Bug 494417
Summary: | tftp client times out in Fedora 10 | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Natxo Asenjo <natxo> | ||||
Component: | system-config-firewall | Assignee: | Thomas Woerner <twoerner> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 10 | CC: | jskala, magnus, pertusus, twoerner | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | i686 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | 1.2.16-3.fc10 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2009-11-11 14:58:19 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Natxo Asenjo
2009-04-06 19:36:23 UTC
Hi, I found from issue description that the problem is in the setting up the firewall. Please, try to adjust firewall and let me know the progress. Regards Jiri hi, I had expected that someone at redhat/fedora at least had tested that there was a problem. From your answer I understand that you have not even taken the time to test it/reproduce it. If I knew what for firewall settings I had to enable/tweak I would have already done it. Anyway, I think it is kind of strange of somebody from redhat to ask me to try changing things without giving any clues as to what when I use the standard configuration as delivered from you guys. A tftp client should just work (TM). I should not have to be testing stuff for copying a file from a tftp server. This is why I filed a bug against it and the whole point of this is to make a better redhat. Or so I thought, correct me if I am wrong. Regards, Natxo Hi, I'm worry about little misunderstanding. Therefore I'd like explain a couple of things: 1. I'm a maintainer of tftp. The tftp doesn't work as you suppose due to firewall. I have nothing to do with the firewall. There is another maintainer for firewall issues (btw. I consulted the issue internally = I took care of it). 2. The tftp is not secure protocol and usage of this should be limited on LAN due to security. 3. I estimate (based on item #2) the default firewall configuration blocks tftp due to security. Who want to use it he should know what he is doing (load nf_conntrack_tftp) and he should do that manually. Regards Jiri hi, loading the nf_conntrack_tftp module solves the problem indeed. Thanks for the tip. I fail to see how using a tftp *client* could be seen as a security risk. If you are afraid of the tftp protocol, then you control access to the tftp *server* with firewall rules. As a sysadmin I expect to trust connections that I initiate. A tftp client falls into this category. Having to load an extra kernel module just to be able to use a tftp client falls in the category *irritating and unnecessary stuff*. Do you know who I have to ask at redhat to get this fixed? This behaviour is not right and should be corrected in a future release. Anyway, I am glad you gave me the golden clue to solve this 'special' problem. Thanks again. regards, natxo The system-config-firewall could offer easier way to allow usage of tftp. Created attachment 341450 [details]
Patch to add TFTP and TFTP-client to trusted services.
Fixed in GIT abf0513c2fac32eaebef4190dee092871069c26c Will be part of next release. system-config-firewall-1.2.16-3.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/system-config-firewall-1.2.16-3.fc10 Please have a look at the testing package, tftp and tftp-client has been added to the services list. Just enable the service you want to use. system-config-firewall-1.2.16-3.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update system-config-firewall'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-5928 A small note, this also affects Fedora Core 11, system-config-firewall-1.2.16-2.fc11.noarch. I installed the testing package for Fedora 11 and it works perfectly. Thanks for the patch! system-config-firewall-1.2.16-3.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. |