How to Install a tftp Server on Red Hat Enterprise Linux

Bob Plankers October 29, 2007

How To

I install a tftp server about once every three years. As such I never remember what needs to happen, and this time a Google search didn’t have a nice answer for me. So, as my latest contribution to the world of HOWTOs, I present the non-idiot’s concise guide to installing and configuring a tftp server.

As always if you have suggestions or corrections just add them as comments, and I’ll update the text here.

This will give you the default /tftpboot directory. I assume that if you need a filesystem there you can handle adding one there on your own. :-) If you want to change the filesystem you can do that in /etc/xinetd.d/tftp, in the server_args field. Don’t forget to reload xinetd after you change it.

1. Install the tftp server software and enable it:

/usr/bin/up2date tftp-server
/sbin/chkconfig tftp on

3. Because it runs via xinetd reload that to pick up the configuration file change:

/sbin/service xinetd reload

4. Edit /etc/sysconfig/iptables-config and edit the IPTABLES_MODULES line to read:

IPTABLES_MODULES="ip_conntrack_tftp"

If you already have something in that line just add the new module with a space as a delimiter, like:

IPTABLES_MODULES="ip_conntrack_ftp ip_conntrack_tftp"

5. Add firewall rules to /etc/sysconfig/iptables. You probably only need UDP, though I always add the TCP rules, too (they’re both listed in /etc/services for port 69):

-A RH-Firewall-1-INPUT -s 10.1.0.0/16 -m tcp -p tcp --dport 69 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.1.0.0/16 -m udp -p udp --dport 69 -j ACCEPT

(two lines here if it’s wrapping)

6. Restart iptables to pick up the changes from steps 4 and 5:

/sbin/service iptables restart

7. Add the proper lines to /etc/hosts.allow:

in.tftpd: 10.1.

8. Put something in /tftpboot to retrieve with a client, for testing.

9. Use a client from an allowed IP range to test:

$ tftp my.tftp.server.com
tftp> get filename.bin

9. If you get an error check /var/log/secure and /var/log/messages on the server, and start eliminating potential problems one at a time (disable iptables, put ALL in hosts.allow, etc.) until you find the problem.

Have fun!

Comments on this entry are closed.

  • vince Link January 30, 2008, 9:15 AM

    Great help! thank you.

  • servet Link May 14, 2008, 7:43 AM

    Hi
    i completed setup of tftpd server, and i give permissions to necessary folders, i dont use iptables, it is stopped, but still i dont use tftp server, connection opened but it closed suddenly, i could not find issue of this problem

    logs are below

    /var/log/messages
    May 14 15:40:01 unicorn crond(pam_unix)[4962]: session opened for user root by (uid=0)
    May 14 15:40:02 unicorn crond(pam_unix)[4962]: session closed for user root
    May 14 15:41:00 unicorn sshd(pam_unix)[4971]: session opened for user root by root(uid=0)
    ———————————-
    /var/log/secure
    May 14 15:40:33 unicorn xinetd[4717]: START: tftp pid=4964 from=192.168.254.12
    May 14 15:40:37 unicorn xinetd[4717]: START: tftp pid=4965 from=192.168.254.12
    May 14 15:40:42 unicorn xinetd[4717]: START: tftp pid=4966 from=192.168.254.12
    May 14 15:40:48 unicorn xinetd[4717]: START: tftp pid=4967 from=192.168.254.12
    May 14 15:40:55 unicorn xinetd[4717]: START: tftp pid=4968 from=192.168.254.12

  • Kamal Wijesekara Link August 31, 2008, 9:02 AM

    The best HOW-TO on setting up tftp on Linux, thank you and appreciate your effort.

  • Kurt Link November 25, 2008, 3:27 PM

    This file
    /etc/sysconfig/iptables
    doesn’t exist for me.
    When I created it and added those rules in and restart iptables, it gave me

    Applying iptables firewall rules: iptables-restore: line 1 failed

    I have a

    Red Hat Enterprise Linux ES release 3 (Taroon Update 8)

    Any help is appreciated.

  • edcrosbys Link January 8, 2009, 8:31 PM

    (for RHEL 5.x – all other buyers beware)

    You might want to create /etc/sysconfig/iptables first by doing:
    service iptables save
    add lines in there (and edit /etc/sysconfig/iptables-config) and restart it.

    Also you might have issues with selinux. If you suspect it’s the case check out /var/log/audit/audit.log. You can set permissions (open) by “chcon -t public_content_t filename”

    great tutorial BTW.

  • Gilbert Link February 1, 2009, 9:14 AM

    Thank you, Bob! Very precise write-up.

  • lquid Link July 2, 2009, 11:33 PM

    like a charm. especially the firewall bit.

    thanks,

  • viplvoe sharma Link October 17, 2009, 4:39 AM

    thanks for the help….its good one

  • Anindo Banerji Link March 13, 2012, 7:06 AM

    Thanks for the illustrated steps. It really helped a lot.

  • Cedric Traylor Link February 13, 2013, 4:52 PM

    Hey Bob, you might want to mention if anyone is installing Redhat Enterprise Linux 6.x the IPTABLES_MODULE is now called “nf_conntrack_tftp” vice “ip_conntrack_tftp and once you install the tftp-server, it is inserted into the /etc/sysconfig/iptables-config file automatically . They will just need to verify that it was inserted in the iptables-config file. Also, if you are actually usig SELINUX you will want to type the following command at the command prompt: setsebool -P tftpd_disable_trans=1. This will disable the SELINUX for the tftp daemon. Otherwise turn off SELINUX completely by typing: setsebool SELINUX. This command will toggle SELINUX on and off.

Previous Post:

Next Post:

Subscribe to this Blog

Enter your email address to subscribe to this blog and receive notifications of new posts by email. Alternately, subscribe via RSS in your favorite newsreader.