Description of problem: tftp-server-0.48-6.fc9.x86_64 tftp server only accepts connections from localhost, all remote requests seem to time out. Firewall and SELinux are disabled on the host. Tested on localhost using: tftp 10.2.50.205 -c get pxelinux.cfg/default Result: Successful tftp localhost -c get pxelinux.cfg/default Result: Successful Routing Table: Destination Gateway Genmask Flags Metric Ref Use Iface 10.2.50.0 * 255.255.255.0 U 0 0 0 eth0 link-local * 255.255.0.0 U 0 0 0 eth0 default 10.2.50.1 0.0.0.0 UG 0 0 0 eth0 ifconfig: eth0 Link encap:Ethernet HWaddr 00:E0:B8:D0:11:E0 inet addr:10.2.50.205 Bcast:10.2.50.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:b8ff:fed0:11e0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:109741 errors:0 dropped:0 overruns:0 frame:0 TX packets:62328 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:151985399 (144.9 MiB) TX bytes:4451829 (4.2 MiB) Memory:f0400000-f0420000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:18719 errors:0 dropped:0 overruns:0 frame:0 TX packets:18719 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3206201 (3.0 MiB) TX bytes:3206201 (3.0 MiB) How reproducible: Steps to Reproduce: 1. Install tftp-server with xinetd, start the service. 2. Config for /etc/tftp: service tftp { socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /tftpboot disable = no per_source = 11 cps = 100 2 flags = IPv4 } 3. Config for /etc/xinetd.conf # # This is the master xinetd configuration file. Settings in the # default section will be inherited by all service configurations # unless explicitly overridden in the service configuration. See # xinetd.conf in the man pages for a more detailed explanation of # these attributes. defaults { # The next two items are intended to be a quick access place to # temporarily enable or disable services. # # enabled = # disabled = # Define general logging characteristics. log_type = SYSLOG daemon info log_on_failure = HOST log_on_success = PID HOST DURATION EXIT # Define access restriction defaults # # no_access = # only_from = # max_load = 0 cps = 50 10 instances = 50 per_source = 10 # Address and networking defaults # # bind = # mdns = yes v6only = no # setup environmental attributes # # passenv = groups = yes umask = 002 # Generally, banners are not used. This sets up their global defaults # # banner = # banner_fail = # banner_success = } includedir /etc/xinetd.d 4. Put text file in /tftpboot/pxelinux.cfg/default 5. To be sure not rights issue, changes /tftpboot to 777 recursively. 5. On a remote host ran: tftp 10.2.50.205 -c get pxelinux.cfg/default Actual results: Return code 69 from tftp, text output of "Transfer timed out." Expected results: default text file downloaded to cwd. Additional info:
Can't reproduce the bug, everything works correctly in my environment with your configuration. There must be something wrong in your network setup. Please check that both the server and the client are not behind a firewall or NAT and (using tcpdump, wireshark or so) if the TFTP messages from client arrive at the server and back.
Created attachment 310266 [details] Screen shot - Host administratively prohibited I don't want to waste your time if this isn't a bug but on 64 bit version I get this message, "Host administratively prohibited", when selinux and firewall are disabled. The only reason I am bringing this up again is because this has worked without error on previous version of fedora, versions 5-8.
If I kill iptables, everything works ok, is this a bug with the firewall configuration tool?
It's _probably_ not 64-bit related. What does 'iptables -L' say when you disable the firewal using the system-config-firwall tool? Does 'service iptables stop' help afterwards?
With IPTables Running and Firewall disabled: [root@fog ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination With IPTables Stopped: [root@fog ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
it looks good at the first sight.. The best you can do is to compare it with Fedora8, if you have it at hand, and reassign the bug to system-config-firewall (or whatever you used to create the rules)
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
From previous comments I understand that this is not a bug => closing it