How to Install a tftp Server on Red Hat Enterprise Linux

I install a tftp server about once every three years. As such I never remember what needs to happen, and this time a Google search didn’t have a nice answer for me. So, as my latest contribution to the world of HOWTOs, I present the non-idiot’s concise guide to installing and configuring a tftp server.

As always if you have suggestions or corrections just add them as comments, and I’ll update the text here.

This will give you the default /tftpboot directory. I assume that if you need a filesystem there you can handle adding one there on your own. :-) If you want to change the filesystem you can do that in /etc/xinetd.d/tftp, in the server_args field. Don’t forget to reload xinetd after you change it.

1. Install the tftp server software and enable it:

/usr/bin/up2date tftp-server
/sbin/chkconfig tftp on

3. Because it runs via xinetd reload that to pick up the configuration file change:

/sbin/service xinetd reload

4. Edit /etc/sysconfig/iptables-config and edit the IPTABLES_MODULES line to read:


If you already have something in that line just add the new module with a space as a delimiter, like:

IPTABLES_MODULES="ip_conntrack_ftp ip_conntrack_tftp"

5. Add firewall rules to /etc/sysconfig/iptables. You probably only need UDP, though I always add the TCP rules, too (they’re both listed in /etc/services for port 69):

-A RH-Firewall-1-INPUT -s -m tcp -p tcp --dport 69 -j ACCEPT
-A RH-Firewall-1-INPUT -s -m udp -p udp --dport 69 -j ACCEPT

(two lines here if it’s wrapping)

6. Restart iptables to pick up the changes from steps 4 and 5:

/sbin/service iptables restart

7. Add the proper lines to /etc/hosts.allow:

in.tftpd: 10.1.

8. Put something in /tftpboot to retrieve with a client, for testing.

9. Use a client from an allowed IP range to test:

$ tftp
tftp> get filename.bin

9. If you get an error check /var/log/secure and /var/log/messages on the server, and start eliminating potential problems one at a time (disable iptables, put ALL in hosts.allow, etc.) until you find the problem.

Have fun!

Comments on this entry are closed.

  • Great help! thank you.

  • Hi
    i completed setup of tftpd server, and i give permissions to necessary folders, i dont use iptables, it is stopped, but still i dont use tftp server, connection opened but it closed suddenly, i could not find issue of this problem

    logs are below

    May 14 15:40:01 unicorn crond(pam_unix)[4962]: session opened for user root by (uid=0)
    May 14 15:40:02 unicorn crond(pam_unix)[4962]: session closed for user root
    May 14 15:41:00 unicorn sshd(pam_unix)[4971]: session opened for user root by root(uid=0)
    May 14 15:40:33 unicorn xinetd[4717]: START: tftp pid=4964 from=
    May 14 15:40:37 unicorn xinetd[4717]: START: tftp pid=4965 from=
    May 14 15:40:42 unicorn xinetd[4717]: START: tftp pid=4966 from=
    May 14 15:40:48 unicorn xinetd[4717]: START: tftp pid=4967 from=
    May 14 15:40:55 unicorn xinetd[4717]: START: tftp pid=4968 from=

  • The best HOW-TO on setting up tftp on Linux, thank you and appreciate your effort.

  • This file
    doesn’t exist for me.
    When I created it and added those rules in and restart iptables, it gave me

    Applying iptables firewall rules: iptables-restore: line 1 failed

    I have a

    Red Hat Enterprise Linux ES release 3 (Taroon Update 8)

    Any help is appreciated.

  • (for RHEL 5.x – all other buyers beware)

    You might want to create /etc/sysconfig/iptables first by doing:
    service iptables save
    add lines in there (and edit /etc/sysconfig/iptables-config) and restart it.

    Also you might have issues with selinux. If you suspect it’s the case check out /var/log/audit/audit.log. You can set permissions (open) by “chcon -t public_content_t filename”

    great tutorial BTW.

  • Thank you, Bob! Very precise write-up.

  • like a charm. especially the firewall bit.


  • thanks for the help….its good one

  • Thanks for the illustrated steps. It really helped a lot.

  • Hey Bob, you might want to mention if anyone is installing Redhat Enterprise Linux 6.x the IPTABLES_MODULE is now called “nf_conntrack_tftp” vice “ip_conntrack_tftp and once you install the tftp-server, it is inserted into the /etc/sysconfig/iptables-config file automatically . They will just need to verify that it was inserted in the iptables-config file. Also, if you are actually usig SELINUX you will want to type the following command at the command prompt: setsebool -P tftpd_disable_trans=1. This will disable the SELINUX for the tftp daemon. Otherwise turn off SELINUX completely by typing: setsebool SELINUX. This command will toggle SELINUX on and off.

%d bloggers like this: