The Trivial File Transfer Protocol (TFTP) is normally used only for booting diskless workstations. The tftp-server package provides the server for TFTP, which allows users to transfer files to and from a remote machine. TFTP provides very little security, and should not be enabled unless it is expressly needed. The TFTP server is run from /etc/xinetd.d/tftp, and is disabled by default on Red Hat Linux systems.
The TFTP protocol is extensively used to support remote booting of diskless devices. The server is normally started by inetd, but can also run standalone.
Here's an entry that covers few easy steps on creating a working TFTP server from Fedora.
First, install TFTP software using yum
# yum -y install tftp-server
If you have an existing TFTP server, you can upgrade tftp by issuing
# yum -y upgrade tftp-server
Using xinetd, configuring tftp config file /etc/xinetd.d/tftp would be like so
# cd /etc/xinetd.d
# cat tftp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
service tftp
{
socket_type = dgram
protocol = udp
wait = no
user = root
server = /usr/sbin/in.tftpd
server_args = -s -c /tftpboot -u nobody
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
TFTP Additional Security
========================
Be informed that TFTP access and services does not require account authentcation from the server. Due to the lack of authentication information, tftpd will allow only publicly readable files (o+r) to be accessed, unless the -p option is specified.
TFTP with TCPWrapper
~~~~~~~~~~~~~~~~~~~~
/etc/hosts.allow allows a specific IP address for accessing the TFTP server and /etc/hosts.deny denies any other IP address via TCP wrappers. Similar lines should be presentr from both files.
# echo "in.tftpd: 123.123.123.123" >> /etc/hosts.allow
# echo "in.tftpd: ALL" >> /etc/hosts.deny
TFTP with IPTables
~~~~~~~~~~~~~~~~~~
Here's a single entry from my /etc/sysconfig/iptables . This line allow TFTP access into a TFTP server via port 69. A similar line should exists from your /etc/sysconfig/iptables or firewall as shown below:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-A RH-Firewall-1-INPUT -p udp -m udp --dport 69 -j ACCEPT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
TFTP CLIENT TO SERVER CONNECTIVITY TEST
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Make sure the TFTP client is not being being block by the TFTP server like so
# ping tftp.client.ip.address
# route del -host tftp.client.ip.address reject
By default TFTP package installation, all uploaded files to TFTP server are being stored under /tftpboot folder. By default installation, /tftpboot are owned by root with root group access.
Let's modify that to look like
# chown nobody.nobody /tftpboot -R
# chmod 600 /tftpboot
TFTP SERVICE VERIFICATION
~~~~~~~~~~~~~~~~~~~~~~~~~
Simply verify your TFTP service and port if they are currently being served and active, like so
# netstat -lap | grep ftp
# ss -ua | grep tftp
Launch TFTP daemon service
~~~~~~~~~~~~~~~~~~~~~~~~~~
Restart your iptables firewall and xinetd daemon service like so
# service xinetd restart
# service iptables restart
Try to upload a file to your TFTP server using a tftp client software.
With the above settings, you should be able to access, upload and download files from and into your TFTP server. This can be handy also when backing up data from your appliances like cisco routers and the like, which supports TFTP upload and download access.
Did you noticed an intersting floating half-rounded black box around this site too?
Subscription
Categories
- HowTos (612)
- Linux Devices (40)
- Linux Diggs (620)
- Linux News (1541)
- Linux Videos (24)
Recent Posts
Blog Archive
-
▼
2007
(340)
-
▼
September
(58)
- Dear Linux SysAd Blog Readers
- Proactive monitoring from linux terminal
- deleting new lines and return line from text file
- Google chat setup using PSI howto
- PSI messenger - a truly promising open messaging a...
- Google chat setup using GAIM Pidgin howto
- Linux command line shell variables defined
- ls - displaying directory contents in many ways
- Control of alternative linux executables
- Searching using whereis linux command
- Witchy which linux command
- NeroLinux - diehard Nero burning software
- Google Sky - Explore and Rediscover the Sky
- Celestia - 3D Earth and Sky visualization
- Earth3D - real-time 3D Earth visualization
- GcStar - managing personal collection items
- DStat - resource statistics linux tool
- Bandwidth Monitor-NG - terminal-based interface ba...
- KNemo - KDE network interface monitoring tool
- EtherApe - graphical network activity monitoring tool
- Beauty of Math using Linux
- print leading/trailing lines before/after a matchi...
- Nagios Monitoring - install and generic setup howto
- ChRT- change real-time attribute process scheduling
- squeezed out multiple commented lines
- UNIX to DOS text file format converter
- totally squeezed out multiple blank lines
- squeezed multiple blank lines into single line
- fmt - simple optimal text formatter
- Linux backup powered by RDiff-Backup
- Linux Ping command explained
- read and display text file from terminal
- URLView - URL and email extractor
- TFTP server - setup and install howto
- NMap - Linux port scanning
- removing garbage characters from screen terminal
- invert string match using grep
- RDesktop - remote desktop howto
- Graveman on Linux - burn baby burn burn
- HTOP - interactive process viewer alternative
- Caching DNS server install howto
- BitTorrent - downloading large files made easy
- PHPAlbum - web photo album install howto
- MRTG graph creation with Cisco routers
- Tree view of directories and file listings from co...
- MAC address packet filtering using IPTables
- GTK-based GNOME Linux Tools
- Linux backups powered by RSnapShot
- MRTG tutorial, install and howtos
- FindSMB - view shared folders from network
- Squid - upgrade and install howto
- prompt and press a key between script lines
- Devede - DVD/VCD video authoring and creation tool
- display file and file system status
- determine file type
- GNOME GUI task scheduler install howto
- Linux backups powered by Rsync
- KPackage - GUI package administration and manageme...
-
▼
September
(58)
Monday, September 10, 2007
TFTP server - setup and install howto
Subscribe to:
Post Comments (Atom)
ILoveTux - howtos and news | About | Contact | TOS | Policy
1 comments:
Hello and thanks for posting this document.
In the line:
# chmod 600 /tftpboot
you actually meant to say
# chmod 700 /tftpboot
for /tftpboot is a directory, and without the executing permission the TFTP will fail.
:)
Post a Comment