Skip to content

Instantly share code, notes, and snippets.

@shamil
Created February 24, 2017 21:37
Embed
What would you like to do?
TFTP server on Fedora

Source

TFTP server on Fedora

Here are some quick notes on setting up a TFTP server on Fedora 23. This is used, for example, to send Linux kernel images and other binaries to a bootloader on an embedded system.

First, install the packages:

sudo dnf install -y tftp tftp-server

The tftp itself will allow you to test your configuration by attempting a file transfer. The default directory for TFTP transfers is /var/lib/tftpboot.

The TFTP server works through xinetd so you will need to add a rule that says in.tftpd: ALL to /etc/hosts.allow:

sudo su -c "echo 'in.tftpd: ALL' >> /etc/hosts.allow"

Enable and start the TFTP server:

sudo systemctl enable tftp
sudo systemctl start tftp
sudo systemctl daemon-reload

Tell the firewall to allow TFTP traffic:

sudo firewall-cmd --permanent --add-service tftp
sudo firewall-cmd --reload

You should now be able to transfer files via TFTP.

@berndbausch
Copy link

berndbausch commented Jun 20, 2018

Very useful, but doesn't work anymore in this way on Fedora 28. It seems to me that firewall-cmd isn't aware of a change in Netfilter policies since one of the more recent kernel revisions.

firewall-cmd --add-service tftp results in this kernel message:

nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.

When trying to connect, the tftp client then gets an ICMP message "port unreachable".

I also tried firewall-cmd --set-automatic-helpers=yes with little change (the ICMP message becomes "admin prohibited").

I guess for now I have to use ipfilter to tweak the rules.

@zetaomegagon
Copy link

firewall-cmd --add-service tftp --permanent is incorrect syntax. It should be firewall-cmd --add-service=tftp --permanent. They missed the = sign.

This has been the syntax since at least F24 (when I started using Fedora).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment