Re: tftp - no route to host

[lilit-aibolit]

On 05/01/2011 10:13 AM, Henning Brauer wrote:

* Emille Blancsar...@sarlok.com  [2011-04-30 19:56]:

since TFTP uses UDP, pf won't create a state

wrong.


Hello, I'm stuck again with no route to host
# uname -a
OpenBSD gw 5.2 GENERIC.MP#339 i386
# ls -la /usr/tftpboot/
total 12728
drwxrwxrwx   2 root  wheel  512 Jan 10 15:36 .
drwxr-xr-x  18 root  wheel  512 Jan 10 14:48 ..
-rwxrwxrwx   1 root  wheel3 Jan 10 15:35 1.txt
-rwxrwxrwx   1 root  wheel  6427696 Feb 13  2012 bsd.rd
-rwxrwxrwx   1 root  wheel53732 Feb 13  2012 pxeboot
# pfctl -sr | grep 69
pass in quick on em0 inet proto udp from any to any port = 69
pass out quick on em0 inet proto udp from any to any port = 69

from localhost:
# tftp
tftp connect 192.168.5.254
tftp get 1.txt
Received 3 bytes in 0.0 seconds
tftp get pxeboot
Received 54044 bytes in 0.0 seconds
tftp quit
# ls -la | grep 1.txt
-rw-r--r--   1 root  wheel3 Jan 10 17:14 1.txt
# ls -la | grep pxeboot
-rw-r--r--   1 root  wheel53732 Jan 10 17:14 pxeboot

from remote PC:
admin:~/Downloads$ tftp
tftp connect gw
tftp status
Connected to gw.
Mode: netascii Verbose: off Tracing: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp mode binary
tftp status
Connected to gw.
Mode: octet Verbose: off Tracing: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp get 1.txt
^C
tftp

on tftpd host:
# ping 192.168.5.1
PING 192.168.5.1 (192.168.5.1): 56 data bytes
64 bytes from 192.168.5.1: icmp_seq=0 ttl=64 time=0.524 ms
...
# tftpd -4dv -l 192.168.5.254 /usr/tftpboot
tftpd: 192.168.5.254: read request for '1.txt'   # can get files 
locally

tftpd: 192.168.5.254: read request for 'pxeboot' # can get files locally
tftpd: 192.168.5.1: read request for '1.txt'   # can get 
files remotely

tftpd: send(block): No route to host
tftpd: 192.168.5.1: read request for '1.txt'
tftpd: send(block): No route to host
tftpd: 192.168.5.1: read request for '1.txt'
tftpd: send(block): No route to host
# tcpdump -i em0 -p udp 'port 69'
tcpdump: listening on em0, link-type EN10MB
17:21:38.462907 admin.40154  gw.tftp: 14 RRQ 1.txt (DF)
17:21:43.462961 admin.40154  gw.tftp: 14 RRQ 1.txt (DF)
17:21:48.463020 admin.40154  gw.tftp: 14 RRQ 1.txt (DF)
^C
8554 packets received by filter
0 packets dropped by kernel
# fstat | grep internet | grep tftpd
_tftpd   tftpd  181603* internet dgram udp 192.168.5.254:69

Re: tftp - no route to host (Solved)

[lilit-aibolit]

On 01/10/2013 05:24 PM, lilit-aibolit wrote:

On 05/01/2011 10:13 AM, Henning Brauer wrote:

* Emille Blancsar...@sarlok.com  [2011-04-30 19:56]:

since TFTP uses UDP, pf won't create a state

wrong.


Hello, I'm stuck again with no route to host
# uname -a
OpenBSD gw 5.2 GENERIC.MP#339 i386
# ls -la /usr/tftpboot/
total 12728
drwxrwxrwx   2 root  wheel  512 Jan 10 15:36 .
drwxr-xr-x  18 root  wheel  512 Jan 10 14:48 ..
-rwxrwxrwx   1 root  wheel3 Jan 10 15:35 1.txt
-rwxrwxrwx   1 root  wheel  6427696 Feb 13  2012 bsd.rd
-rwxrwxrwx   1 root  wheel53732 Feb 13  2012 pxeboot
# pfctl -sr | grep 69
pass in quick on em0 inet proto udp from any to any port = 69
pass out quick on em0 inet proto udp from any to any port = 69

from localhost:
# tftp
tftp connect 192.168.5.254
tftp get 1.txt
Received 3 bytes in 0.0 seconds
tftp get pxeboot
Received 54044 bytes in 0.0 seconds
tftp quit
# ls -la | grep 1.txt
-rw-r--r--   1 root  wheel3 Jan 10 17:14 1.txt
# ls -la | grep pxeboot
-rw-r--r--   1 root  wheel53732 Jan 10 17:14 pxeboot

from remote PC:
admin:~/Downloads$ tftp
tftp connect gw
tftp status
Connected to gw.
Mode: netascii Verbose: off Tracing: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp mode binary
tftp status
Connected to gw.
Mode: octet Verbose: off Tracing: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp get 1.txt
^C
tftp

on tftpd host:
# ping 192.168.5.1
PING 192.168.5.1 (192.168.5.1): 56 data bytes
64 bytes from 192.168.5.1: icmp_seq=0 ttl=64 time=0.524 ms
...
# tftpd -4dv -l 192.168.5.254 /usr/tftpboot
tftpd: 192.168.5.254: read request for '1.txt'   # can get 
files locally
tftpd: 192.168.5.254: read request for 'pxeboot' # can get files 
locally
tftpd: 192.168.5.1: read request for '1.txt'   # can get 
files remotely

tftpd: send(block): No route to host
tftpd: 192.168.5.1: read request for '1.txt'
tftpd: send(block): No route to host
tftpd: 192.168.5.1: read request for '1.txt'
tftpd: send(block): No route to host
# tcpdump -i em0 -p udp 'port 69'
tcpdump: listening on em0, link-type EN10MB
17:21:38.462907 admin.40154  gw.tftp: 14 RRQ 1.txt (DF)
17:21:43.462961 admin.40154  gw.tftp: 14 RRQ 1.txt (DF)
17:21:48.463020 admin.40154  gw.tftp: 14 RRQ 1.txt (DF)
^C
8554 packets received by filter
0 packets dropped by kernel
# fstat | grep internet | grep tftpd
_tftpd   tftpd  181603* internet dgram udp 192.168.5.254:69




I fix this by changing from
pass out quick on em0 inet proto udp from any to any port = 69
to
pass out quick on em0 inet proto udp from $int_if to $local_net
Is this right? Maybe I don't want to allow all udp traffic from my gateway.

Re: tftp - no route to host

[Otto Moerbeek]

On Sat, Apr 30, 2011 at 10:52:21AM -0700, Emille Blanc wrote:

 On 11-04-29 12:08 AM, pavel pocheptsov wrote:
 pass in on $int_if inet proto udp from any to $int_if port tftp
 You do have a pass out rule in pf, right?
 I'm assuming you have a default block in place somewhere, and since
 TFTP uses UDP, pf won't create a state so you'll need an explicit
 pass out.

Wrong. UDP does use states, see pf.conf(4):

pf(4) will also create state for other protocols which are effectively
stateless by nature.  UDP packets are matched to states using only
host addresses and ports, and other protocols are matched to states
using only the host addresses. 

-Otto

Re: tftp - no route to host

[Janne Johansson]

2011/4/29 pavel pocheptsov lilit-aibo...@mail.ru

 openbsd 4.8
 # cat /etc/pf.conf | grep tftp
 pass in on $int_if inet proto udp from any to $int_if port tftp
 # tftp 127.0.0.1


127.0.0.1 would not be on the $int_if, would it?

-- 
 To our sweethearts and wives.  May they never meet. -- 19th century toast

Re: tftp - no route to host

[lilit-aibolit]

Janne Johansson PI[ET:



2011/4/29 pavel pocheptsov lilit-aibo...@mail.ru 
mailto:lilit-aibo...@mail.ru


openbsd 4.8
# cat /etc/pf.conf | grep tftp
pass in on $int_if inet proto udp from any to $int_if port tftp
# tftp 127.0.0.1


127.0.0.1 would not be on the $int_if, would it?

--
 To our sweethearts and wives.  May they never meet. -- 19th century toast

yes, but from localhost I just test it,
and connect to $int_if is work too:

# tftp 192.168.15.6
tftp get ekey
Received 40 bytes in 0.0 seconds
tftp quit

problem with connect another machine from 192.168.15.0/24
to tftpd on 192.168.15.6

Re: tftp - no route to host

[Evgeniy Sudyr]

Pavel,

1) Are you sure that you uncommented tftpd in inetd.conf ? Is inetd started ?
2) netstat -na | grep 69
3) tcpdump -ni lo port 69
4) check PF rules as Janne wrote before (maybe you need to pass or
just skip on lo). Btw, does it make any sense to use TFTP on localhost
? :)

--
Thanks!
Eugene Sudyr

On Fri, Apr 29, 2011 at 10:48 AM, Janne Johansson icepic...@gmail.com
wrote:
 2011/4/29 pavel pocheptsov lilit-aibo...@mail.ru

 openbsd 4.8
 # cat /etc/pf.conf | grep tftp
 pass in on $int_if inet proto udp from any to $int_if port tftp
 # tftp 127.0.0.1


 127.0.0.1 would not be on the $int_if, would it?

 --
 B To our sweethearts and wives. B May they never meet. -- 19th century
toast





--
--
With regards,
Eugene Sudyr

Re: tftp - no route to host

[Evgeniy Sudyr]

Sorry, I've missed your netstat output, ignore part of my previous mail :)

On Fri, Apr 29, 2011 at 12:33 PM, Evgeniy Sudyr eject.in...@gmail.com
wrote:
 Pavel,

 1) Are you sure that you uncommented tftpd in inetd.conf ? Is inetd started
?
 2) netstat -na | grep 69
 3) tcpdump -ni lo port 69
 4) check PF rules as Janne wrote before (maybe you need to pass or
 just skip on lo). Btw, does it make any sense to use TFTP on localhost
 ? :)

 --
 Thanks!
 Eugene Sudyr

 On Fri, Apr 29, 2011 at 10:48 AM, Janne Johansson icepic...@gmail.com
wrote:
 2011/4/29 pavel pocheptsov lilit-aibo...@mail.ru

 openbsd 4.8
 # cat /etc/pf.conf | grep tftp
 pass in on $int_if inet proto udp from any to $int_if port tftp
 # tftp 127.0.0.1


 127.0.0.1 would not be on the $int_if, would it?

 --
 B To our sweethearts and wives. B May they never meet. -- 19th century
toast





 --
 --
 With regards,
 Eugene Sudyr




--
--
With regards,
Eugene Sudyr

Re: tftp - no route to host

[lilit-aibolit]

Evgeniy Sudyr P?P8QP5Q:

Pavel,

1) Are you sure that you uncommented tftpd in inetd.conf ? Is inetd started ?
2) netstat -na | grep 69
3) tcpdump -ni lo port 69
4) check PF rules as Janne wrote before (maybe you need to pass or
just skip on lo). Btw, does it make any sense to use TFTP on localhost
? :)

--
Thanks!
Eugene Sudyr
  

# tcpdump -i rl0 | grep 192.168.15.6.tftp
tcpdump: listening on rl0, link-type EN10MB
17:55:51.398535 192.168.15.7.1117  192.168.15.6.tftp: 16 RRQ ekey
17:55:52.400286 192.168.15.7.1117  192.168.15.6.tftp: 16 RRQ ekey

# tail /var/log/daemon
Apr 29 17:54:14 ipsec2 dhcpd[24382]: DHCPREQUEST for 192.168.15.155 from 
6c:62:6d:0c:56:f9 via rl0
Apr 29 17:54:14 ipsec2 dhcpd[24382]: DHCPACK on 192.168.15.155 to 
6c:62:6d:0c:56:f9 via rl0

Apr 29 17:54:55 ipsec2 tftpd[17823]: send: No route to host
Apr 29 17:54:56 ipsec2 tftpd[7381]: send: No route to host
Apr 29 17:54:58 ipsec2 tftpd[21669]: send: No route to host
Apr 29 17:55:22 ipsec2 dhcpd[24382]: DHCPINFORM from 192.168.15.155
Apr 29 17:55:22 ipsec2 dhcpd[24382]: DHCPACK on 192.168.15.155 to 
6c:62:6d:0c:56:f9 via rl0

Apr 29 17:55:51 ipsec2 tftpd[5857]: send: No route to host
Apr 29 17:55:52 ipsec2 tftpd[30407]: send: No route to host
Apr 29 17:55:54 ipsec2 tftpd[7320]: send: No route to host