Bug 1658481
Summary: | Add TFTP service to Satellite firewall chapter | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Lukas Zapletal <lzap> |
Component: | Documentation | Assignee: | Sergei Petrosian <spetrosi> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Melanie Corr <mcorr> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | Unspecified | CC: | lzap, roarora, spetrosi |
Target Milestone: | Unspecified | ||
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-12-19 11:52:57 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Lukas Zapletal
2018-12-12 09:16:02 UTC
Maybe just drop "While it is not recommended to use TFTP through NAT as the protocol is not very reliable, it is possible to do so." as this is very subjective opinion :-) > On all routers, you must enable a TFTP tracking feature. I'd probably elaborate this to: "On all routers, you must enable a TFTP UDP port number 69 and enable state tracking feature. This is different for each router/firewall vendor, in case Red Hat Enterprise Linux as a router of firewall do the following:" This will hopefully make this more clear to the reader. > 2. On all routers, load the ip_conntrack_tftp kernel connection This is only for RHEL6, in case of RHEL7 firewalld does this automatically. So put this under RHEL6 or older option, this is not needed for RHEL7 in fact it will not work as the configuration file will likely not exist. Maybe add a note in the RHEL7 case after the firewall-cmd command that this also loads kernel TFTP state tracking module automatically and user can check this via. lsmod | grep ip_conntrack These changes are now live on the customer portal: Using TFTP Services through NAT in the Provisioning guide: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.4/html/provisioning_guide/configuring_networking#Configuring_Networking-Using_TFTP_Services_through_NAT Reference to this section in the Installing guide: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.4/html/installing_satellite_server_from_a_connected_network/configuring_external_services#configuring_satellite_external_tftp https://access.redhat.com/documentation/en-us/red_hat_satellite/6.4/html/installing_satellite_server_from_a_disconnected_network/configuring_external_services#configuring_satellite_external_tftp Thank you |