3

I get the following error:

SW-AL710-1#copy running-config tftp:
Address or name of remote host []? 10.0.1.130
Destination filename [sw-al710-1-confg]?
%Error opening tftp://10.0.1.130/sw-al710-1-confg (Timed out)

This is my configuration:

more /etc/xinetd.d/tftp 
socket_type             = dgram
protocol                = udp
wait                    = yes
user                    = root
server                  = /usr/sbin/in.tftpd
server_args             = -s /var/lib/tftpboot -vvv
disable                 = no
per_source              = 11
cps                     = 100 2
flags                   = IPv4

My tftp server runs:

ps ax | grep tftp
2532 ?        Ss     0:00 in.tftpd -s /var/lib/tftpboot -vvv

And my xinetd runs as well:

service xinetd status
xinetd (pid  2483) is running...

netstat -unlp | grep xinetd
udp        0      0 0.0.0.0:69       0.0.0.0:*      2483/xinetd

The needed config file is on its place:

ls -lZ /var/lib/tftpboot/
-rwxrwxrwx. root   root unconfined_u:object_r:tftpdir_rw_t:s0 sw-al710-1-confg

Permissions and other settings seem correct:

 chkconfig --list  | grep tftp
    tftp:           on

ls -lad /var/lib/tftpboot/
drwxrwxrwx. 2 root root 4096 Feb 13 12:31 /var/lib/tftpboot/

getsebool -a | grep -i tftp
tftp_anon_write --> on

Testing the connection with a tcpdump, I get thw following output:

tcpdump port 69 -vv
tcpdump: listening on eth3, link-type EN10MB (Ethernet), capture size      65535 bytes
12:34:42.400626 IP (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto     UDP (17), length 53)
10.0.1.223.60291 > NOC1.tftp: [udp sum ok]  25 WRQ "sw-al710-1-confg"  octet
12:34:46.394984 IP (tos 0x0, ttl 255, id 1, offset 0, flags [none], proto UDP (17), length 53)
10.0.1.223.60291 > NOC1.tftp: [udp sum ok]  25 WRQ "sw-al710-1-confg" octet

more  /etc/hosts.allow
# hosts.allow   This file contains access rules which are used to
#               allow or deny connections to network services that
#               either use the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
 more  /etc/hosts.deny
#
# hosts.deny    This file contains access rules which are used to
#               deny connections to network services that either use
#               the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               The rules in this file can also be set up in
#               /etc/hosts.allow with a 'deny' option instead.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers

audit.log

type=AVC msg=audit(1488191076.406:200525): avc:  denied  { write } for      pid=22689 comm="in.tftpd" name="config.text" dev=dm-0 ino=5373954  scontext=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023  tcontext=unconfined_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488191076.406:200525): avc:  denied  { open } for  pid=22689 comm="in.tftpd" name="config.text" dev=dm-0 ino=5373954 scontext=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1488191076.406:200525): arch=c000003e syscall=2 success=yes exit=1 a0=608e22 a1=241 a2=1b6 a3=4000 items=0 ppid=22509 pid=22689 auid=503 uid=99 gid=99 euid=99 suid=99 fsuid=99 egid=99 sgid=99 fsgid=99 tty=(none) ses=32555 comm="in.tftpd" exe="/usr/sbin/in.tftpd" subj=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1488191076.406:200526): avc:  denied  { getattr } for  pid=22689 comm="in.tftpd" path="/config.text" dev=dm-0 ino=5373954 scontext=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1488191076.406:200526): arch=c000003e syscall=5 success=yes exit=0 a0=1 a1=7fffbd7827b0 a2=7fffbd7827b0 a3=4000 items=0 ppid=22509 pid=22689 auid=503 uid=99 gid=99 euid=99 suid=99 fsuid=99 egid=99 sgid=99 fsgid=99 tty=(none) ses=32555 comm="in.tftpd" exe="/usr/sbin/in.tftpd" subj=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1488191355.130:200527): avc:  denied  { write } for  pid=22726 comm="in.tftpd" name="config.text" dev=dm-0 ino=5373954 scontext=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tftpdir_t:s0 tclass=file
type=SYSCALL msg=audit(1488191355.130:200527): arch=c000003e syscall=2 success=yes exit=1 a0=608e22 a1=241 a2=1b6 a3=4000 items=0 ppid=22509 pid=22726 auid=503 uid=99 gid=99 euid=99 suid=99 fsuid=99 egid=99 sgid=99 fsgid=99 tty=(none) ses=32555 comm="in.tftpd" exe="/usr/sbin/in.tftpd" subj=unconfined_u:system_r:tftpd_t:s0-s0:c0.c1023 key=(null)

What can be the reason, how to fix it?

Mishgun
  • 31
  • 2
  • What's the firewall on the tftp server? `iptables -L -n -v` would be helpful. – MadHatter Feb 14 '17 at 12:52
  • @ MadHatter ` iptables -L -n -v Chain INPUT (policy ACCEPT 26G packets, 5290G bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 45M packets, 2212M bytes) pkts bytes target prot opt in out source destination ` – Mishgun Feb 14 '17 at 12:53
  • It's much better to edit this sort of thing into your question, which allows formatting to be preserved. But I take the point; it's not the firewall. – MadHatter Feb 14 '17 at 12:57
  • Have you already checked the TCP wrapper config files? – Giorgio Bar Feb 14 '17 at 13:14
  • @Giorgio Bar i have edited the initial post, i have checked google and it seems to me you asked about that information – Mishgun Feb 14 '17 at 13:17
  • Yes, these are the files I was referring to, the problem is not here. – Giorgio Bar Feb 14 '17 at 13:54
  • When i've put flag -c in config, afaik this flag means that now there is no need to create a file before, when i trying command copy running config tftp on cisco, file creates but empty – Mishgun Feb 15 '17 at 10:55
  • Anything in /var/log/messages or /var/log/audit/audit.log ? – hertitu Feb 16 '17 at 14:34
  • @hertitu There is nothing approprite in this files – Mishgun Feb 27 '17 at 08:08
  • there is something connected with tftp in audit.log, i've added new info to main post – Mishgun Feb 27 '17 at 10:52
  • Thanks all for help. I have updated my server from 6.2 to 6.8 and now it works well. I think it may be some bug with this version. – Mishgun Mar 01 '17 at 14:13

0 Answers0