Configuring TFTP Server on CentOS 6.6 & Archlinux ARM
In this tutorial, I’m using a Raspberry Pi and old dead-battery ThinkPad X61+docking. I installed ArchLinux ARM on Raspberry Pi and Centos 6.6 on X61. They’re gonna be used to remotely back up Cisco’s flash, startup-configuration and perform upgrade if needed. Cisco devices I’m using are Cisco Switch 2950 and Cisco Router 2621xm.
X61’s IP address = 172.16.0.66/26
Raspberry PI’s IP address = 172.16.0.67/26
Raspberry PI configuration
Install tftp-hpa
[veroke@T430 ~]$ ssh fahmi@172.16.0.67
fahmi@172.16.0.67's password:
[fahmi@alarmpi ~]$ sudo pacman -S tftp-hpa
tftpd.service
Refer to Archwiki https://wiki.archlinux.org/index.php/Tftpd_server, we should create a copy of the tftpd.service and modify ExecStart with the appropriate directory to use as the tftp root.
[fahmi@alarmpi ~]$ cat /etc/systemd/system/tftpd.service
[Unit]
Description=hpa's original TFTP daemon
[Service]
ExecStart=/usr/bin/in.tftpd -s /srv/tftp/
StandardInput=socket
StandardOutput=inherit
StandardError=journal
start tftpd.socket
[root@alarmpi ~]# systemctl start tftpd.socket
telnet and console cable
I connected to 2621XM using telnet and Cisco Switch 2950 using console cable.
terminal 1
$ sudo screen /dev/ttyS0 9600
terminal 2
$ telnet 172.16.0.50
permission
By default, tftpd won’t allow you to upload a new file. It only allows you to upload a files that already exist [check tftpd manpage]. So, in /srv/tftpd directory, I touched several files and and gave them 777 permission:
[root@alarmpi ~]# cd /srv/tftp
[root@alarmpi tftp]# touch c2600-io3-mz.121-7.bin
[root@alarmpi tftp]# chmod 777 c2600-io3-mz.121-7.bin
[root@alarmpi tftp]# touch 2621-config
[root@alarmpi tftp]# chmod 777 2621-config
[root@alarmpi tftp]# touch c2950-i6q4l2-mz.121-13.EA1b.bin
[root@alarmpi tftp]# chmod 777 c2950-i6q4l2-mz.121-13.EA1b.bin
[root@alarmpi tftp]# touch 2950-config
[root@alarmpi tftp]# chmod 777 2950-config
copy flash tftp
boot
configure Cisco router to boot from tftp server if failed to load the IOS in the flash.
If the IOS in flash doesn’t load, it will look for flash in TFTP server. If the server is down or doesn’t store the IOS, the mini-IOS will load after six unsuccessful attempts of trying to locate the TFTP server
X61 Configuration
ssh and tftp
ssh to X61 and install tftp, tftp-server, and xinetd.
[fahmi@T430 ~]$ ssh fahmi@172.16.0.66
[fahmi@centos6 ~]$ su -
[fahmi@centos6 ~]# yum install tftp tftp-server xinetd
edit config
edit /etc/xinetd.d/tftp. change “disable = yes” to “disable = no” and add “-c” to “server_args” line
[fahmi@centos6 ~]$ cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -c -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
SELinux
SELinux is enabled by default on CentOS, it’s a good thing. We need to set “tftp_anon_write” to 1, give 777 permission to /var/lib/tftpboot and open port 69 (TFTP uses port 69 and its transport protocol is UDP).
tftp_anon_write will allow anonymous to access TFTP folder.
[root@centos6 ~]# chmod 777 /var/lib/tftpboot
[root@centos6 ~]# setsebool -P tftp_anon_write 1
[root@centos6 ~]# iptables -I INPUT -p udp --dport 69 -j ACCEPT
start xinetd
[root@centos6 ~]# service xinetd start
copy flash tftp:
stop xinetd and close port 69
[root@centos6 ~]# iptables -D INPUT -p udp --dport 69 -j ACCEPT
[root@centos6 ~]# service xinetd stop
-D means delete the rule from the chain.
References
CCNA Routing and Switching Study Guide: Exams 100-101, 200-101, and 200-120 by Todd Lammle
http://www.petenetlive.com/KB/Article/0000998.htm
http://askubuntu.com/questions/443117/how-to-configure-tftpd-hpa-to-allow-upload-of-new-files