.service I want to change to something like /usr/sbin/in.tftpd -s /home/xxx/Public but I can't get it to work :-(

Thank Lennart Poettering for much of this.

Date: 2015-12-02 05:38 (UTC)
From: [identity profile] vk5tu.livejournal.com
Look to your SELinux labelling.

$ ls -Zd /var/lib/tftpboot/
drwxr-xr-x. root root system_u:object_r:tftpdir_rw_t:s0 /var/lib/tftpboot/

Your /home/xxx/Public directory won't have the same type:

$ ls -Zd Public/
drwxr-xr-x. vk5tu vk5tu unconfined_u:object_r:user_home_t:s0 Public/

Thank Lennart Poettering for much of this.

Um, no. Because you can't make something work that doesn't mean that (1) it is someone else's fault and (2) that personal attacks are *ever* OK. I used to enjoy working in the kernel community, and then on distributions. But these days I simply choose not to participate because I don't need the negative feelings which come from drive-by comments like this one.


Glen Turner

August 2017

27 28293031  

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated 2017-10-20 23:30
Powered by Dreamwidth Studios