Glen Turner (vk5tu) wrote,
Glen Turner
vk5tu

TFTP server, Fedora 24

The major system management tools have altered in recent Fedora versions, so the long-remembered phrases no longer work. Here is how to install and make available to the world a TFTP server.

$ sudo pkcon install tftp tftp-server
$ sudo cat <EOF >> /etc/hosts.allow
in.tftpd: ALL
EOF
$ sudo firewall-cmd --add-service tftp
$ sudo firewall-cmd --permanent --add-service tftp
$ sudo systemctl enable tftp.socket
$ sudo systemctl daemon-reload

Test with:

$ sudo cp example.bin /var/lib/tftpboot/
remote$ tftp server.example.com
tftp> get example.bin
tftp> quit

Use cp rather than mv so that SELinux sets the correct attribute on the file.

To see what is going on, use journalctl -f -l. You don't see much. Here's what a working download from the TFTP server looks like:

Jan 01 00:00:00 tftp-server.example.net in.tftpd[2]: RRQ from ::ffff:192.0.2.1 filename example.bin
Jan 01 00:00:10 tftp-server.example.net in.tftpd[2]: Client :ffff:192.0.2.1 finished example.bin

To enable enough messages to see why a particular client is failing, to set a small blocksize to be compatible with a wide range of equipment, and to extend the timeout to allow enough time for routers with slow flash not to encounter confusing retransmissions, add the file /etc/systemd/system/tftp.service containing:

.include /lib/systemd/system/tftp.service
[Service]
ExecStart=
ExecStart=/usr/sbin/in.tftpd --blocksize 1468 --retransmit 2000000 --verbose --secure /var/lib/tftpboot

If you want to use a different directory for the files the make sure you get your SELinux labelling correct. There are two setsebool nerb knobs: tftp_anon_write is needed to allow writing (along with changing flags on the daemon command line and getting the Unix permissions correct); and tftp_home_dir loosens the type matching enough so that a user home directory can do TFTP.

Consider that between Fedora 14 (2010) and Fedora 22 (2015) the package installation command, firewall configuration and init system configuration and log viewing of this common systems administration task all change. I wonder if that invalidation of years of practice accounts for some of the opposition to those changes.

Tags: linux
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 3 comments