TFTP requests Not being serviced The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Come Celebrate our 10 Year Anniversary!Windows TFTP Server Recomendations?Strange UDP/TFTP ProblemTFTP/PXE with the foremanTFTP PUT Failing Across HostsFedora 17 tftp not sending files on requestsDownloading with U-Boot's tftp randomly times outHow to ACCEPT multicast connection with iptables's rule?OpenVPN UDP connections timing outDo DNS queries always travel over UDP?dnsmasq not responding to Cisco tftp broadcast requests (tftp://255.255.255.255/network-confg)
Is it ethical to upload a automatically generated paper to a non peer-reviewed site as part of a larger research?
What is special about square numbers here?
Does the AirPods case need to be around while listening via an iOS Device?
What aspect of planet Earth must be changed to prevent the industrial revolution?
Is every episode of "Where are my Pants?" identical?
What information about me do stores get via my credit card?
Am I ethically obligated to go into work on an off day if the reason is sudden?
Semisimplicity of the category of coherent sheaves?
How does ice melt when immersed in water
What are these Gizmos at Izaña Atmospheric Research Center in Spain?
Did the new image of black hole confirm the general theory of relativity?
Is it ok to offer lower paid work as a trial period before negotiating for a full-time job?
Do warforged have souls?
"... to apply for a visa" or "... and applied for a visa"?
Are spiders unable to hurt humans, especially very small spiders?
Is above average number of years spent on PhD considered a red flag in future academia or industry positions?
ELI5: Why do they say that Israel would have been the fourth country to land a spacecraft on the Moon and why do they call it low cost?
Road tyres vs "Street" tyres for charity ride on MTB Tandem
Change bounding box of math glyphs in LuaTeX
How did passengers keep warm on sail ships?
Would an alien lifeform be able to achieve space travel if lacking in vision?
How many people can fit inside Mordenkainen's Magnificent Mansion?
Derivation tree not rendering
Problems with Ubuntu mount /tmp
TFTP requests Not being serviced
The 2019 Stack Overflow Developer Survey Results Are In
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
Come Celebrate our 10 Year Anniversary!Windows TFTP Server Recomendations?Strange UDP/TFTP ProblemTFTP/PXE with the foremanTFTP PUT Failing Across HostsFedora 17 tftp not sending files on requestsDownloading with U-Boot's tftp randomly times outHow to ACCEPT multicast connection with iptables's rule?OpenVPN UDP connections timing outDo DNS queries always travel over UDP?dnsmasq not responding to Cisco tftp broadcast requests (tftp://255.255.255.255/network-confg)
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
This may look like a duplicate question but I did my share of searching, but could not find any solution.
I have created a tftp server, this server when accessed from a local tftp client, over a loopback gets and puts the file just fine.
When I try to access the server through an external client, The request times out. The connection is established. I can see the connection as connected in the tftp client, no issues there. The File transfer does not start.
The client is connected directly to the HOST via a ethernet cable, I have created a 2 Device LAN. pings work between them.
I initially thought this to be a firewall issue, now I have disabled the firewall, allowed INPUT and OUTPUT on the configured port 69 in the iptables. also udp is allowed on port 69.
I am also Not running multiple instances of the tftpd-hpa server , it is running as a daemon, and netstat -aup has only one tftp server running.
The clients are giving proper requests, I can see them in wireshark, but nothing goes out in response.
and the failure is always a TIMEOUT.
**firewall disabled**
**ports allow connection **
**file transfer fails**
** outgoing tftp request as a client to other tftp servers is alos blocked **
Update2:
I was not really sure about the Firewall thing, as this laptop was issued by my employer and I am skeptical that they wont allow the firewall to be disabled. reading the /var/log/syslog did not give any hints so tried looking at the kernel prints as to whether any kmodules were doing anything fishy, I see these ones.
[10989.915231] FIREWALL: IN=eth1 OUT= MAC=50:7b:9d:f9:44:5d:68:9e:19:99:9e:e4:08:00 SRC=10.42.0.89 DST=10.42.0.1 LEN=65 TOS=0x00 PREC=0x00 TTL=255 ID=117 DF PROTO=UDP SPT=2495 DPT=69 LEN=45
The SRC , DESTT , DPT , PROTO the MAC Address all match my tftp client.
I cannot really tell, what is happening here, so if anyone can give me hints to look for some logs or something else, It would be really helpful.
after this I installed gufw to manage the firewall and allowed all incoming and outgoing traffic. I still get timeouts, and this is what I now see on syslog.
Sep 5 16:16:01 arun-TP kernel: [13836.201853] [UFW AUDIT] IN= OUT=eth1 SRC=10.42.0.1 DST=10.42.0.255 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=12630 DF PROTO=UDP SPT=17500 DPT=17500 LEN=164
Sep 5 16:16:01 arun-TP kernel: [13836.201870] [UFW ALLOW] IN= OUT=eth1 SRC=10.42.0.1 DST=10.42.0.255 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=12630 DF PROTO=UDP SPT=17500 DPT=17500 LEN=164
This time the DST does not make sense, The client is at 10.42.0.89 and not 10.42.0.255.
Update1:
/etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/tftpboot"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure --create -s"
RUN_DAEMON="YES"
ls -lrt /
drwxr-xr-x 2 tftp nogroup 4096 Sep 5 03:30 tftpboot
netstat -aup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 *:mdns *:* 739/avahi-daemon: r
udp 0 0 *:50694 *:* 2514/rpc.mountd
udp 0 0 *:55107 *:* 2514/rpc.mountd
udp 0 0 *:nfs *:* -
udp 0 0 *:3471 *:* 8567/dhclient
udp 0 0 *:56776 *:* 739/avahi-daemon: r
udp 0 0 10.42.0.1:domain *:* 5403/dnsmasq
udp 0 0 127.0.1.1:domain *:* 3025/dnsmasq
udp 0 0 *:bootps *:* 5403/dnsmasq
udp 0 0 *:bootpc *:* 8567/dhclient
udp 0 0 *:tftp *:* 4316/in.tftpd
udp 0 0 *:sunrpc *:* 966/rpcbind
udp 0 0 *:ipp *:* 1476/cups-browsed
udp 0 0 *:707 *:* 966/rpcbind
udp 0 0 *:33526 *:* 2514/rpc.mountd
udp 0 0 *:49935 *:* -
udp 0 0 localhost:796 *:* 1044/rpc.statd
udp 0 0 *:54194 *:* 1044/rpc.statd
udp 0 0 *:17500 *:* 3785/dropbox
udp6 0 0 [::]:mdns [::]:* 739/avahi-daemon: r
udp6 0 0 [::]:42779 [::]:* -
udp6 0 0 [::]:59279 [::]:* 1044/rpc.statd
udp6 0 0 [::]:nfs [::]:* -
udp6 0 0 [::]:60007 [::]:* 2514/rpc.mountd
udp6 0 0 [::]:52311 [::]:* 2254/BESClient
udp6 0 0 [::]:11656 [::]:* 8567/dhclient
udp6 0 0 [::]:sunrpc [::]:* 966/rpcbind
udp6 0 0 [::]:45289 [::]:* 739/avahi-daemon: r
udp6 0 0 [::]:57589 [::]:* 2514/rpc.mountd
udp6 0 0 [::]:707 [::]:* 966/rpcbind
udp6 0 0 [::]:37709 [::]:* 2514/rpc.mountd
no tftp configuration file in /etc/xinetd.d/
Firewall is disabled. ufw status = inactive
iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
2 656 ACCEPT udp -- eth1 any anywhere anywhere udp dpt:bootps
0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:bootps
0 0 ACCEPT udp -- eth1 any anywhere anywhere udp dpt:domain
0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:domain
36569 3800K ACCEPT all -- lo any anywhere anywhere
30392 20M ACCEPT tcp -- any any anywhere anywhere state RELATED,ESTABLISHED
2704 679K ACCEPT udp -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT 254 -- ipsec+ any anywhere anywhere
0 0 ACCEPT esp -- any any anywhere anywhere
0 0 ACCEPT ah -- any any anywhere anywhere
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:isakmp
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:cfengine
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5900
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5901
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:12080
0 0 REJECT tcp -- any any anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5656
0 0 ACCEPT udp -- any any anywhere anywhere udp dpts:5004:5005
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:5004:5005
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:20830
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:20830
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:sip:5062
0 0 ACCEPT udp -- any any anywhere anywhere udp dpts:sip:5062
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:21100
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:2001
0 0 ACCEPT gre -- any any anywhere anywhere
0 0 ACCEPT icmp -- any any anywhere anywhere icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench
689 56460 ACCEPT icmp -- any any anywhere anywhere icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere icmp parameter-problem
0 0 ACCEPT icmp -- any any anywhere anywhere icmp router-advertisement
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
13 832 ACCEPT icmp -- any any anywhere anywhere icmp echo-reply
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:tproxy
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:1533
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:30000:30005
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:bootps:bootpc
6 1968 DROP udp -- any any anywhere anywhere udp dpts:bootps:bootpc
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:netbios-ns
0 0 DROP udp -- any any anywhere anywhere udp dpt:netbios-ns
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:netbios-dgm
0 0 DROP udp -- any any anywhere anywhere udp dpt:netbios-dgm
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:netbios-ssn
0 0 DROP udp -- any any anywhere anywhere udp dpt:netbios-ssn
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:tcpmux:ftp-data
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:sunrpc
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:snmp:snmp-trap
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:520
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:6348:6349
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:6345:gnutella-rtr
75 3256 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level debug prefix "FIREWALL: "
1459 263K LOG udp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level debug prefix "FIREWALL: "
3347 568K DROP all -- any any anywhere anywhere
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any eth1 anywhere 10.42.0.0/24 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth1 any 10.42.0.0/24 anywhere
0 0 ACCEPT all -- eth1 eth1 anywhere anywhere
0 0 REJECT all -- any eth1 anywhere anywhere reject-with icmp-port-unreachable
0 0 REJECT all -- eth1 any anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 68593 packets, 6962K bytes) pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED
1 45 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED
Outgoing tftp requests as a client are also blocked. my IP is 192,168.0.5 tried connecting to 192.168.0.2
tftp 192.168.0.2
tftp> verbose on
Verbose mode on.
tftp> status
Connected to 192.168.0.2.
Mode: netascii Verbose: on Tracing: off Literal: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp> put hello
putting hello to 192.168.0.2:hello [netascii]
Transfer timed out.
can there be something wrong with my Router? Is there any settings that I need to take care of, but this problem is there even when I connect the client directly to the server using an ethernet cable. I tired a BeagleBone Black, a MAcbook and my Android Phone as a tftp clients raising request to the server.
Client : 10.42.0.89 (BeagleBlack, at u-boot)
Server : 10.42.0.1
I used wireshark to sniff on the ethernet packets now.
ARP:
32 927.886269000 10.42.0.89 Broadcast ARP 60 Who has 10.42.0.1? Tell 10.42.0.89
33 927.886320000 50:7b:9d:f9:44:5d 10.42.0.89 ARP 42 10.42.0.1 is at 50:7b:9d:f9:44:5d
after this , I see only this initiating from the client and nothing goes out.
36 932.887008000 10.42.0.89 10.42.0.1 TFTP 79 Read Request, File: hello, Transfer type: octet, timeout00=500, blksize00=146800
udp file-transfer tftp
asked Sep 4 '16 at 22:46
ArunMKumarArunMKumar
11618
add a comment |
This may look like a duplicate question but I did my share of searching, but could not find any solution.
I have created a tftp server, this server when accessed from a local tftp client, over a loopback gets and puts the file just fine.
When I try to access the server through an external client, The request times out. The connection is established. I can see the connection as connected in the tftp client, no issues there. The File transfer does not start.
The client is connected directly to the HOST via a ethernet cable, I have created a 2 Device LAN. pings work between them.
I initially thought this to be a firewall issue, now I have disabled the firewall, allowed INPUT and OUTPUT on the configured port 69 in the iptables. also udp is allowed on port 69.
I am also Not running multiple instances of the tftpd-hpa server , it is running as a daemon, and netstat -aup has only one tftp server running.
The clients are giving proper requests, I can see them in wireshark, but nothing goes out in response.
and the failure is always a TIMEOUT.
**firewall disabled**
**ports allow connection **
**file transfer fails**
** outgoing tftp request as a client to other tftp servers is alos blocked **
Update2:
I was not really sure about the Firewall thing, as this laptop was issued by my employer and I am skeptical that they wont allow the firewall to be disabled. reading the /var/log/syslog did not give any hints so tried looking at the kernel prints as to whether any kmodules were doing anything fishy, I see these ones.
[10989.915231] FIREWALL: IN=eth1 OUT= MAC=50:7b:9d:f9:44:5d:68:9e:19:99:9e:e4:08:00 SRC=10.42.0.89 DST=10.42.0.1 LEN=65 TOS=0x00 PREC=0x00 TTL=255 ID=117 DF PROTO=UDP SPT=2495 DPT=69 LEN=45
The SRC , DESTT , DPT , PROTO the MAC Address all match my tftp client.
I cannot really tell, what is happening here, so if anyone can give me hints to look for some logs or something else, It would be really helpful.
after this I installed gufw to manage the firewall and allowed all incoming and outgoing traffic. I still get timeouts, and this is what I now see on syslog.
Sep 5 16:16:01 arun-TP kernel: [13836.201853] [UFW AUDIT] IN= OUT=eth1 SRC=10.42.0.1 DST=10.42.0.255 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=12630 DF PROTO=UDP SPT=17500 DPT=17500 LEN=164
Sep 5 16:16:01 arun-TP kernel: [13836.201870] [UFW ALLOW] IN= OUT=eth1 SRC=10.42.0.1 DST=10.42.0.255 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=12630 DF PROTO=UDP SPT=17500 DPT=17500 LEN=164
This time the DST does not make sense, The client is at 10.42.0.89 and not 10.42.0.255.
Update1:
/etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/tftpboot"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure --create -s"
RUN_DAEMON="YES"
ls -lrt /
drwxr-xr-x 2 tftp nogroup 4096 Sep 5 03:30 tftpboot
netstat -aup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 *:mdns *:* 739/avahi-daemon: r
udp 0 0 *:50694 *:* 2514/rpc.mountd
udp 0 0 *:55107 *:* 2514/rpc.mountd
udp 0 0 *:nfs *:* -
udp 0 0 *:3471 *:* 8567/dhclient
udp 0 0 *:56776 *:* 739/avahi-daemon: r
udp 0 0 10.42.0.1:domain *:* 5403/dnsmasq
udp 0 0 127.0.1.1:domain *:* 3025/dnsmasq
udp 0 0 *:bootps *:* 5403/dnsmasq
udp 0 0 *:bootpc *:* 8567/dhclient
udp 0 0 *:tftp *:* 4316/in.tftpd
udp 0 0 *:sunrpc *:* 966/rpcbind
udp 0 0 *:ipp *:* 1476/cups-browsed
udp 0 0 *:707 *:* 966/rpcbind
udp 0 0 *:33526 *:* 2514/rpc.mountd
udp 0 0 *:49935 *:* -
udp 0 0 localhost:796 *:* 1044/rpc.statd
udp 0 0 *:54194 *:* 1044/rpc.statd
udp 0 0 *:17500 *:* 3785/dropbox
udp6 0 0 [::]:mdns [::]:* 739/avahi-daemon: r
udp6 0 0 [::]:42779 [::]:* -
udp6 0 0 [::]:59279 [::]:* 1044/rpc.statd
udp6 0 0 [::]:nfs [::]:* -
udp6 0 0 [::]:60007 [::]:* 2514/rpc.mountd
udp6 0 0 [::]:52311 [::]:* 2254/BESClient
udp6 0 0 [::]:11656 [::]:* 8567/dhclient
udp6 0 0 [::]:sunrpc [::]:* 966/rpcbind
udp6 0 0 [::]:45289 [::]:* 739/avahi-daemon: r
udp6 0 0 [::]:57589 [::]:* 2514/rpc.mountd
udp6 0 0 [::]:707 [::]:* 966/rpcbind
udp6 0 0 [::]:37709 [::]:* 2514/rpc.mountd
no tftp configuration file in /etc/xinetd.d/
Firewall is disabled. ufw status = inactive
iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
2 656 ACCEPT udp -- eth1 any anywhere anywhere udp dpt:bootps
0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:bootps
0 0 ACCEPT udp -- eth1 any anywhere anywhere udp dpt:domain
0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:domain
36569 3800K ACCEPT all -- lo any anywhere anywhere
30392 20M ACCEPT tcp -- any any anywhere anywhere state RELATED,ESTABLISHED
2704 679K ACCEPT udp -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT 254 -- ipsec+ any anywhere anywhere
0 0 ACCEPT esp -- any any anywhere anywhere
0 0 ACCEPT ah -- any any anywhere anywhere
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:isakmp
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:cfengine
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5900
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5901
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:12080
0 0 REJECT tcp -- any any anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5656
0 0 ACCEPT udp -- any any anywhere anywhere udp dpts:5004:5005
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:5004:5005
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:20830
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:20830
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:sip:5062
0 0 ACCEPT udp -- any any anywhere anywhere udp dpts:sip:5062
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:21100
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:2001
0 0 ACCEPT gre -- any any anywhere anywhere
0 0 ACCEPT icmp -- any any anywhere anywhere icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench
689 56460 ACCEPT icmp -- any any anywhere anywhere icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere icmp parameter-problem
0 0 ACCEPT icmp -- any any anywhere anywhere icmp router-advertisement
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
13 832 ACCEPT icmp -- any any anywhere anywhere icmp echo-reply
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:tproxy
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:1533
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:30000:30005
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:bootps:bootpc
6 1968 DROP udp -- any any anywhere anywhere udp dpts:bootps:bootpc
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:netbios-ns
0 0 DROP udp -- any any anywhere anywhere udp dpt:netbios-ns
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:netbios-dgm
0 0 DROP udp -- any any anywhere anywhere udp dpt:netbios-dgm
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:netbios-ssn
0 0 DROP udp -- any any anywhere anywhere udp dpt:netbios-ssn
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:tcpmux:ftp-data
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:sunrpc
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:snmp:snmp-trap
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:520
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:6348:6349
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:6345:gnutella-rtr
75 3256 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level debug prefix "FIREWALL: "
1459 263K LOG udp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level debug prefix "FIREWALL: "
3347 568K DROP all -- any any anywhere anywhere
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any eth1 anywhere 10.42.0.0/24 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth1 any 10.42.0.0/24 anywhere
0 0 ACCEPT all -- eth1 eth1 anywhere anywhere
0 0 REJECT all -- any eth1 anywhere anywhere reject-with icmp-port-unreachable
0 0 REJECT all -- eth1 any anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 68593 packets, 6962K bytes) pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED
1 45 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED
Outgoing tftp requests as a client are also blocked. my IP is 192,168.0.5 tried connecting to 192.168.0.2
tftp 192.168.0.2
tftp> verbose on
Verbose mode on.
tftp> status
Connected to 192.168.0.2.
Mode: netascii Verbose: on Tracing: off Literal: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp> put hello
putting hello to 192.168.0.2:hello [netascii]
Transfer timed out.
can there be something wrong with my Router? Is there any settings that I need to take care of, but this problem is there even when I connect the client directly to the server using an ethernet cable. I tired a BeagleBone Black, a MAcbook and my Android Phone as a tftp clients raising request to the server.
Client : 10.42.0.89 (BeagleBlack, at u-boot)
Server : 10.42.0.1
I used wireshark to sniff on the ethernet packets now.
ARP:
32 927.886269000 10.42.0.89 Broadcast ARP 60 Who has 10.42.0.1? Tell 10.42.0.89
33 927.886320000 50:7b:9d:f9:44:5d 10.42.0.89 ARP 42 10.42.0.1 is at 50:7b:9d:f9:44:5d
after this , I see only this initiating from the client and nothing goes out.
36 932.887008000 10.42.0.89 10.42.0.1 TFTP 79 Read Request, File: hello, Transfer type: octet, timeout00=500, blksize00=146800
udp file-transfer tftp
asked Sep 4 '16 at 22:46
ArunMKumarArunMKumar
11618
1
Please show tftpd configuration and output of commandiptables -L -v. Can tftp client on the server connect to server via external ip address?
– Mikhail Khirgiy
Sep 5 '16 at 5:43
Question is updated now.. @MikhailKhirgiy
– ArunMKumar
Sep 5 '16 at 8:27
add a comment |
This may look like a duplicate question but I did my share of searching, but could not find any solution.
I have created a tftp server, this server when accessed from a local tftp client, over a loopback gets and puts the file just fine.
When I try to access the server through an external client, The request times out. The connection is established. I can see the connection as connected in the tftp client, no issues there. The File transfer does not start.
The client is connected directly to the HOST via a ethernet cable, I have created a 2 Device LAN. pings work between them.
I initially thought this to be a firewall issue, now I have disabled the firewall, allowed INPUT and OUTPUT on the configured port 69 in the iptables. also udp is allowed on port 69.
I am also Not running multiple instances of the tftpd-hpa server , it is running as a daemon, and netstat -aup has only one tftp server running.
The clients are giving proper requests, I can see them in wireshark, but nothing goes out in response.
and the failure is always a TIMEOUT.
**firewall disabled**
**ports allow connection **
**file transfer fails**
** outgoing tftp request as a client to other tftp servers is alos blocked **
Update2:
I was not really sure about the Firewall thing, as this laptop was issued by my employer and I am skeptical that they wont allow the firewall to be disabled. reading the /var/log/syslog did not give any hints so tried looking at the kernel prints as to whether any kmodules were doing anything fishy, I see these ones.
[10989.915231] FIREWALL: IN=eth1 OUT= MAC=50:7b:9d:f9:44:5d:68:9e:19:99:9e:e4:08:00 SRC=10.42.0.89 DST=10.42.0.1 LEN=65 TOS=0x00 PREC=0x00 TTL=255 ID=117 DF PROTO=UDP SPT=2495 DPT=69 LEN=45
The SRC , DESTT , DPT , PROTO the MAC Address all match my tftp client.
I cannot really tell, what is happening here, so if anyone can give me hints to look for some logs or something else, It would be really helpful.
after this I installed gufw to manage the firewall and allowed all incoming and outgoing traffic. I still get timeouts, and this is what I now see on syslog.
Sep 5 16:16:01 arun-TP kernel: [13836.201853] [UFW AUDIT] IN= OUT=eth1 SRC=10.42.0.1 DST=10.42.0.255 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=12630 DF PROTO=UDP SPT=17500 DPT=17500 LEN=164
Sep 5 16:16:01 arun-TP kernel: [13836.201870] [UFW ALLOW] IN= OUT=eth1 SRC=10.42.0.1 DST=10.42.0.255 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=12630 DF PROTO=UDP SPT=17500 DPT=17500 LEN=164
This time the DST does not make sense, The client is at 10.42.0.89 and not 10.42.0.255.
Update1:
/etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/tftpboot"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure --create -s"
RUN_DAEMON="YES"
ls -lrt /
drwxr-xr-x 2 tftp nogroup 4096 Sep 5 03:30 tftpboot
netstat -aup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 *:mdns *:* 739/avahi-daemon: r
udp 0 0 *:50694 *:* 2514/rpc.mountd
udp 0 0 *:55107 *:* 2514/rpc.mountd
udp 0 0 *:nfs *:* -
udp 0 0 *:3471 *:* 8567/dhclient
udp 0 0 *:56776 *:* 739/avahi-daemon: r
udp 0 0 10.42.0.1:domain *:* 5403/dnsmasq
udp 0 0 127.0.1.1:domain *:* 3025/dnsmasq
udp 0 0 *:bootps *:* 5403/dnsmasq
udp 0 0 *:bootpc *:* 8567/dhclient
udp 0 0 *:tftp *:* 4316/in.tftpd
udp 0 0 *:sunrpc *:* 966/rpcbind
udp 0 0 *:ipp *:* 1476/cups-browsed
udp 0 0 *:707 *:* 966/rpcbind
udp 0 0 *:33526 *:* 2514/rpc.mountd
udp 0 0 *:49935 *:* -
udp 0 0 localhost:796 *:* 1044/rpc.statd
udp 0 0 *:54194 *:* 1044/rpc.statd
udp 0 0 *:17500 *:* 3785/dropbox
udp6 0 0 [::]:mdns [::]:* 739/avahi-daemon: r
udp6 0 0 [::]:42779 [::]:* -
udp6 0 0 [::]:59279 [::]:* 1044/rpc.statd
udp6 0 0 [::]:nfs [::]:* -
udp6 0 0 [::]:60007 [::]:* 2514/rpc.mountd
udp6 0 0 [::]:52311 [::]:* 2254/BESClient
udp6 0 0 [::]:11656 [::]:* 8567/dhclient
udp6 0 0 [::]:sunrpc [::]:* 966/rpcbind
udp6 0 0 [::]:45289 [::]:* 739/avahi-daemon: r
udp6 0 0 [::]:57589 [::]:* 2514/rpc.mountd
udp6 0 0 [::]:707 [::]:* 966/rpcbind
udp6 0 0 [::]:37709 [::]:* 2514/rpc.mountd
no tftp configuration file in /etc/xinetd.d/
Firewall is disabled. ufw status = inactive
iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
2 656 ACCEPT udp -- eth1 any anywhere anywhere udp dpt:bootps
0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:bootps
0 0 ACCEPT udp -- eth1 any anywhere anywhere udp dpt:domain
0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:domain
36569 3800K ACCEPT all -- lo any anywhere anywhere
30392 20M ACCEPT tcp -- any any anywhere anywhere state RELATED,ESTABLISHED
2704 679K ACCEPT udp -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT 254 -- ipsec+ any anywhere anywhere
0 0 ACCEPT esp -- any any anywhere anywhere
0 0 ACCEPT ah -- any any anywhere anywhere
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:isakmp
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:cfengine
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5900
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5901
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:12080
0 0 REJECT tcp -- any any anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5656
0 0 ACCEPT udp -- any any anywhere anywhere udp dpts:5004:5005
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:5004:5005
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:20830
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:20830
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:sip:5062
0 0 ACCEPT udp -- any any anywhere anywhere udp dpts:sip:5062
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:21100
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:2001
0 0 ACCEPT gre -- any any anywhere anywhere
0 0 ACCEPT icmp -- any any anywhere anywhere icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench
689 56460 ACCEPT icmp -- any any anywhere anywhere icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere icmp parameter-problem
0 0 ACCEPT icmp -- any any anywhere anywhere icmp router-advertisement
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
13 832 ACCEPT icmp -- any any anywhere anywhere icmp echo-reply
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:tproxy
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:1533
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:30000:30005
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:bootps:bootpc
6 1968 DROP udp -- any any anywhere anywhere udp dpts:bootps:bootpc
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:netbios-ns
0 0 DROP udp -- any any anywhere anywhere udp dpt:netbios-ns
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:netbios-dgm
0 0 DROP udp -- any any anywhere anywhere udp dpt:netbios-dgm
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:netbios-ssn
0 0 DROP udp -- any any anywhere anywhere udp dpt:netbios-ssn
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:tcpmux:ftp-data
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:sunrpc
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:snmp:snmp-trap
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:520
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:6348:6349
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:6345:gnutella-rtr
75 3256 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level debug prefix "FIREWALL: "
1459 263K LOG udp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level debug prefix "FIREWALL: "
3347 568K DROP all -- any any anywhere anywhere
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any eth1 anywhere 10.42.0.0/24 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth1 any 10.42.0.0/24 anywhere
0 0 ACCEPT all -- eth1 eth1 anywhere anywhere
0 0 REJECT all -- any eth1 anywhere anywhere reject-with icmp-port-unreachable
0 0 REJECT all -- eth1 any anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 68593 packets, 6962K bytes) pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED
1 45 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED
Outgoing tftp requests as a client are also blocked. my IP is 192,168.0.5 tried connecting to 192.168.0.2
tftp 192.168.0.2
tftp> verbose on
Verbose mode on.
tftp> status
Connected to 192.168.0.2.
Mode: netascii Verbose: on Tracing: off Literal: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp> put hello
putting hello to 192.168.0.2:hello [netascii]
Transfer timed out.
can there be something wrong with my Router? Is there any settings that I need to take care of, but this problem is there even when I connect the client directly to the server using an ethernet cable. I tired a BeagleBone Black, a MAcbook and my Android Phone as a tftp clients raising request to the server.
Client : 10.42.0.89 (BeagleBlack, at u-boot)
Server : 10.42.0.1
I used wireshark to sniff on the ethernet packets now.
ARP:
32 927.886269000 10.42.0.89 Broadcast ARP 60 Who has 10.42.0.1? Tell 10.42.0.89
33 927.886320000 50:7b:9d:f9:44:5d 10.42.0.89 ARP 42 10.42.0.1 is at 50:7b:9d:f9:44:5d
after this , I see only this initiating from the client and nothing goes out.
36 932.887008000 10.42.0.89 10.42.0.1 TFTP 79 Read Request, File: hello, Transfer type: octet, timeout00=500, blksize00=146800
udp file-transfer tftp
asked Sep 4 '16 at 22:46
ArunMKumarArunMKumar
11618
This may look like a duplicate question but I did my share of searching, but could not find any solution.
I have created a tftp server, this server when accessed from a local tftp client, over a loopback gets and puts the file just fine.
When I try to access the server through an external client, The request times out. The connection is established. I can see the connection as connected in the tftp client, no issues there. The File transfer does not start.
The client is connected directly to the HOST via a ethernet cable, I have created a 2 Device LAN. pings work between them.
I initially thought this to be a firewall issue, now I have disabled the firewall, allowed INPUT and OUTPUT on the configured port 69 in the iptables. also udp is allowed on port 69.
I am also Not running multiple instances of the tftpd-hpa server , it is running as a daemon, and netstat -aup has only one tftp server running.
The clients are giving proper requests, I can see them in wireshark, but nothing goes out in response.
and the failure is always a TIMEOUT.
**firewall disabled**
**ports allow connection **
**file transfer fails**
** outgoing tftp request as a client to other tftp servers is alos blocked **
Update2:
I was not really sure about the Firewall thing, as this laptop was issued by my employer and I am skeptical that they wont allow the firewall to be disabled. reading the /var/log/syslog did not give any hints so tried looking at the kernel prints as to whether any kmodules were doing anything fishy, I see these ones.
[10989.915231] FIREWALL: IN=eth1 OUT= MAC=50:7b:9d:f9:44:5d:68:9e:19:99:9e:e4:08:00 SRC=10.42.0.89 DST=10.42.0.1 LEN=65 TOS=0x00 PREC=0x00 TTL=255 ID=117 DF PROTO=UDP SPT=2495 DPT=69 LEN=45
The SRC , DESTT , DPT , PROTO the MAC Address all match my tftp client.
I cannot really tell, what is happening here, so if anyone can give me hints to look for some logs or something else, It would be really helpful.
after this I installed gufw to manage the firewall and allowed all incoming and outgoing traffic. I still get timeouts, and this is what I now see on syslog.
Sep 5 16:16:01 arun-TP kernel: [13836.201853] [UFW AUDIT] IN= OUT=eth1 SRC=10.42.0.1 DST=10.42.0.255 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=12630 DF PROTO=UDP SPT=17500 DPT=17500 LEN=164
Sep 5 16:16:01 arun-TP kernel: [13836.201870] [UFW ALLOW] IN= OUT=eth1 SRC=10.42.0.1 DST=10.42.0.255 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=12630 DF PROTO=UDP SPT=17500 DPT=17500 LEN=164
This time the DST does not make sense, The client is at 10.42.0.89 and not 10.42.0.255.
Update1:
/etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/tftpboot"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure --create -s"
RUN_DAEMON="YES"
ls -lrt /
drwxr-xr-x 2 tftp nogroup 4096 Sep 5 03:30 tftpboot
netstat -aup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 *:mdns *:* 739/avahi-daemon: r
udp 0 0 *:50694 *:* 2514/rpc.mountd
udp 0 0 *:55107 *:* 2514/rpc.mountd
udp 0 0 *:nfs *:* -
udp 0 0 *:3471 *:* 8567/dhclient
udp 0 0 *:56776 *:* 739/avahi-daemon: r
udp 0 0 10.42.0.1:domain *:* 5403/dnsmasq
udp 0 0 127.0.1.1:domain *:* 3025/dnsmasq
udp 0 0 *:bootps *:* 5403/dnsmasq
udp 0 0 *:bootpc *:* 8567/dhclient
udp 0 0 *:tftp *:* 4316/in.tftpd
udp 0 0 *:sunrpc *:* 966/rpcbind
udp 0 0 *:ipp *:* 1476/cups-browsed
udp 0 0 *:707 *:* 966/rpcbind
udp 0 0 *:33526 *:* 2514/rpc.mountd
udp 0 0 *:49935 *:* -
udp 0 0 localhost:796 *:* 1044/rpc.statd
udp 0 0 *:54194 *:* 1044/rpc.statd
udp 0 0 *:17500 *:* 3785/dropbox
udp6 0 0 [::]:mdns [::]:* 739/avahi-daemon: r
udp6 0 0 [::]:42779 [::]:* -
udp6 0 0 [::]:59279 [::]:* 1044/rpc.statd
udp6 0 0 [::]:nfs [::]:* -
udp6 0 0 [::]:60007 [::]:* 2514/rpc.mountd
udp6 0 0 [::]:52311 [::]:* 2254/BESClient
udp6 0 0 [::]:11656 [::]:* 8567/dhclient
udp6 0 0 [::]:sunrpc [::]:* 966/rpcbind
udp6 0 0 [::]:45289 [::]:* 739/avahi-daemon: r
udp6 0 0 [::]:57589 [::]:* 2514/rpc.mountd
udp6 0 0 [::]:707 [::]:* 966/rpcbind
udp6 0 0 [::]:37709 [::]:* 2514/rpc.mountd
no tftp configuration file in /etc/xinetd.d/
Firewall is disabled. ufw status = inactive
iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
2 656 ACCEPT udp -- eth1 any anywhere anywhere udp dpt:bootps
0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:bootps
0 0 ACCEPT udp -- eth1 any anywhere anywhere udp dpt:domain
0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:domain
36569 3800K ACCEPT all -- lo any anywhere anywhere
30392 20M ACCEPT tcp -- any any anywhere anywhere state RELATED,ESTABLISHED
2704 679K ACCEPT udp -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT 254 -- ipsec+ any anywhere anywhere
0 0 ACCEPT esp -- any any anywhere anywhere
0 0 ACCEPT ah -- any any anywhere anywhere
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:isakmp
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:cfengine
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5900
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5901
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:12080
0 0 REJECT tcp -- any any anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5656
0 0 ACCEPT udp -- any any anywhere anywhere udp dpts:5004:5005
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:5004:5005
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:20830
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:20830
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:sip:5062
0 0 ACCEPT udp -- any any anywhere anywhere udp dpts:sip:5062
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:21100
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:2001
0 0 ACCEPT gre -- any any anywhere anywhere
0 0 ACCEPT icmp -- any any anywhere anywhere icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench
689 56460 ACCEPT icmp -- any any anywhere anywhere icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere icmp parameter-problem
0 0 ACCEPT icmp -- any any anywhere anywhere icmp router-advertisement
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
13 832 ACCEPT icmp -- any any anywhere anywhere icmp echo-reply
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:tproxy
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:1533
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:30000:30005
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:bootps:bootpc
6 1968 DROP udp -- any any anywhere anywhere udp dpts:bootps:bootpc
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:netbios-ns
0 0 DROP udp -- any any anywhere anywhere udp dpt:netbios-ns
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:netbios-dgm
0 0 DROP udp -- any any anywhere anywhere udp dpt:netbios-dgm
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:netbios-ssn
0 0 DROP udp -- any any anywhere anywhere udp dpt:netbios-ssn
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:tcpmux:ftp-data
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:sunrpc
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:snmp:snmp-trap
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:520
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:6348:6349
0 0 DROP tcp -- any any anywhere anywhere tcp dpts:6345:gnutella-rtr
75 3256 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level debug prefix "FIREWALL: "
1459 263K LOG udp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level debug prefix "FIREWALL: "
3347 568K DROP all -- any any anywhere anywhere
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any eth1 anywhere 10.42.0.0/24 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth1 any 10.42.0.0/24 anywhere
0 0 ACCEPT all -- eth1 eth1 anywhere anywhere
0 0 REJECT all -- any eth1 anywhere anywhere reject-with icmp-port-unreachable
0 0 REJECT all -- eth1 any anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 68593 packets, 6962K bytes) pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED
1 45 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED
Outgoing tftp requests as a client are also blocked. my IP is 192,168.0.5 tried connecting to 192.168.0.2
tftp 192.168.0.2
tftp> verbose on
Verbose mode on.
tftp> status
Connected to 192.168.0.2.
Mode: netascii Verbose: on Tracing: off Literal: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp> put hello
putting hello to 192.168.0.2:hello [netascii]
Transfer timed out.
can there be something wrong with my Router? Is there any settings that I need to take care of, but this problem is there even when I connect the client directly to the server using an ethernet cable. I tired a BeagleBone Black, a MAcbook and my Android Phone as a tftp clients raising request to the server.
Client : 10.42.0.89 (BeagleBlack, at u-boot)
Server : 10.42.0.1
I used wireshark to sniff on the ethernet packets now.
ARP:
32 927.886269000 10.42.0.89 Broadcast ARP 60 Who has 10.42.0.1? Tell 10.42.0.89
33 927.886320000 50:7b:9d:f9:44:5d 10.42.0.89 ARP 42 10.42.0.1 is at 50:7b:9d:f9:44:5d
after this , I see only this initiating from the client and nothing goes out.
36 932.887008000 10.42.0.89 10.42.0.1 TFTP 79 Read Request, File: hello, Transfer type: octet, timeout00=500, blksize00=146800
udp file-transfer tftp
udp file-transfer tftp
asked Sep 4 '16 at 22:46
ArunMKumarArunMKumar
11618
asked Sep 4 '16 at 22:46
ArunMKumarArunMKumar
11618
edited Sep 5 '16 at 10:50
ArunMKumar
asked Sep 4 '16 at 22:46
ArunMKumarArunMKumar
11618
asked Sep 4 '16 at 22:46
ArunMKumarArunMKumar
11618
asked Sep 4 '16 at 22:46
ArunMKumarArunMKumar
11618
11618
1
Please show tftpd configuration and output of commandiptables -L -v. Can tftp client on the server connect to server via external ip address?
– Mikhail Khirgiy
Sep 5 '16 at 5:43
Question is updated now.. @MikhailKhirgiy
– ArunMKumar
Sep 5 '16 at 8:27
add a comment |
1
Please show tftpd configuration and output of commandiptables -L -v. Can tftp client on the server connect to server via external ip address?
– Mikhail Khirgiy
Sep 5 '16 at 5:43
Question is updated now.. @MikhailKhirgiy
– ArunMKumar
Sep 5 '16 at 8:27
1
1
Please show tftpd configuration and output of command
iptables -L -v. Can tftp client on the server connect to server via external ip address?– Mikhail Khirgiy
Sep 5 '16 at 5:43
Please show tftpd configuration and output of command
iptables -L -v. Can tftp client on the server connect to server via external ip address?– Mikhail Khirgiy
Sep 5 '16 at 5:43
Question is updated now.. @MikhailKhirgiy
– ArunMKumar
Sep 5 '16 at 8:27
Question is updated now.. @MikhailKhirgiy
– ArunMKumar
Sep 5 '16 at 8:27
add a comment |
4 Answers
4
active
oldest
votes
This part of firewall configuration shows you how all packets will be dropped and then tftp packets will be allowed.
Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
. . .
3347 568K DROP all -- any any anywhere anywhere
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED
Move drop all and logs rules after tftp allow rules.
answered Sep 5 '16 at 16:15
Mikhail KhirgiyMikhail Khirgiy
1,57847
add a comment |
You should run tftpd inside inetd process, as described here, if you insist on running it as a standalone daemon, be sure to change configuration files as described here
edited Apr 13 '17 at 12:22
Community♦
1
answered Sep 5 '16 at 0:41
AnubiozAnubioz
2,634920
already tried both of them, does not work still. The server exists and works fine on a loopback network, but nothing goes out or in from the machine hosting the tftp server. Connections are established to/from remote machines no issues in it, file transfer times out.
– ArunMKumar
Sep 5 '16 at 8:30
add a comment |
When the server tries to send data to the client, the source port from the server is NOT 69...it is random high. If your client has a firewall and you punched a hole to/from UDP 69, TFTP won't work. Suggest trying again with a sniffer on the server, but look at all UDP traffic to the client, not just port 69. See the Wikipedia page for TFTP for more details on the protocol.
Also, Anubioz is giving you good advice in the other answer.
answered Sep 5 '16 at 1:10
Jeremy DoverJeremy Dover
29816
you are right, some posts suggested using atftpd for the same. but sadly all in vain. I have my firewall disabled , "ufw status" is inactive so I think that should not be a problem. and cannot fathom why would it do block tftp if it is inactive., as for the client, I tried tftp from uboot, and I think the bootloader would not put any restriction to movement of files as many people have got it working, I have taken your advice on packet sniffing. user wireshark. My server receives ARP and then TFTP requests (many of them) but nothing goes out to the client.
– ArunMKumar
Sep 5 '16 at 8:35
Hey one more thing, When I connect client to the router , then I do not receive any tftp packets, the router may be blocking them. so i connected it directly to my laptop, and marked "ipv4" method to "shared to other computers" on my laptop running ubuntu 14.04. can this be an issue?
– ArunMKumar
Sep 5 '16 at 8:37
Try putting the TFTP allow rules higher up in the INPUT chain (using -I to insert them). Looking at the stats, they are never getting hit, since they come after the deny all rules at the end.
– Jeremy Dover
Sep 5 '16 at 12:05
add a comment |
I was having the exact same issue attempting to copy a file to a Casa Systems CMTS, and I needed an entry in the Service Management Module (SMM) Access Control List. I originally had an entry allowing TFTP from my TFTP server ip address. When I ran a tcpdump and discovered the response from the server to my router on a random high UDP port, I opened up the ACL on the router to allow any IP traffic from my TFTP server and the session started working.
I know this is an old thread, but just in case someone else runs into this problem, try adding an entry into any control plane ACLs in place permitting all ip your TFTP server.
answered Apr 9 at 6:12
Joe JosephJoe Joseph
111
New contributor
Joe Joseph is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f801050%2ftftp-requests-not-being-serviced%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
This part of firewall configuration shows you how all packets will be dropped and then tftp packets will be allowed.
Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
. . .
3347 568K DROP all -- any any anywhere anywhere
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED
Move drop all and logs rules after tftp allow rules.
answered Sep 5 '16 at 16:15
Mikhail KhirgiyMikhail Khirgiy
1,57847
add a comment |
This part of firewall configuration shows you how all packets will be dropped and then tftp packets will be allowed.
Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
. . .
3347 568K DROP all -- any any anywhere anywhere
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED
Move drop all and logs rules after tftp allow rules.
answered Sep 5 '16 at 16:15
Mikhail KhirgiyMikhail Khirgiy
1,57847
add a comment |
This part of firewall configuration shows you how all packets will be dropped and then tftp packets will be allowed.
Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
. . .
3347 568K DROP all -- any any anywhere anywhere
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED
Move drop all and logs rules after tftp allow rules.
answered Sep 5 '16 at 16:15
Mikhail KhirgiyMikhail Khirgiy
1,57847
This part of firewall configuration shows you how all packets will be dropped and then tftp packets will be allowed.
Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
. . .
3347 568K DROP all -- any any anywhere anywhere
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED
Move drop all and logs rules after tftp allow rules.
answered Sep 5 '16 at 16:15
Mikhail KhirgiyMikhail Khirgiy
1,57847
answered Sep 5 '16 at 16:15
Mikhail KhirgiyMikhail Khirgiy
1,57847
answered Sep 5 '16 at 16:15
Mikhail KhirgiyMikhail Khirgiy
1,57847
answered Sep 5 '16 at 16:15
Mikhail KhirgiyMikhail Khirgiy
1,57847
1,57847
add a comment |
add a comment |
You should run tftpd inside inetd process, as described here, if you insist on running it as a standalone daemon, be sure to change configuration files as described here
edited Apr 13 '17 at 12:22
Community♦
1
answered Sep 5 '16 at 0:41
AnubiozAnubioz
2,634920
already tried both of them, does not work still. The server exists and works fine on a loopback network, but nothing goes out or in from the machine hosting the tftp server. Connections are established to/from remote machines no issues in it, file transfer times out.
– ArunMKumar
Sep 5 '16 at 8:30
add a comment |
You should run tftpd inside inetd process, as described here, if you insist on running it as a standalone daemon, be sure to change configuration files as described here
edited Apr 13 '17 at 12:22
Community♦
1
answered Sep 5 '16 at 0:41
AnubiozAnubioz
2,634920
already tried both of them, does not work still. The server exists and works fine on a loopback network, but nothing goes out or in from the machine hosting the tftp server. Connections are established to/from remote machines no issues in it, file transfer times out.
– ArunMKumar
Sep 5 '16 at 8:30
add a comment |
You should run tftpd inside inetd process, as described here, if you insist on running it as a standalone daemon, be sure to change configuration files as described here
edited Apr 13 '17 at 12:22
Community♦
1
answered Sep 5 '16 at 0:41
AnubiozAnubioz
2,634920
You should run tftpd inside inetd process, as described here, if you insist on running it as a standalone daemon, be sure to change configuration files as described here
edited Apr 13 '17 at 12:22
Community♦
1
answered Sep 5 '16 at 0:41
AnubiozAnubioz
2,634920
edited Apr 13 '17 at 12:22
Community♦
1
edited Apr 13 '17 at 12:22
Community♦
1
edited Apr 13 '17 at 12:22
Community♦
1
1
answered Sep 5 '16 at 0:41
AnubiozAnubioz
2,634920
answered Sep 5 '16 at 0:41
AnubiozAnubioz
2,634920
answered Sep 5 '16 at 0:41
AnubiozAnubioz
2,634920
2,634920
already tried both of them, does not work still. The server exists and works fine on a loopback network, but nothing goes out or in from the machine hosting the tftp server. Connections are established to/from remote machines no issues in it, file transfer times out.
– ArunMKumar
Sep 5 '16 at 8:30
add a comment |
already tried both of them, does not work still. The server exists and works fine on a loopback network, but nothing goes out or in from the machine hosting the tftp server. Connections are established to/from remote machines no issues in it, file transfer times out.
– ArunMKumar
Sep 5 '16 at 8:30
already tried both of them, does not work still. The server exists and works fine on a loopback network, but nothing goes out or in from the machine hosting the tftp server. Connections are established to/from remote machines no issues in it, file transfer times out.
– ArunMKumar
Sep 5 '16 at 8:30
already tried both of them, does not work still. The server exists and works fine on a loopback network, but nothing goes out or in from the machine hosting the tftp server. Connections are established to/from remote machines no issues in it, file transfer times out.
– ArunMKumar
Sep 5 '16 at 8:30
add a comment |
When the server tries to send data to the client, the source port from the server is NOT 69...it is random high. If your client has a firewall and you punched a hole to/from UDP 69, TFTP won't work. Suggest trying again with a sniffer on the server, but look at all UDP traffic to the client, not just port 69. See the Wikipedia page for TFTP for more details on the protocol.
Also, Anubioz is giving you good advice in the other answer.
answered Sep 5 '16 at 1:10
Jeremy DoverJeremy Dover
29816
you are right, some posts suggested using atftpd for the same. but sadly all in vain. I have my firewall disabled , "ufw status" is inactive so I think that should not be a problem. and cannot fathom why would it do block tftp if it is inactive., as for the client, I tried tftp from uboot, and I think the bootloader would not put any restriction to movement of files as many people have got it working, I have taken your advice on packet sniffing. user wireshark. My server receives ARP and then TFTP requests (many of them) but nothing goes out to the client.
– ArunMKumar
Sep 5 '16 at 8:35
Hey one more thing, When I connect client to the router , then I do not receive any tftp packets, the router may be blocking them. so i connected it directly to my laptop, and marked "ipv4" method to "shared to other computers" on my laptop running ubuntu 14.04. can this be an issue?
– ArunMKumar
Sep 5 '16 at 8:37
Try putting the TFTP allow rules higher up in the INPUT chain (using -I to insert them). Looking at the stats, they are never getting hit, since they come after the deny all rules at the end.
– Jeremy Dover
Sep 5 '16 at 12:05
add a comment |
When the server tries to send data to the client, the source port from the server is NOT 69...it is random high. If your client has a firewall and you punched a hole to/from UDP 69, TFTP won't work. Suggest trying again with a sniffer on the server, but look at all UDP traffic to the client, not just port 69. See the Wikipedia page for TFTP for more details on the protocol.
Also, Anubioz is giving you good advice in the other answer.
answered Sep 5 '16 at 1:10
Jeremy DoverJeremy Dover
29816
you are right, some posts suggested using atftpd for the same. but sadly all in vain. I have my firewall disabled , "ufw status" is inactive so I think that should not be a problem. and cannot fathom why would it do block tftp if it is inactive., as for the client, I tried tftp from uboot, and I think the bootloader would not put any restriction to movement of files as many people have got it working, I have taken your advice on packet sniffing. user wireshark. My server receives ARP and then TFTP requests (many of them) but nothing goes out to the client.
– ArunMKumar
Sep 5 '16 at 8:35
Hey one more thing, When I connect client to the router , then I do not receive any tftp packets, the router may be blocking them. so i connected it directly to my laptop, and marked "ipv4" method to "shared to other computers" on my laptop running ubuntu 14.04. can this be an issue?
– ArunMKumar
Sep 5 '16 at 8:37
Try putting the TFTP allow rules higher up in the INPUT chain (using -I to insert them). Looking at the stats, they are never getting hit, since they come after the deny all rules at the end.
– Jeremy Dover
Sep 5 '16 at 12:05
add a comment |
When the server tries to send data to the client, the source port from the server is NOT 69...it is random high. If your client has a firewall and you punched a hole to/from UDP 69, TFTP won't work. Suggest trying again with a sniffer on the server, but look at all UDP traffic to the client, not just port 69. See the Wikipedia page for TFTP for more details on the protocol.
Also, Anubioz is giving you good advice in the other answer.
answered Sep 5 '16 at 1:10
Jeremy DoverJeremy Dover
29816
When the server tries to send data to the client, the source port from the server is NOT 69...it is random high. If your client has a firewall and you punched a hole to/from UDP 69, TFTP won't work. Suggest trying again with a sniffer on the server, but look at all UDP traffic to the client, not just port 69. See the Wikipedia page for TFTP for more details on the protocol.
Also, Anubioz is giving you good advice in the other answer.
answered Sep 5 '16 at 1:10
Jeremy DoverJeremy Dover
29816
answered Sep 5 '16 at 1:10
Jeremy DoverJeremy Dover
29816
answered Sep 5 '16 at 1:10
Jeremy DoverJeremy Dover
29816
answered Sep 5 '16 at 1:10
Jeremy DoverJeremy Dover
29816
29816
you are right, some posts suggested using atftpd for the same. but sadly all in vain. I have my firewall disabled , "ufw status" is inactive so I think that should not be a problem. and cannot fathom why would it do block tftp if it is inactive., as for the client, I tried tftp from uboot, and I think the bootloader would not put any restriction to movement of files as many people have got it working, I have taken your advice on packet sniffing. user wireshark. My server receives ARP and then TFTP requests (many of them) but nothing goes out to the client.
– ArunMKumar
Sep 5 '16 at 8:35
Hey one more thing, When I connect client to the router , then I do not receive any tftp packets, the router may be blocking them. so i connected it directly to my laptop, and marked "ipv4" method to "shared to other computers" on my laptop running ubuntu 14.04. can this be an issue?
– ArunMKumar
Sep 5 '16 at 8:37
Try putting the TFTP allow rules higher up in the INPUT chain (using -I to insert them). Looking at the stats, they are never getting hit, since they come after the deny all rules at the end.
– Jeremy Dover
Sep 5 '16 at 12:05
add a comment |
you are right, some posts suggested using atftpd for the same. but sadly all in vain. I have my firewall disabled , "ufw status" is inactive so I think that should not be a problem. and cannot fathom why would it do block tftp if it is inactive., as for the client, I tried tftp from uboot, and I think the bootloader would not put any restriction to movement of files as many people have got it working, I have taken your advice on packet sniffing. user wireshark. My server receives ARP and then TFTP requests (many of them) but nothing goes out to the client.
– ArunMKumar
Sep 5 '16 at 8:35
Hey one more thing, When I connect client to the router , then I do not receive any tftp packets, the router may be blocking them. so i connected it directly to my laptop, and marked "ipv4" method to "shared to other computers" on my laptop running ubuntu 14.04. can this be an issue?
– ArunMKumar
Sep 5 '16 at 8:37
Try putting the TFTP allow rules higher up in the INPUT chain (using -I to insert them). Looking at the stats, they are never getting hit, since they come after the deny all rules at the end.
– Jeremy Dover
Sep 5 '16 at 12:05
you are right, some posts suggested using atftpd for the same. but sadly all in vain. I have my firewall disabled , "ufw status" is inactive so I think that should not be a problem. and cannot fathom why would it do block tftp if it is inactive., as for the client, I tried tftp from uboot, and I think the bootloader would not put any restriction to movement of files as many people have got it working, I have taken your advice on packet sniffing. user wireshark. My server receives ARP and then TFTP requests (many of them) but nothing goes out to the client.
– ArunMKumar
Sep 5 '16 at 8:35
you are right, some posts suggested using atftpd for the same. but sadly all in vain. I have my firewall disabled , "ufw status" is inactive so I think that should not be a problem. and cannot fathom why would it do block tftp if it is inactive., as for the client, I tried tftp from uboot, and I think the bootloader would not put any restriction to movement of files as many people have got it working, I have taken your advice on packet sniffing. user wireshark. My server receives ARP and then TFTP requests (many of them) but nothing goes out to the client.
– ArunMKumar
Sep 5 '16 at 8:35
Hey one more thing, When I connect client to the router , then I do not receive any tftp packets, the router may be blocking them. so i connected it directly to my laptop, and marked "ipv4" method to "shared to other computers" on my laptop running ubuntu 14.04. can this be an issue?
– ArunMKumar
Sep 5 '16 at 8:37
Hey one more thing, When I connect client to the router , then I do not receive any tftp packets, the router may be blocking them. so i connected it directly to my laptop, and marked "ipv4" method to "shared to other computers" on my laptop running ubuntu 14.04. can this be an issue?
– ArunMKumar
Sep 5 '16 at 8:37
Try putting the TFTP allow rules higher up in the INPUT chain (using -I to insert them). Looking at the stats, they are never getting hit, since they come after the deny all rules at the end.
– Jeremy Dover
Sep 5 '16 at 12:05
Try putting the TFTP allow rules higher up in the INPUT chain (using -I to insert them). Looking at the stats, they are never getting hit, since they come after the deny all rules at the end.
– Jeremy Dover
Sep 5 '16 at 12:05
add a comment |
I was having the exact same issue attempting to copy a file to a Casa Systems CMTS, and I needed an entry in the Service Management Module (SMM) Access Control List. I originally had an entry allowing TFTP from my TFTP server ip address. When I ran a tcpdump and discovered the response from the server to my router on a random high UDP port, I opened up the ACL on the router to allow any IP traffic from my TFTP server and the session started working.
I know this is an old thread, but just in case someone else runs into this problem, try adding an entry into any control plane ACLs in place permitting all ip your TFTP server.
answered Apr 9 at 6:12
Joe JosephJoe Joseph
111
New contributor
Joe Joseph is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I was having the exact same issue attempting to copy a file to a Casa Systems CMTS, and I needed an entry in the Service Management Module (SMM) Access Control List. I originally had an entry allowing TFTP from my TFTP server ip address. When I ran a tcpdump and discovered the response from the server to my router on a random high UDP port, I opened up the ACL on the router to allow any IP traffic from my TFTP server and the session started working.
I know this is an old thread, but just in case someone else runs into this problem, try adding an entry into any control plane ACLs in place permitting all ip your TFTP server.
answered Apr 9 at 6:12
Joe JosephJoe Joseph
111
New contributor
Joe Joseph is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I was having the exact same issue attempting to copy a file to a Casa Systems CMTS, and I needed an entry in the Service Management Module (SMM) Access Control List. I originally had an entry allowing TFTP from my TFTP server ip address. When I ran a tcpdump and discovered the response from the server to my router on a random high UDP port, I opened up the ACL on the router to allow any IP traffic from my TFTP server and the session started working.
I know this is an old thread, but just in case someone else runs into this problem, try adding an entry into any control plane ACLs in place permitting all ip your TFTP server.
answered Apr 9 at 6:12
Joe JosephJoe Joseph
111
New contributor
Joe Joseph is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I was having the exact same issue attempting to copy a file to a Casa Systems CMTS, and I needed an entry in the Service Management Module (SMM) Access Control List. I originally had an entry allowing TFTP from my TFTP server ip address. When I ran a tcpdump and discovered the response from the server to my router on a random high UDP port, I opened up the ACL on the router to allow any IP traffic from my TFTP server and the session started working.
I know this is an old thread, but just in case someone else runs into this problem, try adding an entry into any control plane ACLs in place permitting all ip your TFTP server.
answered Apr 9 at 6:12
Joe JosephJoe Joseph
111
New contributor
Joe Joseph is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered Apr 9 at 6:12
Joe JosephJoe Joseph
111
New contributor
Joe Joseph is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered Apr 9 at 6:12
Joe JosephJoe Joseph
111
answered Apr 9 at 6:12
Joe JosephJoe Joseph
111
111
New contributor
Joe Joseph is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Joe Joseph is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Joe Joseph is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f801050%2ftftp-requests-not-being-serviced%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Please show tftpd configuration and output of command
iptables -L -v. Can tftp client on the server connect to server via external ip address?– Mikhail Khirgiy
Sep 5 '16 at 5:43
Question is updated now.. @MikhailKhirgiy
– ArunMKumar
Sep 5 '16 at 8:27