TFTP Timeout Occurred while setting up PXE

Issues related to configuring your network

TFTP Timeout Occurred while setting up PXE

Postby draconisle » 2012/04/01 01:37:49

Hi Everyone,

I am trying to keep my router as my DHCP server to keep my power consumption down since I dont need a PXE server all the time. If I were to use CentOS 6.2 as a DHCP/PXE/TFTP server, it would have to be on all the time to provide IP Addressing for the clients so I just need PXE and TFTP on it.

I tried this setup with FreeNAS 8.0.4 as my tftp server/PXE since it was going to hold all of my images anyway but no luck with it since it times out. So I thought maybe as part of troubleshooting that I should test with another TFTP server (CentOS6.2) until I get a better understanding of how to separate the roles. I followed the directions from this site PXE Setup.

I created the /tftpboot directory.

This is my /etc/xinetd.d/tftp settings:
Code: Select all
service tftp
{
     socket_type = dgram
     protocol = udp
     wait = yes
     user = root
     server = /usr/sbin/in.tftpd
     server_args = -s /tftpboot
     disable = no
     per_source = 11
     cps = 100 2
     flags = IPv4
}


TFTP Directory Permission
Code: Select all
drwxr-xr-x.   3 root root  4096 Mar 31 21:17 tftpboot


TFTP Files and Subdirectory under /tftpboot Permissions
Code: Select all
[root@CentOS02 tftpboot]# ls -l
total 176
-rw-r--r--. 1 root root 20192 Mar 31 21:16 chain.c32
-rw-r--r--. 1 root root 35420 Mar 31 21:16 mboot.c32
-rw-r--r--. 1 root root 25244 Mar 31 21:16 memdisk
-rw-r--r--. 1 root root 60928 Mar 31 21:16 menu.c32
-rw-r--r--. 1 root root 26828 Mar 31 21:16 pxelinux.0
drwxr-xr-x. 2 root root  4096 Mar 31 21:17 pxelinux.cfg


To test if I was able to get files from the server, I have the tftp.exe client in Windows 7. I tried the following with the result as shown.
Code: Select all
C:\Users\Administrator\Downloads>tftp.exe 10.100.102.250 get chain.c32
Timeout occurred
 Connect request failed


Does anyone know what I am doing incorrectly? The last step I performed from the site I mentioned was * Copy needed files from syslinux to the tftpboot directory. I am a linux beginner so please be gentle:-D


Mark
draconisle
 
Posts: 15
Joined: 2010/09/30 22:53:41

Re: TFTP Timeout Occurred while setting up PXE

Postby TrevorH » 2012/04/01 02:01:02

Please post the output from `iptables-save` run as root.
User avatar
TrevorH
Forum Moderator
 
Posts: 9144
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: TFTP Timeout Occurred while setting up PXE

Postby draconisle » 2012/04/01 03:36:12

Hi TrevorH,

Here you go sir
Code: Select all
[root@CentOS02 ~]# iptables-save
# Generated by iptables-save v1.4.7 on Sun Apr  1 07:33:27 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [74:9873]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sun Apr  1 07:33:27 2012
draconisle
 
Posts: 15
Joined: 2010/09/30 22:53:41

Re: TFTP Timeout Occurred while setting up PXE

Postby TrevorH » 2012/04/01 12:19:17

You have no rule in that list to allow the tftp traffic on port 69 through your firewall. You need to add one - best to base it off the existing one for port 22 traffic that you already have and amend it to look for udp vs tcp and port 69 vs 22.
User avatar
TrevorH
Forum Moderator
 
Posts: 9144
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: TFTP Timeout Occurred while setting up PXE

Postby draconisle » 2012/04/01 16:12:16

I wasnt sure what command it was to perform the firewall modification and seeing that I have the GUI, I went by it that way. However, it looks like thats not the preferred method since it gave me a warning that custom firewall settings would be overwritten if I used the GUI to modify settings. Anyway, that wasnt a problem for now since I had no custom settings and there was actually an option for the tftp server listed.

iptables-save Result
Code: Select all
[root@CentOS02 ~]# iptables-save
# Generated by iptables-save v1.4.7 on Sun Apr  1 19:25:27 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [43:5860]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 69 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sun Apr  1 19:25:27 2012


However, when I try to get a file, I am now getting Permission denied.
Code: Select all
C:\Users\Administrator\Downloads>tftp 10.100.102.251 get menu.c32
Error on server : Permission denied
 Connect request failed


I created a new file with full permissions with the same result.
Code: Select all
[root@CentOS02 tftpboot]# chmod 777 testfile
[root@CentOS02 tftpboot]# ls -l
total 180
-rw-r--r--. 1 root root 20192 Mar 31 21:16 chain.c32
-rw-r--r--. 1 root root 35420 Mar 31 21:16 mboot.c32
-rw-r--r--. 1 root root 25244 Mar 31 21:16 memdisk
-rw-r--r--. 1 root root 60928 Mar 31 21:16 menu.c32
-rw-r--r--. 1 root root 26828 Mar 31 21:16 pxelinux.0
drwxr-xr-x. 2 root root  4096 Mar 31 21:17 pxelinux.cfg
-rwxrwxrwx. 1 root root    10 Apr  1 11:47 testfile


Code: Select all
C:\Users\Administrator\Downloads>tftp 10.100.102.251 get testfile
Error on server : Permission denied
 Connect request failed


I restarted the xinetd service with the same result.

I gave the /tftpboot directory full permissions with the same result.
Code: Select all
drwxrwxrwx.   4 root root  4096 Apr  1 11:57 tftpboot


I tried modifying the tftp settings again according to this post (with a xinetd service restart) with no success.
Code: Select all
server_args = -c -s /tftpboot -vvv



Do you know what else I can try? There were no steps that required to modify permissions in that site I mentioned and even in the
HowTos PXE Setup.


Mark
draconisle
 
Posts: 15
Joined: 2010/09/30 22:53:41

TFTP Timeout Occurred while setting up PXE

Postby pschaff » 2012/04/01 18:04:19

draconisle wrote:
...
Do you know what else I can try? There were no steps that required to modify permissions in that site I mentioned and even in the
HowTos PXE Setup.

A HowTo cannot start from zero and cover every potential pitfall. A certain basic level of knowledge is generally assumed. What are the permissions on the tftpboot directory, and is SELinux Enforcing?
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: TFTP Timeout Occurred while setting up PXE

Postby draconisle » 2012/04/01 18:40:23

The directory /tftpboot and the file testfile were both with 777 Full Permissions but I still experienced a Permission denied from my Windows 7 tftp client.

...is SELinux Enforcing?


I'm sorry but I dont understand the last part. Can you rephrase? I am pretty new to Linux.
draconisle
 
Posts: 15
Joined: 2010/09/30 22:53:41

Re: TFTP Timeout Occurred while setting up PXE

Postby TrevorH » 2012/04/01 19:46:37

Run and post the output from the `sestatus` command.
User avatar
TrevorH
Forum Moderator
 
Posts: 9144
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: TFTP Timeout Occurred while setting up PXE

Postby draconisle » 2012/04/01 20:18:40

sestatus Result
Code: Select all
[root@CentOS02 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
draconisle
 
Posts: 15
Joined: 2010/09/30 22:53:41

Re: TFTP Timeout Occurred while setting up PXE

Postby TrevorH » 2012/04/01 20:28:01

If you run the command `ls -laZ /tftpboot` then it will show you the current selinux contexts of the files there. They should have a context that is system_u:object_r:tftpdir_t:s0 and if they do not then running

Code: Select all
restorecon -r /tftpboot


should fix it. If putting new files there, always use cp to copy them from wherever they currently reside and do not use mv. If you use mv then it brings the file over and preserves all its permissions including the selinux context that it had in its original location - so for /tmp files for example, it brings across the selinux context that tmp files should have and the tftp daemon is not allowed to access those (it should only be allowed to access the specific files it's intended to access and no others). If you use cp then the new file is created with the default selinux context for the location it's being created in and in /tftpboot the daemon will be allowed to access them.
User avatar
TrevorH
Forum Moderator
 
Posts: 9144
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Next

Return to CentOS 6 - Networking Support

Who is online

Users browsing this forum: No registered users and 6 guests