服务器 Gind.cn
  1. 服务器 Gind.cn
  3. TFTP请求没有被服务
Intereting Posts
Windows / Linux服务器之间的安全VPN指导? 系统时钟倒退112秒 MySQL服务器错误:无法创build新线程(错误11) 从日志中提取 Slurm不按date筛选sacct结果 用Wireshark嗅探Vmware vmnet1networking Jenkins项目设置中的环境variables如何? Web应用程序防火墙:替代mod_security gnome-terminal – 我没有名字 如何设置外部文件的到期date? .htaccess身份validation内部服务器错误500 神秘的login尝试到Windows服务器 Fail2Ban可以识别失败login到locking的帐户吗? CentOS多次扩展家庭分区 在userdir中使用nginx运行Moodle(斜杠参数)

TFTP请求没有被服务

这可能看起来像一个重复的问题,但我做了我的search份额,但找不到任何解决scheme。

我创build了一个tftp服务器,当从本地的tftp客户端访问这个服务器时,通过一个环回获取并放置文件就好了。 当我尝试通过外部客户端访问服务器时,请求超时。 连接build立。 我可以看到连接在tftp客户端连接,没有问题。 文件传输不启动。

客户端通过以太网电缆直接连接到主机,我创build了一个2设备局域网。 ping之间的工作。

我最初以为这是一个防火墙问题,现在我已经禁用了防火墙,允许在iptables中configuration的端口69上的INPUT和OUTPUT。 在端口69上也允许udp

我也没有运行tftpd-hpa服务器的多个实例,它作为一个守护进程运行,而netstat -aup只有一个tftp服务器在运行。

客户正在给予适当的要求,我可以在wireshark看到他们,但没有响应。

而失败总是一个TIMEOUT。 

**firewall disabled** **ports allow connection ** **file transfer fails** ** outgoing tftp request as a client to other tftp servers is alos blocked **

UPDATE2:

由于这台笔记本电脑是由我的雇主发布的,我对防火墙的事情并不确定,我怀疑他们不会允许防火墙被禁用。 读取/ var / log / syslog没有提供任何提示,所以试着看看内核打印有没有任何kmodules做任何事情,我看到这些。 

 [10989.915231] FIREWALL: IN=eth1 OUT= MAC=50:7b:9d:f9:44:5d:68:9e:19:99:9e:e4:08:00 SRC=10.42.0.89 DST=10.42.0.1 LEN=65 TOS=0x00 PREC=0x00 TTL=255 ID=117 DF PROTO=UDP SPT=2495 DPT=69 LEN=45

SRCDESTTDPTPROTO MAC地址都匹配我的tftp客户端。

我真的不知道,这里发生了什么,所以如果任何人都可以给我提示,寻找一些日志或其他东西,这将是非常有帮助的。

在此之后,我安装了gufw来pipe理防火墙,并允许所有传入和传出stream量。 我仍然超时,这就是我现在在syslog上看到的。 

 Sep 5 16:16:01 arun-TP kernel: [13836.201853] [UFW AUDIT] IN= OUT=eth1 SRC=10.42.0.1 DST=10.42.0.255 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=12630 DF PROTO=UDP SPT=17500 DPT=17500 LEN=164 Sep 5 16:16:01 arun-TP kernel: [13836.201870] [UFW ALLOW] IN= OUT=eth1 SRC=10.42.0.1 DST=10.42.0.255 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=12630 DF PROTO=UDP SPT=17500 DPT=17500 LEN=164

这次DST没有意义,客户是10.42.0.89而不是10.42.0.255

UPDATE1:

在/ etc /默认/ TFTPD-HPA 

 TFTP_USERNAME="tftp" TFTP_DIRECTORY="/tftpboot" TFTP_ADDRESS="0.0.0.0:69" TFTP_OPTIONS="--secure --create -s" RUN_DAEMON="YES"

ls -lrt / 

 drwxr-xr-x 2 tftp nogroup 4096 Sep 5 03:30 tftpboot

netstat -aup 

 Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 *:mdns *:* 739/avahi-daemon: r udp 0 0 *:50694 *:* 2514/rpc.mountd udp 0 0 *:55107 *:* 2514/rpc.mountd udp 0 0 *:nfs *:* - udp 0 0 *:3471 *:* 8567/dhclient udp 0 0 *:56776 *:* 739/avahi-daemon: r udp 0 0 10.42.0.1:domain *:* 5403/dnsmasq udp 0 0 127.0.1.1:domain *:* 3025/dnsmasq udp 0 0 *:bootps *:* 5403/dnsmasq udp 0 0 *:bootpc *:* 8567/dhclient udp 0 0 *:tftp *:* 4316/in.tftpd udp 0 0 *:sunrpc *:* 966/rpcbind udp 0 0 *:ipp *:* 1476/cups-browsed udp 0 0 *:707 *:* 966/rpcbind udp 0 0 *:33526 *:* 2514/rpc.mountd udp 0 0 *:49935 *:* - udp 0 0 localhost:796 *:* 1044/rpc.statd udp 0 0 *:54194 *:* 1044/rpc.statd udp 0 0 *:17500 *:* 3785/dropbox udp6 0 0 [::]:mdns [::]:* 739/avahi-daemon: r udp6 0 0 [::]:42779 [::]:* - udp6 0 0 [::]:59279 [::]:* 1044/rpc.statd udp6 0 0 [::]:nfs [::]:* - udp6 0 0 [::]:60007 [::]:* 2514/rpc.mountd udp6 0 0 [::]:52311 [::]:* 2254/BESClient udp6 0 0 [::]:11656 [::]:* 8567/dhclient udp6 0 0 [::]:sunrpc [::]:* 966/rpcbind udp6 0 0 [::]:45289 [::]:* 739/avahi-daemon: r udp6 0 0 [::]:57589 [::]:* 2514/rpc.mountd udp6 0 0 [::]:707 [::]:* 966/rpcbind udp6 0 0 [::]:37709 [::]:* 2514/rpc.mountd

/etc/xinetd.d/中没有tftpconfiguration文件

防火墙被禁用。 ufw status = inactive

iptables -L -v 

 Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2 656 ACCEPT udp -- eth1 any anywhere anywhere udp dpt:bootps 0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:bootps 0 0 ACCEPT udp -- eth1 any anywhere anywhere udp dpt:domain 0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:domain 36569 3800K ACCEPT all -- lo any anywhere anywhere 30392 20M ACCEPT tcp -- any any anywhere anywhere state RELATED,ESTABLISHED 2704 679K ACCEPT udp -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 ACCEPT 254 -- ipsec+ any anywhere anywhere 0 0 ACCEPT esp -- any any anywhere anywhere 0 0 ACCEPT ah -- any any anywhere anywhere 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:isakmp 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:cfengine 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5900 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5901 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:12080 0 0 REJECT tcp -- any any anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5656 0 0 ACCEPT udp -- any any anywhere anywhere udp dpts:5004:5005 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:5004:5005 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:20830 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:20830 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:sip:5062 0 0 ACCEPT udp -- any any anywhere anywhere udp dpts:sip:5062 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:21100 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:2001 0 0 ACCEPT gre -- any any anywhere anywhere 0 0 ACCEPT icmp -- any any anywhere anywhere icmp destination-unreachable 0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench 689 56460 ACCEPT icmp -- any any anywhere anywhere icmp time-exceeded 0 0 ACCEPT icmp -- any any anywhere anywhere icmp parameter-problem 0 0 ACCEPT icmp -- any any anywhere anywhere icmp router-advertisement 0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request 13 832 ACCEPT icmp -- any any anywhere anywhere icmp echo-reply 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:tproxy 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:1533 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:30000:30005 0 0 DROP tcp -- any any anywhere anywhere tcp dpts:bootps:bootpc 6 1968 DROP udp -- any any anywhere anywhere udp dpts:bootps:bootpc 0 0 DROP tcp -- any any anywhere anywhere tcp dpt:netbios-ns 0 0 DROP udp -- any any anywhere anywhere udp dpt:netbios-ns 0 0 DROP tcp -- any any anywhere anywhere tcp dpt:netbios-dgm 0 0 DROP udp -- any any anywhere anywhere udp dpt:netbios-dgm 0 0 DROP tcp -- any any anywhere anywhere tcp dpt:netbios-ssn 0 0 DROP udp -- any any anywhere anywhere udp dpt:netbios-ssn 0 0 DROP tcp -- any any anywhere anywhere tcp dpts:tcpmux:ftp-data 0 0 DROP tcp -- any any anywhere anywhere tcp dpt:sunrpc 0 0 DROP tcp -- any any anywhere anywhere tcp dpts:snmp:snmp-trap 0 0 DROP tcp -- any any anywhere anywhere tcp dpt:520 0 0 DROP tcp -- any any anywhere anywhere tcp dpts:6348:6349 0 0 DROP tcp -- any any anywhere anywhere tcp dpts:6345:gnutella-rtr 75 3256 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level debug prefix "FIREWALL: " 1459 263K LOG udp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level debug prefix "FIREWALL: " 3347 568K DROP all -- any any anywhere anywhere 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- any eth1 anywhere 10.42.0.0/24 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth1 any 10.42.0.0/24 anywhere 0 0 ACCEPT all -- eth1 eth1 anywhere anywhere 0 0 REJECT all -- any eth1 anywhere anywhere reject-with icmp-port-unreachable 0 0 REJECT all -- eth1 any anywhere anywhere reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT 68593 packets, 6962K bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED 1 45 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED

作为客户端的传出tftp请求也被阻止。 我的IP是192,168.0.5尝试连接到192.168.0.2 

 tftp 192.168.0.2 tftp> verbose on Verbose mode on. tftp> status Connected to 192.168.0.2. Mode: netascii Verbose: on Tracing: off Literal: off Rexmt-interval: 5 seconds, Max-timeout: 25 seconds tftp> put hello putting hello to 192.168.0.2:hello [netascii] Transfer timed out.

我的路由器有什么问题吗? 是否有任何需要照顾的设置,但即使使用以太网电缆将客户端直接连接到服务器,也存在此问题。 我厌倦了一个BeagleBone黑色,MAcbook和我的Android手机作为tftp客户端提出请求到服务器。

客户端:10.42.0.89(BeagleBlack,在u-boot)服务器:10.42.0.1

我使用wireshark来嗅探以太网数据包。

ARP: 

 32 927.886269000 10.42.0.89 Broadcast ARP 60 Who has 10.42.0.1? Tell 10.42.0.89 33 927.886320000 50:7b:9d:f9:44:5d 10.42.0.89 ARP 42 10.42.0.1 is at 50:7b:9d:f9:44:5d

在此之后,我看到只有这个从客户端发起,没有任何东西出去。 

 36 932.887008000 10.42.0.89 10.42.0.1 TFTP 79 Read Request, File: hello, Transfer type: octet, timeout\000=5\000, blksize\000=1468\000

这部分防火墙configuration显示了所有数据包将被丢弃,然后tftp数据包将被允许。 

 Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination . . . 3347 568K DROP all -- any any anywhere anywhere 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED

在tftp允许规则之后移动全部并且logging规则。

您应该在inetd进程中运行tftpd,如此处所述 ,如果您坚持将其作为独立守护程序运行,请务必按照此处所述更改configuration文件

当服务器尝试向客户端发送数据时,服务器的源端口不是69 …它是随机高的。 如果你的客户端有一个防火墙,并且你在UDP 69上打了一个洞,TFTP将不起作用。 build议再次尝试使用服务器上的嗅探器,但要查看所有到客户端的UDPstream量,而不仅仅是端口69.有关协议的更多详细信息,请参阅Wikipedia页面的TFTP。

另外,Anubioz在另一个答案中给你很好的build议。