I install a tftp server about once every three years. As such I never remember what needs to happen, and this time a Google search didn’t have a nice answer for me. So, as my latest contribution to the world of HOWTOs, I present the non-idiot’s concise guide to installing and configuring a tftp server.
As always if you have suggestions or corrections just add them as comments, and I’ll update the text here.
This will give you the default /tftpboot directory. I assume that if you need a filesystem there you can handle adding one there on your own. :-) If you want to change the filesystem you can do that in /etc/xinetd.d/tftp, in the server_args field. Don’t forget to reload xinetd after you change it.
1. Install the tftp server software and enable it:
/sbin/chkconfig tftp on
3. Because it runs via xinetd reload that to pick up the configuration file change:
/sbin/service xinetd reload
4. Edit /etc/sysconfig/iptables-config and edit the IPTABLES_MODULES line to read:
If you already have something in that line just add the new module with a space as a delimiter, like:
5. Add firewall rules to /etc/sysconfig/iptables. You probably only need UDP, though I always add the TCP rules, too (they’re both listed in /etc/services for port 69):
-A RH-Firewall-1-INPUT -s 10.1.0.0/16 -m tcp -p tcp --dport 69 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.1.0.0/16 -m udp -p udp --dport 69 -j ACCEPT
(two lines here if it’s wrapping)
6. Restart iptables to pick up the changes from steps 4 and 5:
/sbin/service iptables restart
7. Add the proper lines to /etc/hosts.allow:
8. Put something in /tftpboot to retrieve with a client, for testing.
9. Use a client from an allowed IP range to test:
$ tftp my.tftp.server.com
tftp> get filename.bin
9. If you get an error check /var/log/secure and /var/log/messages on the server, and start eliminating potential problems one at a time (disable iptables, put ALL in hosts.allow, etc.) until you find the problem.