TFTP Timeout Occurred while setting up PXE

Issues related to configuring your network
draconisle
Posts: 15
Joined: 2010/09/30 22:53:41

TFTP Timeout Occurred while setting up PXE

Post by draconisle » 2012/04/01 01:37:49

Hi Everyone,

I am trying to keep my router as my DHCP server to keep my power consumption down since I dont need a PXE server all the time. If I were to use CentOS 6.2 as a DHCP/PXE/TFTP server, it would have to be on all the time to provide IP Addressing for the clients so I just need PXE and TFTP on it.

I tried this setup with FreeNAS 8.0.4 as my tftp server/PXE since it was going to hold all of my images anyway but no luck with it since it times out. So I thought maybe as part of troubleshooting that I should test with another TFTP server (CentOS6.2) until I get a better understanding of how to separate the roles. I followed the directions from this site [url=http://www.r71.nl/kb/technical/300-centos-fedora-pxe-boot-server-setup]PXE Setup[/url].

I created the /tftpboot directory.

This is my /etc/xinetd.d/tftp settings:
[code]service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}[/code]

[b]TFTP Directory Permission[/b]
[code]drwxr-xr-x. 3 root root 4096 Mar 31 21:17 tftpboot[/code]

[b]TFTP Files and Subdirectory under /tftpboot Permissions[/b]
[code][root@CentOS02 tftpboot]# ls -l
total 176
-rw-r--r--. 1 root root 20192 Mar 31 21:16 chain.c32
-rw-r--r--. 1 root root 35420 Mar 31 21:16 mboot.c32
-rw-r--r--. 1 root root 25244 Mar 31 21:16 memdisk
-rw-r--r--. 1 root root 60928 Mar 31 21:16 menu.c32
-rw-r--r--. 1 root root 26828 Mar 31 21:16 pxelinux.0
drwxr-xr-x. 2 root root 4096 Mar 31 21:17 pxelinux.cfg[/code]

To test if I was able to get files from the server, I have the tftp.exe client in Windows 7. I tried the following with the result as shown.
[code]C:\Users\Administrator\Downloads>tftp.exe 10.100.102.250 get chain.c32
Timeout occurred
Connect request failed[/code]

Does anyone know what I am doing incorrectly? The last step I performed from the site I mentioned was [b]* Copy needed files from syslinux to the tftpboot directory[/b]. I am a linux beginner so please be gentle:-D


Mark

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: TFTP Timeout Occurred while setting up PXE

Post by TrevorH » 2012/04/01 02:01:02

Please post the output from `iptables-save` run as root.

draconisle
Posts: 15
Joined: 2010/09/30 22:53:41

Re: TFTP Timeout Occurred while setting up PXE

Post by draconisle » 2012/04/01 03:36:12

Hi TrevorH,

Here you go sir
[code][root@CentOS02 ~]# iptables-save
# Generated by iptables-save v1.4.7 on Sun Apr 1 07:33:27 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [74:9873]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sun Apr 1 07:33:27 2012[/code]

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: TFTP Timeout Occurred while setting up PXE

Post by TrevorH » 2012/04/01 12:19:17

You have no rule in that list to allow the tftp traffic on port 69 through your firewall. You need to add one - best to base it off the existing one for port 22 traffic that you already have and amend it to look for udp vs tcp and port 69 vs 22.

draconisle
Posts: 15
Joined: 2010/09/30 22:53:41

Re: TFTP Timeout Occurred while setting up PXE

Post by draconisle » 2012/04/01 16:12:16

I wasnt sure what command it was to perform the firewall modification and seeing that I have the GUI, I went by it that way. However, it looks like thats not the preferred method since it gave me a warning that custom firewall settings would be overwritten if I used the GUI to modify settings. Anyway, that wasnt a problem for now since I had no custom settings and there was actually an option for the tftp server listed.

iptables-save Result
[code][root@CentOS02 ~]# iptables-save
# Generated by iptables-save v1.4.7 on Sun Apr 1 19:25:27 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [43:5860]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 69 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sun Apr 1 19:25:27 2012[/code]

However, when I try to get a file, I am now getting [b]Permission denied[/b].
[code]C:\Users\Administrator\Downloads>tftp 10.100.102.251 get menu.c32
Error on server : Permission denied
Connect request failed[/code]

I created a new file with full permissions with the same result.
[code][root@CentOS02 tftpboot]# chmod 777 testfile
[root@CentOS02 tftpboot]# ls -l
total 180
-rw-r--r--. 1 root root 20192 Mar 31 21:16 chain.c32
-rw-r--r--. 1 root root 35420 Mar 31 21:16 mboot.c32
-rw-r--r--. 1 root root 25244 Mar 31 21:16 memdisk
-rw-r--r--. 1 root root 60928 Mar 31 21:16 menu.c32
-rw-r--r--. 1 root root 26828 Mar 31 21:16 pxelinux.0
drwxr-xr-x. 2 root root 4096 Mar 31 21:17 pxelinux.cfg
-rwxrwxrwx. 1 root root 10 Apr 1 11:47 testfile[/code]

[code]C:\Users\Administrator\Downloads>tftp 10.100.102.251 get testfile
Error on server : Permission denied
Connect request failed[/code]

I restarted the xinetd service with the same result.

I gave the /tftpboot directory full permissions with the same result.
[code]drwxrwxrwx. 4 root root 4096 Apr 1 11:57 tftpboot[/code]

I tried modifying the tftp settings again according to this [url=https://www.centos.org/modules/newbb/viewtopic.php?topic_id=30136&forum=41]post[/url] (with a xinetd service restart) with no success.
[code]server_args = -c -s /tftpboot -vvv[/code]


Do you know what else I can try? There were no steps that required to modify permissions in that site I mentioned and even in the
[url=http://wiki.centos.org/HowTos/PXE/PXE_Setup]HowTos PXE Setup[/url].


Mark

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

TFTP Timeout Occurred while setting up PXE

Post by pschaff » 2012/04/01 18:04:19

[quote]
draconisle wrote:
...
Do you know what else I can try? There were no steps that required to modify permissions in that site I mentioned and even in the
[url=http://wiki.centos.org/HowTos/PXE/PXE_Setup]HowTos PXE Setup[/url].[/quote]
A HowTo cannot start from zero and cover every potential pitfall. A certain basic level of knowledge is generally assumed. What are the permissions on the [b]tftpboot[/b] directory, and is SELinux Enforcing?

draconisle
Posts: 15
Joined: 2010/09/30 22:53:41

Re: TFTP Timeout Occurred while setting up PXE

Post by draconisle » 2012/04/01 18:40:23

The directory [b]/tftpboot[/b] and the file [b]testfile[/b] were both with 777 Full Permissions but I still experienced a [b]Permission denied[/b] from my Windows 7 tftp client.

[quote]...is SELinux Enforcing?[/quote]

I'm sorry but I dont understand the last part. Can you rephrase? I am pretty new to Linux.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: TFTP Timeout Occurred while setting up PXE

Post by TrevorH » 2012/04/01 19:46:37

Run and post the output from the `sestatus` command.

draconisle
Posts: 15
Joined: 2010/09/30 22:53:41

Re: TFTP Timeout Occurred while setting up PXE

Post by draconisle » 2012/04/01 20:18:40

[b]sestatus Result[/b]
[code][root@CentOS02 ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted[/code]

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: TFTP Timeout Occurred while setting up PXE

Post by TrevorH » 2012/04/01 20:28:01

If you run the command `ls -laZ /tftpboot` then it will show you the current selinux contexts of the files there. They should have a context that is system_u:object_r:tftpdir_t:s0 and if they do not then running

[code]
restorecon -r /tftpboot
[/code]

should fix it. If putting new files there, always use cp to copy them from wherever they currently reside and do not use mv. If you use mv then it brings the file over and preserves all its permissions including the selinux context that it had in its original location - so for /tmp files for example, it brings across the selinux context that tmp files should have and the tftp daemon is not allowed to access those (it should only be allowed to access the specific files it's intended to access and no others). If you use cp then the new file is created with the default selinux context for the location it's being created in and in /tftpboot the daemon will be allowed to access them.

Post Reply