On 10 October 2011 22:20, Frantisek Hanzlik <fra...@hanzlici.cz> wrote:
> Aaron Gray wrote: > ... > > > > 4) if You use firewall (iptables), You should load nf_conntrack_tftp > module, > > for tracking ephemeral ports. That means > /etc/sysconfig/iptables-config should > > contain line as: > > ... > > IPTABLES_MODULES="nf_conntrack_tftp" > > ... > > (other module is for NATting tftp connection) > > > > > > using localhost > > loopback (lo interface) is subject to firewall rules too. And Your tcpdump > below show IP addresses 192.168.0.4 and 192.168.0.5 - they perhaps are not > at lo loopback interface? > Have You firewall active? > I wrote a firewall rule :- -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT > > > > > > > > 5) /var/log/messages should contain entries as: > > Oct 10 20:28:32 ns xinetd[1908]: START: tftp pid=5315 > from=192.168.1.22 > > Oct 10 20:28:42 ns xinetd[1908]: EXIT: tftp status=0 pid=5315 > duration=10(sec) > > > > > > Oct 10 21:09:07 gold xinetd[13402]: Exiting... > > Oct 10 21:09:12 gold xinetd[13650]: xinetd Version 2.3.14 started with > libwrap loadavg > > labeled-networking options compiled in. > > Oct 10 21:09:12 gold xinetd[13650]: Started working: 1 available service > > There isn't nothing about that xinetd starts tftp daemon. Mentioned > "1 available service" is tftp? > This command show only tftp: > > # grep '^[[:blank:]]*disable.*no' /etc/xinetd.d/* > /etc/xinetd.d/tftp: disable = no > I tested it and it is the only xinetd demon running > > Next command display some similar at Your server?: > # netstat -a -n -p --ip|grep 69 > udp 0 0 0.0.0.0:69 0.0.0.0:* 1595/xinetd > > Can You post Your "/etc/xinetd.d/tftp" file? > Attached. > > > > > is all I am getting in messages > > > > Checked tfpt is the only one enabled > > > > > > > > > > 6) tcpdump on relevant interface (here eth0) should display traffic, > > at minimal incomming packet: > > # tcpdump -i eth0 -l -nn udp port 69 > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > decode > > listening on eth0, link-type EN10MB (Ethernet), capture size 65535 > bytes > > 20:43:13.612200 IP 192.168.1.22.58949 > 192.168.1.254.69: 17 RRQ > "b.log" netascii > > > > > > [root@xxxxx /]# tcpdump -i em1 -l -nn udp port 69 > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > decode > > listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes > > 21:33:08.653033 IP 192.168.0.5.47352 > 192.168.0.4.69: 19 RRQ "vmlinuz" > netascii > > 21:33:13.653306 IP 192.168.0.5.47352 > 192.168.0.4.69: 19 RRQ "vmlinuz" > netascii > > 21:33:18.653565 IP 192.168.0.5.47352 > 192.168.0.4.69: 19 RRQ "vmlinuz" > netascii > > 21:33:23.653963 IP 192.168.0.5.47352 > 192.168.0.4.69: 19 RRQ "vmlinuz" > netascii > > 21:33:28.654212 IP 192.168.0.5.47352 > 192.168.0.4.69: 19 RRQ "vmlinuz" > netascii > > ^C > > 5 packets captured > > 5 packets received by filter > > 0 packets dropped by kernel > > It isn't traffic at localhost, as You wrote above, em1 is external > interface. > No I tried it remote because I did not know how to use tcpdump locally without reading the manual and I had another machine handy. The F15 laptop that does run tftp fine with the same xinetd.d/tftp configuration file thats why I am so confused ! > With default timeout (900 sec=15min), You should be seing tftp running. > E.g. "ps xa|grep tftp" should display it. But there isn't line in messages > that xinetd start tftp daemon. > > Most likely there is firewall or SELinux blocking incomming packets - can > You stop them? > Tried that before with F14, made no difference, but I will try again. > > tcpdump usualy not display something other than first packet, as next > dialog > (second and next packets) run at ephemeral port. > > > > > Well thats it I am stumped tftp seem to be running but ignoring requests > > > > Aaron > > > Franta >
tftp
Description: Binary data
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines