FC6 上架設TFTP伺服器
Sailor_forever sailing_9806#163.com 轉載請注明
http://blog.csdn.net/sailor_8318/archive/2009/11/14/4811277.aspx
1、檢查是否安裝了TFTP server及client,否則安裝
[[email protected] ~]# rpm -qa |grep tftp
tftp-server-0.42-3.1
tftp-0.42-3.1
2、設定TFTP服務開機自啟動
[[email protected] ~]# cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer /
# protocol. The tftp protocol is often used to boot diskless /
# workstations, download configuration files to network-aware printers, /
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
[[email protected] ~]#
Tftp服務預設是關閉的,将disable選項設定為=yes,開機自啟動
3、重新開機TFTP服務
[[email protected] nfs]# /etc/init.d/xinetd
用法:/etc/init.d/xinetd {start|stop|status|restart|condrestart|reload}
[[email protected] nfs]# /etc/init.d/xinetd restart
停止 xinetd: [确定]
啟動 xinetd: [确定]
[[email protected] nfs]# service network restart
正在關閉接口 eth0: [确定]
關閉環回接口: [确定]
彈出環回接口: [确定]
彈出界面 eth0:
正在決定 eth0 的 IP 資訊...完成。
[确定]
[[email protected] nfs]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:CD:A1:5C
inet addr:192.168.1.101 Bcast:255.255.255.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fecd:a15c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34562 errors:0 dropped:0 overruns:0 frame:0
TX packets:260 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3111447 (2.9 MiB) TX bytes:36926 (36.0 KiB)
Interrupt:67 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:5911 errors:0 dropped:0 overruns:0 frame:0
TX packets:5911 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7307856 (6.9 MiB) TX bytes:7307856 (6.9 MiB)
4、建立tftpboot目錄,設定權限
[[email protected] nfs]# chmod -R 777 tftpboot
[[email protected] nfs]# ls -l
total 144
。。。。
drwxrwxrwx 2 root root 4096 2009-08-17 15:22 tftpboot
5、主機平台上自測試
[[email protected] nfs]# ls /tftpboot/
test
[[email protected] nfs]# tftp 192.168.1.101
tftp> get test
Transfer timed out.
傳輸逾時
6、修改防火牆設定,允許TFTP連接配接
TFTP是一種不安全的服務,通常情況下Linux系統是禁止TFTP連接配接的
檢視防火牆目前設定,可知在INPUT和OUTPUT中都沒有TFTP ACCEPT的相關規則,則表示禁止TFTP
[[email protected] ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:telnet
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
添加TFTP服務,端口号69,為UDP協定
[[email protected] ~]# iptables -A OUTPUT -p UDP --dport 69 -j ACCEPT
[[email protected] ~]# iptables -A INPUT -p UDP --dport 69 -j ACCEPT
[[email protected] ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:tftp
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:tftp
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:telnet
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
[[email protected] ~]#
當然也可以用其他方式修改防火牆設定,圖形界面也可以
若是遠端ssh連接配接的,也可以用文本模式的指令設定
[[email protected] ~]# setup
Firewall configuration--> Customize--other port 處:tftp:udp,儲存就可以了。
7、再次測試,OK
[[email protected] ~]# ls
anaconda-ks.cfg Desktop install.log install.log.syslog test
[[email protected] ~]# rm -f test
[[email protected] ~]# ls
anaconda-ks.cfg Desktop install.log install.log.syslog
[[email protected] ~]# tftp 192.168.1.101
tftp> get test
tftp> q
[[email protected] ~]# ls
anaconda-ks.cfg Desktop install.log install.log.syslog test