1.tftp介绍
TFTP(Trivial File Transfer Protocol,简单文件传输协议)是TCP/IP协议族中的一个用来在客户机与服务器之间进行简单文件传输的协议,提供不复杂、开销不大的文件传输服务,端口号为69。
2.安装tftp
首先使用rpm命令,我们linux上是否安装tftp软件包。
[wangchao2@localhost ~]$ rpm -qa |grep tftp
如果发现没有安装,执行:
[wangchao2@localhost ~]$ sudo yum install -y tftp-server
3.配置并启动tftp
tftp的配置文件在/etc/xinetd.d/tftp下
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftp -c 注:这里-s指tftp服务器的根目录,-c指能创建文件
disable = no #注:应该选择no,之前出现错误
per_source = 11
cps = 100 2
flags = IPv4
}
4.开启xinetd服务
注:xinetd介绍:http://blog.sina.com.cn/s/blog_6ceed3280101jja0.html
[wangchao2@localhost ~]$ sudo service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
使用netstat命令查看69端口:发现一直没有出现69号端口的监听,后来上网发现查看是配置的时候要disable选择no。
[root@localhost wangchao2]# netstat -nlp | grep 69
udp 0 0 0.0.0.0:69 0.0.0.0:* 21884/xinetd
unix 2 [ ACC ] STREAM LISTENING 14690 2615/master private/verify
unix 2 [ ACC ] STREAM LISTENING 14694 2615/master public/flush
unix 2 [ ACC ] STREAM LISTENING 14698 2615/master private/proxymap
unix 2 [ ACC ] STREAM LISTENING 13693 2271/cupsd /va
5. SELinux策略修改
如果系统开启SELinux的话,tftp客户端在下载的时候可能会被阻止。如果是这样,我们可以使用下面命令将他临时关掉:
selinux介绍:http://baike.so.com/doc/5500722-5737997.html[root@localhost wangchao2]# sudo setenforce 0
#0表示设置SeLinux为permissive模式,1代表设置SeLinux为enforcing模式
彻底禁用SELinux,可以修改配置文件将SELINUX设为disalbed
[root@localhost wangchao2]# vim /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled # 设置成disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
这是重新启动系统,查看selinux状态
[wangchao2@localhost ~]$ getenforce
Disabled
[wangchao2@localhost ~]$ ses
sessreg sestatus
[wangchao2@localhost ~]$ sestatus
SELinux status: disabled
6.防火墙策略修改
系统开启了防火墙也有可能会阻止tftp客户端的下载,我们可以在防火墙规则中使能tftp,只需要使能tftp所使用的69端口即可
[wangchao2@localhost ~]$ sudo /sbin/iptables -I INPUT -p tcp --dport 69 -j ACCEPT
[wangchao2@localhost ~]$ ^C
[wangchao2@localhost ~]$ sudo /sbin/iptables -I INPUT -p udp --dport 69 -j ACCEPT
[wangchao2@localhost ~]$ sudo /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
[wangchao2@localhost ~]$ sudo /sbin/iptables -I INPUT -p tcp --dport 21 -j ACCEPT
[wangchao2@localhost ~]$ sudo /sbin/iptables -I INPUT -p tcp --dport 22 -j ACCEPT
[wangchao2@localhost ~]$ sudo /etc/rc.d/init.d/iptables save#保存
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[wangchao2@localhost ~]$ sudo service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[wangchao2@localhost ~]$ sudo service iptables status#查看状态
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
4 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:69
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:69
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
如果我们希望系统在启动的时候就不要启动防火墙,那么我们应该使用ntsysv命令来关闭防火墙服务,同时我们还可以设置让系统启动的时候就开启tftp服务:
[wangchao2@localhost ~]$ sudo ntsysv
[*] tftp
7.tftp测试
首先安装busybox里的tftp客户端命令
[wangchao2@localhost tftp]$ wget http://www.busybox.net/downloads/busybox1.19.3.tar.bz2
[wangchao2@localhost tftp]$ tar -xjf busybox-1.19.3.tar.bz2
[wangchao2@localhost tftp]$ cd busybox-1.19.3
[wangchao2@localhost busybox-1.19.3]$ export TERM=vt100 #防止出现乱码
[wangchao2@localhostbusybox-1.19.3]$ sudo makemenuconfig #不要做任何修改直接写保存退出。
[wangchao2@localhostbusybox-1.19.3]$ make
[wangchao2@localhostbusybox-1.19.3]$ file busybox
busybox: ELF 64-bit LSB executable, x86-64, version 1(SYSV), dynamically linked (uses shared libs), stripped
[wangchao2@localhost busybox-1.19.3]$ sudo cp busybox /usr/local/bin/[wangchao2@localhost busybox-1.19.3]$ cd ~
[wangchao2@localhost ~]$ sudo cd /usr/local/bin
sudo: cd: command not found
[wangchao2@localhost ~]$ cd /usr/local/bin
[wangchao2@localhost bin]$ ln -s busybox tftp
ln: creating symbolic link `tftp': Permission denied
[wangchao2@localhost bin]$ sudo ln -s busybox tftp
使用busybox里的tftp命令测试:
[wangchao2@localhost ~]$ tftp -gr tt.txt 192.168.202.128
[wangchao2@localhost ~]$ ls text.txt
text.txt
问题补充:之前一直下载不了,后来发现是我的tftp的文件夹是在根目录下的,而我是在~下搜索,要牢记绝对路径和相对路径!!!
3173
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
