FC6 上架设TFTP服务器
Sailor_forever sailing_9806#163.com 转载请注明
http://blog.csdn.net/sailor_8318/archive/2009/11/14/4811277.aspx
1、检查是否安装了TFTP server及client,否则安装
[root@sailing ~]# rpm -qa |grep tftp
tftp-server-0.42-3.1
tftp-0.42-3.1
2、设置TFTP服务开机自启动
[root@sailing ~]# cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer /
# protocol. The tftp protocol is often used to boot diskless /
# workstations, download configuration files to network-aware printers, /
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
[root@sailing ~]#
Tftp服务默认是关闭的,将disable选项设置为=yes,开机自启动
3、重启TFTP服务
[root@sailing nfs]# /etc/init.d/xinetd
用法:/etc/init.d/xinetd {start|stop|status|restart|condrestart|reload}
[root@sailing nfs]# /etc/init.d/xinetd restart
停止 xinetd: [确定]
启动 xinetd: [确定]
[root@sailing nfs]# service network restart
正在关闭接口 eth0: [确定]
关闭环回接口: [确定]
弹出环回接口: [确定]
弹出界面 eth0:
正在决定 eth0 的 IP 信息...完成。
[确定]
[root@sailing nfs]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:CD:A1:5C
inet addr:192.168.1.101 Bcast:255.255.255.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fecd:a15c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34562 errors:0 dropped:0 overruns:0 frame:0
TX packets:260 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3111447 (2.9 MiB) TX bytes:36926 (36.0 KiB)
Interrupt:67 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:5911 errors:0 dropped:0 overruns:0 frame:0
TX packets:5911 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7307856 (6.9 MiB) TX bytes:7307856 (6.9 MiB)
4、建立tftpboot目录,设置权限
[root@sailing nfs]# chmod -R 777 tftpboot
[root@sailing nfs]# ls -l
total 144
。。。。
drwxrwxrwx 2 root root 4096 2009-08-17 15:22 tftpboot
5、主机平台上自测试
[root@sailing nfs]# ls /tftpboot/
test
[root@sailing nfs]# tftp 192.168.1.101
tftp> get test
Transfer timed out.
传输超时
6、修改防火墙设置,允许TFTP连接
TFTP是一种不安全的服务,通常情况下Linux系统是禁止TFTP连接的
查看防火墙当前设置,可知在INPUT和OUTPUT中都没有TFTP ACCEPT的相关规则,则表示禁止TFTP
[root@sailing ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:telnet
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
添加TFTP服务,端口号69,为UDP协议
[root@sailing ~]# iptables -A OUTPUT -p UDP --dport 69 -j ACCEPT
[root@sailing ~]# iptables -A INPUT -p UDP --dport 69 -j ACCEPT
[root@sailing ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:tftp
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:tftp
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:telnet
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
[root@sailing ~]#
当然也可以用其他方式修改防火墙设置,图形界面也可以
若是远程ssh连接的,也可以用文本模式的命令设置
[root@sailing ~]# setup
Firewall configuration--> Customize--other port 处:tftp:udp,保存就可以了。
7、再次测试,OK
[root@sailing ~]# ls
anaconda-ks.cfg Desktop install.log install.log.syslog test
[root@sailing ~]# rm -f test
[root@sailing ~]# ls
anaconda-ks.cfg Desktop install.log install.log.syslog
[root@sailing ~]# tftp 192.168.1.101
tftp> get test
tftp> q
[root@sailing ~]# ls
anaconda-ks.cfg Desktop install.log install.log.syslog test