SOLVED Unable to connection TFTP.

  • I am having an issue getting Fog setup. I can’t connect to the TFTP server. I have gone through the troubleshooting steps on the Fog project website the best I could. Can’t find the config.php file.

    I am running fog on a CentOS VM and I set it up a couple of weeks ago. This was a clean install of Fog and CentOS.

    When trying to test on Windows, I get this.
    Error on server : Permission denied
    Connect request failed.

    When trying to have a blank VM do a PXE boot over the network I get this.
    PXE-T00: Permission denied
    PXE-E36: Error received from TFTP server
    PXE-M0F: Exiting Intel PXE ROM.

    Not sure if I missed any details that are needed to help with this. If you need more information I will be happy to provide.

  • If you don’t want to disable selinux (or set to permissive) I’ve had luck under CentOS 7 using the following command:

    $ sudo setsebool -P tftp_home_dir 1

    I thought I might expound a little. To test my Fog TFTP server, I used the TFTP client in Windows. If you would like to do the same, you need to permit TFTP through your Windows firewall.

    When I first tried to pull the undionly.kpxe file using the Windows client, I was given the following error:

    PS C:\Users\jarcher> tftp -i GET undionly.kpxe
     Connect request failed

    Looking into my /var/log/audit/audit.log file I saw the following:

    $ sudo grep tftp /var/log/audit/audit.log
    ...lots of other stuff here...
    type=AVC msg=audit(1519225691.090:214): avc:  denied  { read } for  pid=3164 comm="in.tftpd" name="undionly.kpxe" dev="dm-0" ino=34386610 scontext=system_u:system_r:tftpd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:default_t:s0 tclass=file
    ...also lots more here...

    if you use audit2allow you can get some hints on how to fix this error:

    $ sudo grep tftp /var/log/audit/audit.log | audit2allow -m tftpd
    module tftpd 1.0;
    require {
            type default_t;
            type tftpd_t;
            class file { getattr lock open read };
    #============= tftpd_t ==============
    #!!!! WARNING: 'default_t' is a base type.
    #!!!! This avc can be allowed using the boolean 'tftp_home_dir'
    allow tftpd_t default_t:file { getattr lock open read };

    Note, you might have to install the policycoreutils-python package to get audit2allow

    Now just run the original command I mentioned above to allow access to the files:

    $ sudo setsebool -P tftp_home_dir 1

    SELinux is still set to enforcing:

    $ sestatus
    SELinux status:                 enabled
    SELinuxfs mount:                /sys/fs/selinux
    SELinux root directory:         /etc/selinux
    Loaded policy name:             targeted
    Current mode:                   enforcing
    Mode from config file:          enforcing
    Policy MLS status:              enabled
    Policy deny_unknown status:     allowed
    Max kernel policy version:      28

    And now the TFTP transfer works in Windows:

    PS C:\Users\jarcher> tftp -i GET undionly.kpxe
    Transfer successful: 95338 bytes in 1 second(s), 95338 bytes/s
  • Senior Developer

    @Richard-Nihells Any news on this?

  • Thank you for the links! I will look over this material and get back with you once I have an update. Going to do the re-install as well as suggested.

  • Moderator

    Also Wayne put together a pretty detailed install guide here:

  • @richard-nihells said in Unable to connection TFTP.:

    Is that in the Fog documentation somewhere or just somewhere on Google?

    Our documentation is community driven, and is mostly here:

  • @richard-nihells now that selinux is disabled, re-run the installer and try again. Also ensure you’ve setup firewalld correctly? That’s in the troubleshooting guide too (as well as our CentOS 7 tutorial).

  • I set selinux to permissive. I no longer get permission denied. Now I get connection timeout. I have my anti-virus suite and Windows Firewall disabled during this test.

  • I found that line in the troubleshooting guide and that is what is giving me the error for Windows that I listed above.

    I haven’t touched selinux or changed its settings to permissive. Is that in the Fog documentation somewhere or just somewhere on Google?

  • Moderator

    Did you disable selinux or at least change the settings to permissive?

    From a windows computer install the tftp client feature, then from a windows command prompt use the tftp client program to download undionly.kpxe from the fog server with tftp -i <fog_server_ip> GET undionly.kpxe . If you can get the file then tftp is setup correctly and we need to focus on the pxe booting process at the cause.