I configure the system of remote boot. Almost all was done. But one simple problem. tftp doesn't download pxelinux.0 from boot-server, in.tftpd is running at. Problem isn't in pxelinux.0, but in protocol itself. I've created test file "test" in /tftpboot and tried to download it but "Timeout occured". From /var/log/messages: Mar 27 16:32:27 dk in.tftpd[26576]: RRQ from 80.92.161.1 filename test Mar 27 16:32:27 dk in.tftpd[26576]: tftpd: read(ack): Connection refused OS - Fedora Core 4, server in.tftpd (tftpd-hpa 0.40) runs over xinetd in verbose mode. /tftpboot has 777 writes. SELinux is turned off. At the server (at localhost and 192.168.4.110) I can download files from /tftpboot, but from remote host not. I've edited /etc/hosts.allow(deny), runned tftpd as daemon, from nobody, etc. Nothing changed. Some extra information: 1. TFTP-client has IP 192.168.0.11 and gateway 192.168.0.125 2. TFTP-server has IP 192.168.4.110 and gateway 192.168.4.1
On Tue, Mar 28, 2006 at 08:03:31AM +1100, Kosolapov Dmitry wrote:> I configure the system of remote boot. Almost all was done. But one > simple problem. tftp doesn't download pxelinux.0 from boot-server, > in.tftpd is running at. > Problem isn't in pxelinux.0, but in protocol itself. I've created test > file "test" in /tftpboot and tried to download it but "Timeout occured". > From /var/log/messages: > Mar 27 16:32:27 dk in.tftpd[26576]: RRQ from 80.92.161.1 filename test > Mar 27 16:32:27 dk in.tftpd[26576]: tftpd: read(ack): Connection refused > > OS - Fedora Core 4, server in.tftpd (tftpd-hpa 0.40) runs over xinetd in > verbose mode. /tftpboot has 777 writes. SELinux is turned off. > At the server (at localhost and 192.168.4.110) I can download files from > /tftpboot, but from remote host not. > I've edited /etc/hosts.allow(deny), runned tftpd as daemon, from nobody, > etc. Nothing changed. > Some extra information: > 1. TFTP-client has IP 192.168.0.11 and gateway 192.168.0.125 > 2. TFTP-server has IP 192.168.4.110 and gateway 192.168.4.1The usual^Wworking setup is having the TFTP server AND client on the same LAN. Your setup has two LANs and even a masquerading router in between. I'm even astonished that you get> Mar 27 16:32:27 dk in.tftpd[26576]: RRQ from 80.92.161.1 filename testand> Mar 27 16:32:27 dk in.tftpd[26576]: tftpd: read(ack): Connection refusedI not sure where to "fix" it, my bet is the gateway 192.168.0.125, but at the Internet side. HtH GSt
Geert Stappers wrote:> > The usual^Wworking setup is having the TFTP server AND client > on the same LAN. > > Your setup has two LANs and even a masquerading router in between.Two LANs is fine; a masquerading router is definitely *not* unless the router has special code to proxy TFTP. -hpa
Yes, you are right. Our organization has 2 LANS (0th and 4th subnets). Gateway of the 0th (192.168.0.125) has external Internet interface. And I was astonished myself viewing that IP. But these hosts ping each other excelently (tracerote and tracert tell there are 2 hops beetween the hosts). Does tftpd have its own config with something about acl? What is the solution. Thanks forward.
I've checked from the 4-th subnet. No changes. TFTPD refuses remote connctions (ack requests). Please help me.
Luciano Miguel Ferreira Rocha wrote:> On Thu, Mar 30, 2006 at 04:42:38AM +1100, Kosolapov Dmitry wrote: >> Luciano Miguel Ferreira Rocha wrote: >>> On Thu, Mar 30, 2006 at 03:53:35AM +1100, Kosolapov Dmitry wrote: >>>> I've checked from the 4-th subnet. No changes. TFTPD refuses remote >>>> connctions (ack requests). Please help me. >>> Run /etc/init.d/iptables stop and try again. >>> >>> If that fixes it, you need to allow tftp traffic in your firewall. If it >>> doesn't, try fetching the file via a tftp client directly on the server >>> (tftp localhost) and on a machine on the same subnet. >>> >>> >> That didn't help to it. I've tried to download the file within subnet >> server being in. Remote connections are refused. But at the server I can >> download files from /tftpboot (both 127.0.0.1 and 192.168.4.110 (my >> server's etch0 interface)). > > Did you run: /etc/init.d/iptables stop > > I suspect it's firewall related. >Yes, "service iptables stop" was done.
Geert Stappers wrote:> On Thu, Mar 30, 2006 at 07:05:45AM +1100, Kosolapov Dmitry wrote: > >> Luciano Miguel Ferreira Rocha wrote: >> >>> The problem could be in your gateway. >>> >>> >> The outputs while transfer attempts: >> 1. tcpdump -n -i eth0 -vvv port tftp >> >> 10 times message: >> 06:55:28.350404 IP (tos 0x0, ttl 127, id 29260, offset 0, flags [none], >> proto 17, length: 50) 80.92.161.1.3033 > 192.168.4.110.tftp: [udp sum >> ok] 22 RRQ "pxelinux.0" netascii >> >> >> And at the end: >> >> 06:55:36.351908 IP (tos 0x0, ttl 127, id 29270, offset 0, flags [none], >> proto 17, length: 51) 80.92.161.1.3033 > 192.168.4.110.tftp: [udp sum >> ok] 23 ERROR EUNDEF timeout on receive" >> >> 2. strace -f -p 2119 //2119 - pid of xinetd (in.tftpd is running over >> super-server) >> Process 2119 attached - interrupt to quit >> select(6, [3], NULL, NULL, NULL) >> And no messages while transfering. >> > > > I think that this was missed: > > | On Mon, Mar 27, 2006 at 11:07:17PM -0800, H. Peter Anvin wrote: > | > Geert Stappers wrote: > | > > > | > >Your setup has two LANs and even a masquerading router in between. > | > > | > Two LANs is fine; a masquerading router is definitely *not* unless the > | > router has special code to proxy TFTP. > | > > | > -hpa > > > It says that the used routers must have special code to proxy TFTP. >And since it look like you are using netfilter, you might want to load the tftp nat module. ../C