On Thu, Apr 12, 2018 at 9:26 AM, Steven Tardy <sjt5atra at gmail.com> wrote:> Reading back through prior emails. . . TFTP client requests packets *are* > making it to the TFTP server. So it seems like something on the TFTP server > itself. >Right. I am not sure how to debug that> > Like previously mentioned server side > firewall/iptables/tcp-wrappers/selinux are all possible culprits. > >I tested with firewalld turned off and selinux all permissive. I also did not see any denied in audit log related to this when selinux was enforced> Hmmm just thought of something else, what are the file permissions of the > file you are requesting? Try `chmod a+r filename`? >Yes it is readable.> _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
On Wed, 2018-04-18 at 20:52 -0400, Asif Iqbal wrote:> On Thu, Apr 12, 2018 at 9:26 AM, Steven Tardy <sjt5atra at gmail.com> wrote: > > > Reading back through prior emails. . . TFTP client requests packets *are* > > making it to the TFTP server. So it seems like something on the TFTP server > > itself. > > > > Right. I am not sure how to debug thatJust reading back through the thread, I'm still not sure, but does the server have multiple ethernet interfaces? If so, can you turn off the others temporarily? Is it possible that IPv6 is getting in the way? If you do lsof -i :69 what do you get?> > > > > > Like previously mentioned server side > > firewall/iptables/tcp-wrappers/selinux are all possible culprits. > > > > > > I tested with firewalld turned off and selinux all permissive. I also did > not see any denied in audit log > related to this when selinux was enforced > > > > > Hmmm just thought of something else, what are the file permissions of the > > file you are requesting? Try `chmod a+r filename`? > > > > Yes it is readable. >What about all the directories above the file - are they readable and searchable? P.
On Wed, Apr 18, 2018 at 08:52:32PM -0400, Asif Iqbal wrote:> I tested with firewalld turned off and selinux all permissive. I also did > not see any denied in audit log > related to this when selinux was enforcedHave you checked the *client* firewall? TFTP responses to client requests are blocked by the default firewall, due to the nature of the TFTP protocol. -- Jonathan Billings <billings at negate.org>
Early in this thread you mentioned these are on different network subnets. . . Just thought about a similar issue. . . sysctl -a | grep rp_filter If a packet comes in to Linux and the path BACK to the remote IP is NOT out that same interface (asymmetric routing) the Linux kernel will drop the packet. ?rp_filter? controls how Linux behaves regarding this. Please provide real `ifconfig` and `route -rn` and `tcpdump port 69` output to properly diagnose. . .