Here are some quick notes on setting up a TFTP server on Fedora 23. This is used, for example, to send Linux kernel images and other binaries to a bootloader on an embedded system.
First, install the packages:
sudo dnf install -y tftp tftp-server
The tftp
itself will allow you to test your configuration by attempting a file transfer. The default directory for TFTP transfers is /var/lib/tftpboot
.
The TFTP server works through xinetd so you will need to add a rule that says in.tftpd: ALL
to /etc/hosts.allow
:
sudo su -c "echo 'in.tftpd: ALL' >> /etc/hosts.allow"
Enable and start the TFTP server:
sudo systemctl enable tftp
sudo systemctl start tftp
sudo systemctl daemon-reload
Tell the firewall to allow TFTP traffic:
sudo firewall-cmd --permanent --add-service tftp
sudo firewall-cmd --reload
You should now be able to transfer files via TFTP.
Very useful, but doesn't work anymore in this way on Fedora 28. It seems to me that firewall-cmd isn't aware of a change in Netfilter policies since one of the more recent kernel revisions.
firewall-cmd --add-service tftp
results in this kernel message:nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
When trying to connect, the tftp client then gets an ICMP message "port unreachable".
I also tried
firewall-cmd --set-automatic-helpers=yes
with little change (the ICMP message becomes "admin prohibited").I guess for now I have to use ipfilter to tweak the rules.