I install a tftp server about once every three years. As such I never remember what needs to happen, and this time a Google search didn’t have a nice answer for me. So, as my latest contribution to the world of HOWTOs, I present the non-idiot’s concise guide to installing and configuring a tftp server.
As always if you have suggestions or corrections just add them as comments, and I’ll update the text here.
This will give you the default /tftpboot directory. I assume that if you need a filesystem there you can handle adding one there on your own. 🙂 If you want to change the filesystem you can do that in /etc/xinetd.d/tftp, in the server_args field. Don’t forget to reload xinetd after you change it.
1. Install the tftp server software and enable it:
/usr/bin/up2date tftp-server
/sbin/chkconfig tftp on
3. Because it runs via xinetd reload that to pick up the configuration file change:
/sbin/service xinetd reload
4. Edit /etc/sysconfig/iptables-config and edit the IPTABLES_MODULES line to read:
IPTABLES_MODULES="ip_conntrack_tftp"
If you already have something in that line just add the new module with a space as a delimiter, like:
IPTABLES_MODULES="ip_conntrack_ftp ip_conntrack_tftp"
5. Add firewall rules to /etc/sysconfig/iptables. You probably only need UDP, though I always add the TCP rules, too (they’re both listed in /etc/services for port 69):
-A RH-Firewall-1-INPUT -s 10.1.0.0/16 -m tcp -p tcp --dport 69 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.1.0.0/16 -m udp -p udp --dport 69 -j ACCEPT
(two lines here if it’s wrapping)
6. Restart iptables to pick up the changes from steps 4 and 5:
/sbin/service iptables restart
7. Add the proper lines to /etc/hosts.allow:
in.tftpd: 10.1.
8. Put something in /tftpboot to retrieve with a client, for testing.
9. Use a client from an allowed IP range to test:
$ tftp my.tftp.server.com
tftp> get filename.bin
9. If you get an error check /var/log/secure and /var/log/messages on the server, and start eliminating potential problems one at a time (disable iptables, put ALL in hosts.allow, etc.) until you find the problem.
Have fun!
Great help! thank you.
Hi
i completed setup of tftpd server, and i give permissions to necessary folders, i dont use iptables, it is stopped, but still i dont use tftp server, connection opened but it closed suddenly, i could not find issue of this problem
logs are below
/var/log/messages
May 14 15:40:01 unicorn crond(pam_unix)[4962]: session opened for user root by (uid=0)
May 14 15:40:02 unicorn crond(pam_unix)[4962]: session closed for user root
May 14 15:41:00 unicorn sshd(pam_unix)[4971]: session opened for user root by root(uid=0)
———————————-
/var/log/secure
May 14 15:40:33 unicorn xinetd[4717]: START: tftp pid=4964 from=192.168.254.12
May 14 15:40:37 unicorn xinetd[4717]: START: tftp pid=4965 from=192.168.254.12
May 14 15:40:42 unicorn xinetd[4717]: START: tftp pid=4966 from=192.168.254.12
May 14 15:40:48 unicorn xinetd[4717]: START: tftp pid=4967 from=192.168.254.12
May 14 15:40:55 unicorn xinetd[4717]: START: tftp pid=4968 from=192.168.254.12
The best HOW-TO on setting up tftp on Linux, thank you and appreciate your effort.
This file
/etc/sysconfig/iptables
doesn’t exist for me.
When I created it and added those rules in and restart iptables, it gave me
Applying iptables firewall rules: iptables-restore: line 1 failed
I have a
Red Hat Enterprise Linux ES release 3 (Taroon Update 8)
Any help is appreciated.
(for RHEL 5.x – all other buyers beware)
You might want to create /etc/sysconfig/iptables first by doing:
service iptables save
add lines in there (and edit /etc/sysconfig/iptables-config) and restart it.
Also you might have issues with selinux. If you suspect it’s the case check out /var/log/audit/audit.log. You can set permissions (open) by “chcon -t public_content_t filename”
great tutorial BTW.
Thank you, Bob! Very precise write-up.
like a charm. especially the firewall bit.
thanks,
thanks for the help….its good one
Thanks for the illustrated steps. It really helped a lot.
Hey Bob, you might want to mention if anyone is installing Redhat Enterprise Linux 6.x the IPTABLES_MODULE is now called “nf_conntrack_tftp” vice “ip_conntrack_tftp and once you install the tftp-server, it is inserted into the /etc/sysconfig/iptables-config file automatically . They will just need to verify that it was inserted in the iptables-config file. Also, if you are actually usig SELINUX you will want to type the following command at the command prompt: setsebool -P tftpd_disable_trans=1. This will disable the SELINUX for the tftp daemon. Otherwise turn off SELINUX completely by typing: setsebool SELINUX. This command will toggle SELINUX on and off.