On Thu, Mar 29, 2018 at 12:48:15PM -0400, Asif Iqbal wrote:> I do not see tftp traffic is leaving from S > > A:~$ tftp > (to) 192.168.1.20 > tftp> get file > Transfer timed out. > > As you can see no pkt is leaving. If it were leaving S, but A were not > receiving then I would think firewall > is dropping it. > > [ S ~]$ sudo tcpdump -A -nniany host 192.168.1.10 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 > bytesMost likely the firewall on the system running your tftp client is blocking the traffic from the tftp server. The easiest way to test would be to put in a rule that allows all packets from the server (or to at least log them so you can see what's happening). The firewall issue is most likely *not* with the tftp server. -- Jonathan Billings <billings at negate.org>
Reading back through prior emails. . . TFTP client requests packets *are* making it to the TFTP server. So it seems like something on the TFTP server itself. Like previously mentioned server side firewall/iptables/tcp-wrappers/selinux are all possible culprits. Hmmm just thought of something else, what are the file permissions of the file you are requesting? Try `chmod a+r filename`?
On Thu, Apr 12, 2018 at 9:26 AM, Steven Tardy <sjt5atra at gmail.com> wrote:> Reading back through prior emails. . . TFTP client requests packets *are* > making it to the TFTP server. So it seems like something on the TFTP server > itself. >Right. I am not sure how to debug that> > Like previously mentioned server side > firewall/iptables/tcp-wrappers/selinux are all possible culprits. > >I tested with firewalld turned off and selinux all permissive. I also did not see any denied in audit log related to this when selinux was enforced> Hmmm just thought of something else, what are the file permissions of the > file you are requesting? Try `chmod a+r filename`? >Yes it is readable.> _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?