Unable to connection TFTP.



  • I am having an issue getting Fog setup. I can’t connect to the TFTP server. I have gone through the troubleshooting steps on the Fog project website the best I could. Can’t find the config.php file.

    I am running fog on a CentOS VM and I set it up a couple of weeks ago. This was a clean install of Fog and CentOS.

    When trying to test on Windows, I get this.
    Error on server : Permission denied
    Connect request failed.

    When trying to have a blank VM do a PXE boot over the network I get this.
    PXE-T00: Permission denied
    PXE-E36: Error received from TFTP server
    PXE-M0F: Exiting Intel PXE ROM.

    Not sure if I missed any details that are needed to help with this. If you need more information I will be happy to provide.



  • If you don’t want to disable selinux (or set to permissive) I’ve had luck under CentOS 7 using the following command:

    $ sudo setsebool -P tftp_home_dir 1
    

    I thought I might expound a little. To test my Fog TFTP server, I used the TFTP client in Windows. If you would like to do the same, you need to permit TFTP through your Windows firewall.

    When I first tried to pull the undionly.kpxe file using the Windows client, I was given the following error:

    PS C:\Users\jarcher> tftp -i 172.19.1.30 GET undionly.kpxe
     Connect request failed
    

    Looking into my /var/log/audit/audit.log file I saw the following:

    $ sudo grep tftp /var/log/audit/audit.log
    ...lots of other stuff here...
    type=AVC msg=audit(1519225691.090:214): avc:  denied  { read } for  pid=3164 comm="in.tftpd" name="undionly.kpxe" dev="dm-0" ino=34386610 scontext=system_u:system_r:tftpd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:default_t:s0 tclass=file
    ...also lots more here...
    

    if you use audit2allow you can get some hints on how to fix this error:

    $ sudo grep tftp /var/log/audit/audit.log | audit2allow -m tftpd
    
    module tftpd 1.0;
    
    require {
            type default_t;
            type tftpd_t;
            class file { getattr lock open read };
    }
    
    #============= tftpd_t ==============
    
    #!!!! WARNING: 'default_t' is a base type.
    #!!!! This avc can be allowed using the boolean 'tftp_home_dir'
    allow tftpd_t default_t:file { getattr lock open read };
    

    Note, you might have to install the policycoreutils-python package to get audit2allow

    Now just run the original command I mentioned above to allow access to the files:

    $ sudo setsebool -P tftp_home_dir 1
    

    SELinux is still set to enforcing:

    $ sestatus
    SELinux status:                 enabled
    SELinuxfs mount:                /sys/fs/selinux
    SELinux root directory:         /etc/selinux
    Loaded policy name:             targeted
    Current mode:                   enforcing
    Mode from config file:          enforcing
    Policy MLS status:              enabled
    Policy deny_unknown status:     allowed
    Max kernel policy version:      28
    

    And now the TFTP transfer works in Windows:

    PS C:\Users\jarcher> tftp -i 172.19.1.30 GET undionly.kpxe
    Transfer successful: 95338 bytes in 1 second(s), 95338 bytes/s
    

  • Developer

    @Richard-Nihells Any news on this?



  • Thank you for the links! I will look over this material and get back with you once I have an update. Going to do the re-install as well as suggested.


  • Moderator

    Also Wayne put together a pretty detailed install guide here: https://wiki.fogproject.org/wiki/index.php?title=CentOS_7



  • @richard-nihells said in Unable to connection TFTP.:

    Is that in the Fog documentation somewhere or just somewhere on Google?

    Our documentation is community driven, and is mostly here: https://wiki.fogproject.org/wiki/index.php?title=Main_Page



  • @richard-nihells now that selinux is disabled, re-run the installer and try again. Also ensure you’ve setup firewalld correctly? That’s in the troubleshooting guide too (as well as our CentOS 7 tutorial).



  • I set selinux to permissive. I no longer get permission denied. Now I get connection timeout. I have my anti-virus suite and Windows Firewall disabled during this test.



  • I found that line in the troubleshooting guide and that is what is giving me the error for Windows that I listed above.

    I haven’t touched selinux or changed its settings to permissive. Is that in the Fog documentation somewhere or just somewhere on Google?


  • Moderator

    Did you disable selinux or at least change the settings to permissive?

    From a windows computer install the tftp client feature, then from a windows command prompt use the tftp client program to download undionly.kpxe from the fog server with tftp -i <fog_server_ip> GET undionly.kpxe . If you can get the file then tftp is setup correctly and we need to focus on the pxe booting process at the cause.


 

355
Online

41.7k
Users

12.2k
Topics

115.1k
Posts