tftpd on Fedora 28

asked 2018-06-20 02:22:39 -0600

berndbausch gravatar image

Trying to set up a tftpd on Fedora 28, I hit a brick wall, in fact I hit the firewall.

Earlier kernel versions allowed me to open the firewall for tftp with firewall-cmd --add-service tftpd. This is not sufficient anymore, it would seem. Requests time out, and tcpdump reveals that when trying to connect, the tftp client gets an ICMP packet "udp port tftp unreachable".

Elsewhere, for example in the ArchLinux forum, I find that Netfilter policies have changed. Recommendations are tweaking rules with iptables, which I would like avoid.

Can firewall-cmd be used to allow tftp on up-to-date Fedora 28?

unreachable is not the typical error from firewalld's block rules. that seems more like the tftp server is not actually listening. can you access it locally?

gitman gravatar imagegitman ( 2018-06-24 18:31:39 -0600 )edit

answered 2018-06-20 11:25:40 -0600

florian gravatar image

updated 2018-06-20 11:27:02 -0600

Here are just some ideas on what could be going wrong:

  • Have you tried adding a zone to the command? (firewall-cmd --get-default-zone).

  • Also, when I run firewall-cmd --get-services | grep tftp, it seems that the service is called tftp, not tftpd. What does firewall-cmd --list-service say?

  • You could open the port manually (UDP/69?): firewall-cmd --add-port=69/udp

  • And, don't forget to reload the service after changes: firewall-cmd --reload

Thanks much! I will try adding a zone when I have the opportunity. First I have network problems that need taking care of.

Your other points are not applicable: "tftp" is just a typo in this question, and I did add port 69 before trying to add the service. tftpd seems to be using other ports as well, so that merely opening one port is not sufficient.

The reload option is for making permanent settings current, as far as I know.

berndbausch gravatar imageberndbausch ( 2018-06-21 05:28:57 -0600 )edit

What other ports do you think tftp needs? I don't know much about it but wikipedia only mentions 69 UDP.

carlwgeorge gravatar imagecarlwgeorge ( 2018-11-17 20:43:31 -0600 )edit

