Skip to content

Instantly share code, notes, and snippets.

Created February 24, 2017 21:37
What would you like to do?
TFTP server on Fedora


TFTP server on Fedora

Here are some quick notes on setting up a TFTP server on Fedora 23. This is used, for example, to send Linux kernel images and other binaries to a bootloader on an embedded system.

First, install the packages:

sudo dnf install -y tftp tftp-server

The tftp itself will allow you to test your configuration by attempting a file transfer. The default directory for TFTP transfers is /var/lib/tftpboot.

The TFTP server works through xinetd so you will need to add a rule that says in.tftpd: ALL to /etc/hosts.allow:

sudo su -c "echo 'in.tftpd: ALL' >> /etc/hosts.allow"

Enable and start the TFTP server:

sudo systemctl enable tftp
sudo systemctl start tftp
sudo systemctl daemon-reload

Tell the firewall to allow TFTP traffic:

sudo firewall-cmd --permanent --add-service tftp
sudo firewall-cmd --reload

You should now be able to transfer files via TFTP.

Copy link

berndbausch commented Jun 20, 2018

Very useful, but doesn't work anymore in this way on Fedora 28. It seems to me that firewall-cmd isn't aware of a change in Netfilter policies since one of the more recent kernel revisions.

firewall-cmd --add-service tftp results in this kernel message:

nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.

When trying to connect, the tftp client then gets an ICMP message "port unreachable".

I also tried firewall-cmd --set-automatic-helpers=yes with little change (the ICMP message becomes "admin prohibited").

I guess for now I have to use ipfilter to tweak the rules.

Copy link

firewall-cmd --add-service tftp --permanent is incorrect syntax. It should be firewall-cmd --add-service=tftp --permanent. They missed the = sign.

This has been the syntax since at least F24 (when I started using Fedora).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment