TFTP 請求 未得到服務
這可能看起來像一個重複的問題,但我做了我的搜尋,但找不到任何解決方案。
我創建了一個 tftp 伺服器,當從本地 tftp 客戶端訪問該伺服器時,通過環回獲取並放置文件就好了。當我嘗試通過外部客戶端訪問伺服器時,請求超時。連接已建立。我可以看到連接在 tftp 客戶端中已連接,那裡沒有問題。文件傳輸未開始。
客戶端通過乙太網電纜直接連接到主機,我創建了一個 2 設備 LAN。ping 在它們之間起作用。
我最初認為這是一個防火牆問題,現在我禁用了防火牆,允許在 iptables 中配置的埠 69 上輸入和輸出。埠 69 上也允許使用 udp。
我也沒有執行 tftpd-hpa 伺服器的多個實例,它作為守護程序執行,而netstat -aup只執行一個 tftp 伺服器。
客戶給出了正確的請求,我可以在wireshark中看到它們,但沒有任何響應。
並且失敗總是超時。
**firewall disabled** **ports allow connection ** **file transfer fails** ** outgoing tftp request as a client to other tftp servers is alos blocked **
更新2:
我不太確定防火牆的事情,因為這台筆記型電腦是由我的雇主發行的,我懷疑他們不會允許禁用防火牆。閱讀**/var/log/syslog**並沒有給出任何提示,因此嘗試查看核心列印資訊以了解是否有任何 kmodules 做任何可疑的事情,我看到了這些。
[10989.915231] FIREWALL: IN=eth1 OUT= MAC=50:7b:9d:f9:44:5d:68:9e:19:99:9e:e4:08:00 SRC=10.42.0.89 DST=10.42.0.1 LEN=65 TOS=0x00 PREC=0x00 TTL=255 ID=117 DF PROTO=UDP SPT=2495 DPT=69 LEN=45
SRC、DESTT **、**DPT、PROTO MAC 地址都與我的tftp 客戶端匹配。
我無法真正說出這裡發生了什麼,所以如果有人能給我提示以尋找一些日誌或其他東西,那將非常有幫助。
在此之後,我安裝了gufw來管理防火牆並允許所有傳入和傳出流量。我仍然會超時,這就是我現在在 syslog 上看到的。
Sep 5 16:16:01 arun-TP kernel: [13836.201853] [UFW AUDIT] IN= OUT=eth1 SRC=10.42.0.1 DST=10.42.0.255 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=12630 DF PROTO=UDP SPT=17500 DPT=17500 LEN=164 Sep 5 16:16:01 arun-TP kernel: [13836.201870] [UFW ALLOW] IN= OUT=eth1 SRC=10.42.0.1 DST=10.42.0.255 LEN=184 TOS=0x00 PREC=0x00 TTL=64 ID=12630 DF PROTO=UDP SPT=17500 DPT=17500 LEN=164
這次DST沒有意義,客戶端位於10.42.0.89而不是10.42.0.255。
更新1:
/etc/default/tftpd-hpa
TFTP_USERNAME="tftp" TFTP_DIRECTORY="/tftpboot" TFTP_ADDRESS="0.0.0.0:69" TFTP_OPTIONS="--secure --create -s" RUN_DAEMON="YES"
ls -lrt /
drwxr-xr-x 2 tftp nogroup 4096 Sep 5 03:30 tftpboot
網路統計-aup
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 *:mdns *:* 739/avahi-daemon: r udp 0 0 *:50694 *:* 2514/rpc.mountd udp 0 0 *:55107 *:* 2514/rpc.mountd udp 0 0 *:nfs *:* - udp 0 0 *:3471 *:* 8567/dhclient udp 0 0 *:56776 *:* 739/avahi-daemon: r udp 0 0 10.42.0.1:domain *:* 5403/dnsmasq udp 0 0 127.0.1.1:domain *:* 3025/dnsmasq udp 0 0 *:bootps *:* 5403/dnsmasq udp 0 0 *:bootpc *:* 8567/dhclient udp 0 0 *:tftp *:* 4316/in.tftpd udp 0 0 *:sunrpc *:* 966/rpcbind udp 0 0 *:ipp *:* 1476/cups-browsed udp 0 0 *:707 *:* 966/rpcbind udp 0 0 *:33526 *:* 2514/rpc.mountd udp 0 0 *:49935 *:* - udp 0 0 localhost:796 *:* 1044/rpc.statd udp 0 0 *:54194 *:* 1044/rpc.statd udp 0 0 *:17500 *:* 3785/dropbox udp6 0 0 [::]:mdns [::]:* 739/avahi-daemon: r udp6 0 0 [::]:42779 [::]:* - udp6 0 0 [::]:59279 [::]:* 1044/rpc.statd udp6 0 0 [::]:nfs [::]:* - udp6 0 0 [::]:60007 [::]:* 2514/rpc.mountd udp6 0 0 [::]:52311 [::]:* 2254/BESClient udp6 0 0 [::]:11656 [::]:* 8567/dhclient udp6 0 0 [::]:sunrpc [::]:* 966/rpcbind udp6 0 0 [::]:45289 [::]:* 739/avahi-daemon: r udp6 0 0 [::]:57589 [::]:* 2514/rpc.mountd udp6 0 0 [::]:707 [::]:* 966/rpcbind udp6 0 0 [::]:37709 [::]:* 2514/rpc.mountd
***/etc/xinetd.d/*中沒有 tftp 配置文件
防火牆被禁用。ufw 狀態 = 不活動
iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2 656 ACCEPT udp -- eth1 any anywhere anywhere udp dpt:bootps 0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:bootps 0 0 ACCEPT udp -- eth1 any anywhere anywhere udp dpt:domain 0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:domain 36569 3800K ACCEPT all -- lo any anywhere anywhere 30392 20M ACCEPT tcp -- any any anywhere anywhere state RELATED,ESTABLISHED 2704 679K ACCEPT udp -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 ACCEPT 254 -- ipsec+ any anywhere anywhere 0 0 ACCEPT esp -- any any anywhere anywhere 0 0 ACCEPT ah -- any any anywhere anywhere 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:isakmp 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:cfengine 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5900 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5901 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:12080 0 0 REJECT tcp -- any any anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5656 0 0 ACCEPT udp -- any any anywhere anywhere udp dpts:5004:5005 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:5004:5005 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:20830 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:20830 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:sip:5062 0 0 ACCEPT udp -- any any anywhere anywhere udp dpts:sip:5062 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:21100 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:2001 0 0 ACCEPT gre -- any any anywhere anywhere 0 0 ACCEPT icmp -- any any anywhere anywhere icmp destination-unreachable 0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench 689 56460 ACCEPT icmp -- any any anywhere anywhere icmp time-exceeded 0 0 ACCEPT icmp -- any any anywhere anywhere icmp parameter-problem 0 0 ACCEPT icmp -- any any anywhere anywhere icmp router-advertisement 0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request 13 832 ACCEPT icmp -- any any anywhere anywhere icmp echo-reply 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:tproxy 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:1533 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:30000:30005 0 0 DROP tcp -- any any anywhere anywhere tcp dpts:bootps:bootpc 6 1968 DROP udp -- any any anywhere anywhere udp dpts:bootps:bootpc 0 0 DROP tcp -- any any anywhere anywhere tcp dpt:netbios-ns 0 0 DROP udp -- any any anywhere anywhere udp dpt:netbios-ns 0 0 DROP tcp -- any any anywhere anywhere tcp dpt:netbios-dgm 0 0 DROP udp -- any any anywhere anywhere udp dpt:netbios-dgm 0 0 DROP tcp -- any any anywhere anywhere tcp dpt:netbios-ssn 0 0 DROP udp -- any any anywhere anywhere udp dpt:netbios-ssn 0 0 DROP tcp -- any any anywhere anywhere tcp dpts:tcpmux:ftp-data 0 0 DROP tcp -- any any anywhere anywhere tcp dpt:sunrpc 0 0 DROP tcp -- any any anywhere anywhere tcp dpts:snmp:snmp-trap 0 0 DROP tcp -- any any anywhere anywhere tcp dpt:520 0 0 DROP tcp -- any any anywhere anywhere tcp dpts:6348:6349 0 0 DROP tcp -- any any anywhere anywhere tcp dpts:6345:gnutella-rtr 75 3256 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level debug prefix "FIREWALL: " 1459 263K LOG udp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level debug prefix "FIREWALL: " 3347 568K DROP all -- any any anywhere anywhere 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- any eth1 anywhere 10.42.0.0/24 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth1 any 10.42.0.0/24 anywhere 0 0 ACCEPT all -- eth1 eth1 anywhere anywhere 0 0 REJECT all -- any eth1 anywhere anywhere reject-with icmp-port-unreachable 0 0 REJECT all -- eth1 any anywhere anywhere reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT 68593 packets, 6962K bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED 1 45 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED
作為客戶端的傳出 tftp 請求也被阻止。我的 IP 是 192,168.0.5 嘗試連接到 192.168.0.2
tftp 192.168.0.2 tftp> verbose on Verbose mode on. tftp> status Connected to 192.168.0.2. Mode: netascii Verbose: on Tracing: off Literal: off Rexmt-interval: 5 seconds, Max-timeout: 25 seconds tftp> put hello putting hello to 192.168.0.2:hello [netascii] Transfer timed out.
我的路由器有問題嗎?是否有任何我需要處理的設置,但即使我使用乙太網電纜將客戶端直接連接到伺服器,這個問題仍然存在。我厭倦了 BeagleBone Black、MACbook 和我的 Android 手機作為 tftp 客戶端向伺服器提出請求。
客戶端:10.42.0.89(BeagleBlack,在 u-boot)伺服器:10.42.0.1
我現在用wireshark嗅探乙太網數據包。
ARP:
32 927.886269000 10.42.0.89 Broadcast ARP 60 Who has 10.42.0.1? Tell 10.42.0.89 33 927.886320000 50:7b:9d:f9:44:5d 10.42.0.89 ARP 42 10.42.0.1 is at 50:7b:9d:f9:44:5d
在此之後,我只看到從客戶端啟動,沒有任何結果。
36 932.887008000 10.42.0.89 10.42.0.1 TFTP 79 Read Request, File: hello, Transfer type: octet, timeout\000=5\000, blksize\000=1468\000
這部分防火牆配置向您展示瞭如何丟棄所有數據包,然後允許 tftp 數據包。
Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination . . . 3347 568K DROP all -- any any anywhere anywhere 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:tftp state NEW,ESTABLISHED 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:69 state NEW,ESTABLISHED
在 tftp 允許規則之後移動 drop all 和 logs 規則。
您應該在 inetd 程序中執行 tftpd,如此處所述,如果您堅持將其作為獨立守護程序執行,請務必按照此處所述更改配置文件