Description of problem: The tftp server cannot be startet - the UDP port ist filtered even if iptables and selinux switched off (and tcp_wrappers set as permissible as possible). Version-Release number of selected component (if applicable): $ rpm -q tcp_wrappers tftp-server tftp tcp_wrappers-7.6-59.fc14.i686 tftp-server-0.49-7.fc14.i686 tftp-0.49-7.fc14.i686 How reproducible: When setting up a tftp server the normal way, it is blocked. Steps to Reproduce: 1. [switch off selinux] 2. # yum install tftp-server 3. # chkconfig tftp on 4. # service iptables stop 5. # echo -ne "ALL : ALL\n\n" > /etc/hosts.allow 6. # service xinetd restart 7. # echo test > /var/lib/tftpboot/test 8. # chmod 644 /var/lib/tftpboot/test Actual results: $ tftp localhost -c get test tftp: test: Is a directory # nmap -sU localhost Starting Nmap 5.21 ( http://nmap.org ) at 2011-03-12 14:32 CET Nmap scan report for localhost (127.0.0.1) Host is up (0.00033s latency). Not shown: 992 closed ports PORT STATE SERVICE 37/udp open time 69/udp open|filtered tftp 500/udp open|filtered isakmp 631/udp open|filtered ipp 1812/udp open radius 1813/udp open|filtered radacct 4500/udp open|filtered nat-t-ike 5353/udp open|filtered zeroconf but: # tcpdmatch tftp@localhost localhost client: hostname dalet.home client: address 127.0.0.1 server: hostname dalet.home server: address 127.0.0.1 server: process tftp access: granted Expected results: Tftp-server running and accessible (at least from localhost). Additional info:
Ok, co I have probably found it: it works fine from another host, but not from the same one (which is IMHO very confusing and doesn't bring much for the security... It should be at least documented somewhere...).
Really interesting 'not a bug'. :-) Your reproducer don't work for me but I'm able to reproduce your issue. The tftp works fine between two machines as well as on one machine. The trick of your issue is following - the current working directory where you call tftp client contains subdirectory with the same name as the filename to get ('test' in this case). That's all. I'm going to close it with status 'notabug'.
Ok, I understand, You're right. Maybe should the error message be more verbose on where is the 'test' directory? (Something like "Error: trying to overwrite directory with a file"?) Thank You!