服务器 Gind.cn
  1. 服务器 Gind.cn
  3. TFTP工作本地主机,但不是全局的
Intereting Posts
SAN(Dell MD3200)pipe理端口应该与故障转移群集专用子网/ VLAN位于同一个子网/ VLAN上吗? 如何在Elastic Beanstalk AWS上修改NGINX路由? (SO x-post) 是否存在用于USB的Windows 7更新包? 将重新启动活动群集节点上的“群集服务”会导致任何中断? Exchange Server 2007 SMTP授权 没有列表政策与后缀(Ubuntu的) 远程Windows Web Server 2008 R2的pipe理员密码丢失了,有什么build议? 如何在不从SQL Server中删除程序集的情况下更新CLR程序集 如果还指定了maillist,则不能使用Puppet安装邮递员 在一个大公司(@ example.com)内设置另一个电子邮件服务器(@ demo.local) 如何使EC2实例报告自定义主机名 apache2 mod_proxy / w多个反向代理 Windows Server 2008与Windows 98客户login问题 SQl服务器2008权限和encryption 如何使用serverspectesting文件缺失?

TFTP工作本地主机,但不是全局的

我在Centos 7.4上有一个TFTP服务器。 TFTP服务器启动并运行,并尝试访问文件,连接本地主机上运行良好。 但是,如果我尝试从另一台服务器访问TFTP服务器,我会得到一个时间。

防火墙configuration正确,端口可以访问。

cat /etc/xinetd.d/tftp 

service tftp { socket_type = dgram protocol = udp port = 69 wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /tftpboot disable = no per_source = 11 cps = 100 2 flags = IPv4 }

cat /etc/xinetd.conf 

 defaults { log_type = SYSLOG daemon info log_on_failure = HOST log_on_success = PID HOST DURATION EXIT cps = 50 10 instances = 50 per_source = 10 v6only = no groups = yes umask = 002 } includedir /etc/xinetd.d

从同一台机器使用本地主机的TFTP访问: 

 [root@tftp-001 ~]# tftp -v localhost -c get dir.txt Connected to localhost (::1), port 69 getting from localhost:dir.txt to dir.txt [netascii] Received 11 bytes in 0.0 seconds [3093 bit/s]

TFTP使用另一台计算机访问: 

 [root@pbx-001 ~]# tftp -v 51.15.xxx.yy -c get dir.txt Connected to 51.15.xxx.yy (51.15.xxx.yy), port 69 getting from 51.15.xxx.yy:dir.txt to dir.txt [netascii] Transfer timed out.

tail -F / var / log / messages将在从本地主机访问时显示以下行,但从另一台计算机访问时不显示。 

 Oct 21 09:44:55 pbx-001 in.tftpd[11986]: Client ::1 finished dir.txt

我试图从另一台机器运行端口扫描,似乎该端口是可访问和打开的: 

 [root@pbx-001 ~]# nmap -sU -p 69 51.15.XXX.YY Starting Nmap 6.40 ( http://nmap.org ) at 2017-10-21 09:47 UTC Nmap scan report for ZZZZZZZZZZZZZZZZZZZZZZZZ (51.15.XXX.YY) Host is up (0.00068s latency). PORT STATE SERVICE 69/udp open|filtered tftp Nmap done: 1 IP address (1 host up) scanned in 0.55 seconds

我也试图closuresfirewalld,但我仍然有这个问题。

我需要networking以外的任何计算机都可以访问TFTP服务器,以便在不同的国家和办事处设置几百个CISCO电话。

我可以连接到SSH,HTTP等机器上,这不是一个问题,这实际上只是一个TFTP问题。

编辑1: iptables -L -n -v的输出是:[root @ tftp-001〜]#iptables -L -n -v 

 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 13425 5433K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 249 14891 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 351 19544 INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0 351 19544 INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0 351 19544 INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0 3 117 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 221 12353 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_direct all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_IN_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_IN_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_OUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_OUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT 14168 packets, 1284K bytes) pkts bytes target prot opt in out source destination 14168 1284K OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD_IN_ZONES (1 references) pkts bytes target prot opt in out source destination 0 0 FWDI_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto] Chain FORWARD_IN_ZONES_SOURCE (1 references) pkts bytes target prot opt in out source destination Chain FORWARD_OUT_ZONES (1 references) pkts bytes target prot opt in out source destination 0 0 FWDO_public all -- * + 0.0.0.0/0 0.0.0.0/0 [goto] Chain FORWARD_OUT_ZONES_SOURCE (1 references) pkts bytes target prot opt in out source destination Chain FORWARD_direct (1 references) pkts bytes target prot opt in out source destination Chain FWDI_public (1 references) pkts bytes target prot opt in out source destination 0 0 FWDI_public_log all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FWDI_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FWDI_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 Chain FWDI_public_allow (1 references) pkts bytes target prot opt in out source destination Chain FWDI_public_deny (1 references) pkts bytes target prot opt in out source destination Chain FWDI_public_log (1 references) pkts bytes target prot opt in out source destination Chain FWDO_public (1 references) pkts bytes target prot opt in out source destination 0 0 FWDO_public_log all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FWDO_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FWDO_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FWDO_public_allow (1 references) pkts bytes target prot opt in out source destination Chain FWDO_public_deny (1 references) pkts bytes target prot opt in out source destination Chain FWDO_public_log (1 references) pkts bytes target prot opt in out source destination Chain INPUT_ZONES (1 references) pkts bytes target prot opt in out source destination 351 19544 IN_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto] Chain INPUT_ZONES_SOURCE (1 references) pkts bytes target prot opt in out source destination Chain INPUT_direct (1 references) pkts bytes target prot opt in out source destination Chain IN_public (1 references) pkts bytes target prot opt in out source destination 351 19544 IN_public_log all -- * * 0.0.0.0/0 0.0.0.0/0 351 19544 IN_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0 351 19544 IN_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0 48 2953 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 Chain IN_public_allow (1 references) pkts bytes target prot opt in out source destination 77 4004 ACCEPT tcp -- * * [MY_HOME_IP] 0.0.0.0/0 tcp dpt:80 ctstate NEW 2 117 ACCEPT tcp -- * * [MY_HOME_IP] 0.0.0.0/0 tcp dpt:22 ctstate NEW 0 0 ACCEPT udp -- * * [MY_HOME_IP] 0.0.0.0/0 udp dpt:69 ctstate NEW Chain IN_public_deny (1 references) pkts bytes target prot opt in out source destination Chain IN_public_log (1 references) pkts bytes target prot opt in out source destination Chain OUTPUT_direct (1 references) pkts bytes target prot opt in out source destination [root@tftp-001 ~]#

*编辑2 *我使用“firewall-cmd”作为GUI,这是firewall-cmd的输出–zone = public –list-all

 [root@tftp-001 ~]# firewall-cmd --zone=public --list-all public target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="[MY_HOME_IP]" port port="80" protocol="tcp" accept rule family="ipv4" source address="[MY_HOME_IP]" port port="22" protocol="tcp" accept rule family="ipv4" source address="[MY_HOME_IP]" port port="69" protocol="udp" accept

目前,您的防火墙规则允许从服务器本身(环回,通过INPUT规则2)和从79.137.39.26 (通过IN_public_allow规则3)的TFTP(UDP端口69)连接。 你不给出你所尝试的客户端的IP地址,但是其他 IP地址只有40亿分之一的可能性,那就是IP(并且根据这个规则给出的数据包为零,甚至可能小于这个数字) )。

尝试添加一个规则来允许所有的 TFTPstream量,如 

 iptables -I INPUT 1 -p udp --dport 69 -j ACCEPT

看看是否有帮助

目录和文件的所有权和权限是什么?

尝试在目录上使用“chmod 777”来查看是否有权限问题。