TFTP in Slackware-9.1 not working?

Anyone have TFTP server (tftp-hpa-0.34) working in Slackware-9.1 or in
any Linux machine?

TFTP in Slackware-8.0 works. But, TFTP in Slackware-9.1 is not
responding. I've tried connecting locally,
tftp localhost
> verbose
> get ... ... --> times out
and I get connected but cannot get files.

--
William Park, Open Geometry Consulting, <(E-Mail Removed)>
Linux solution for data management and processing.


William Park

In <alt.os.linux.slackware> William Park <(E-Mail Removed)> wrote:
> Anyone have TFTP server (tftp-hpa-0.34) working in Slackware-9.1 or in
> any Linux machine?
>
> TFTP in Slackware-8.0 works. But, TFTP in Slackware-9.1 is not
> responding. I've tried connecting locally,
> tftp localhost
> > verbose
> > get ... ... --> times out
> and I get connected but cannot get files.

Arghh.. I solved it. Change /etc/inetd.conf from
tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpd
to
tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot
--
William Park, Open Geometry Consulting, <(E-Mail Removed)>
Linux solution for data management and processing.

On Mon, 24 Nov 2003 11:57:59 +0000, William Park wrote:

> Arghh.. I solved it. Change /etc/inetd.conf from
> tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpd
> to
> tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot

Then your running it under the superuser account (which is bad)...
I like it a little more paranoit - as TFTP is not very secure by design.
Here is what i have working:

~$ grep tftp /etc/group /etc/passwd
/etc/group:tftp:x:402:tftp
/etc/passwd:tftp:x:402:402:tftpd:/tftpboot:/bin/false

~$ grep tftp /etc/inetd.conf
tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot -p -u tftp -vv

~$ ls -l / |grep tftp
drwx--x--x 2 root root 4096 Nov 24 12:59 tftpboot/

~$ grep tftp /etc/hosts.allow
in.tftpd: LOCAL, .lan, 127.

~$ cat /etc/hosts.deny
ALL: ALL

--
-Menno.

In <alt.os.linux.slackware> Menno Duursma <(E-Mail Removed)> wrote:
> On Mon, 24 Nov 2003 11:57:59 +0000, William Park wrote:
>
> > Arghh.. I solved it. Change /etc/inetd.conf from
> > tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpd
> > to
> > tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot
>
> Then your running it under the superuser account (which is bad)...
> I like it a little more paranoit - as TFTP is not very secure by design.
> Here is what i have working:

You need 'root' to chroot into /tftpboot. But, after that, it drops to
'nobody' according to /usr/doc/tftp-hpa-0.34/README.security:

You should make sure that you are using "wait" option in tftpd; you
also need to have tftpd spawned as root in order for chroot (-s) to
work. tftpd automatically drops privilege and changes user ID to
"nobody" by default; the appropriate user ID for tftpd can be
specified with the -u option (e.g. "-u tftpuser").

--
William Park, Open Geometry Consulting, <(E-Mail Removed)>
Linux solution for data management and processing.

On Mon, 24 Nov 2003 21:41:22 +0000, William Park wrote:
> In <alt.os.linux.slackware> Menno Duursma <(E-Mail Removed)> wrote:
>> On Mon, 24 Nov 2003 11:57:59 +0000, William Park wrote:
>>
>> > Arghh.. I solved it. Change /etc/inetd.conf from
>> > tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpd
>> > to
>> > tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot
>>
>> Then your running it under the superuser account (which is bad)...
>> I like it a little more paranoit - as TFTP is not very secure by design.
>> Here is what i have working:
>
> You need 'root' to chroot into /tftpboot.

I know, you can only call chroot(2) under EUID 0.

> But, after that, it drops to
> 'nobody' according to /usr/doc/tftp-hpa-0.34/README.security:

Ok, i had forgot about that. However the `nobody' account might be used
for an other service already (ie: Apache, Samba, etc). Thus if someone
has that, they'll be able to mess about other things on the box as well.

The setup i posted, i had already working on Slackware 9.0, tftp-hpa-0.33:
http://google.nl/groups?selm=pan.200...0desktop.local

And i just tested it on SW 9.1 - tftp-hpa-0.34 upon seeing your post.
Still, it should be more secure - at little extra cost. (And i like any
service to run under thier own account, for clear separation in any case.)

--
-Menno.

In <alt.os.linux.slackware> Menno Duursma <(E-Mail Removed)> wrote:
> > But, after that, it drops to 'nobody' according to
> > /usr/doc/tftp-hpa-0.34/README.security:
>
> Ok, i had forgot about that. However the `nobody' account might be
> used for an other service already (ie: Apache, Samba, etc). Thus if
> someone has that, they'll be able to mess about other things on the
> box as well.
>
> The setup i posted, i had already working on Slackware 9.0,
> tftp-hpa-0.33:
> http://google.nl/groups?selm=pan.200...0desktop.local
>
> And i just tested it on SW 9.1 - tftp-hpa-0.34 upon seeing your post.
> Still, it should be more secure - at little extra cost. (And i like
> any service to run under thier own account, for clear separation in
> any case.)

Since you have TFTP running, I can only assume you're doing network
boot.. something I'm trying to do.

I can
- boot using LILO boot floppy or from harddisk (for development
only), and
- mount NFS root using BOOTP or static parameter on kernel
commandline.

Now, how do I boot over the network?

I have 3c905C whose boot rom (MBA-4.30) is configured for TCP/IP with
BOOTP. When computer boots, it connects to BOOTP and TFTP, but hangs
after TFTP download.

--
William Park, Open Geometry Consulting, <(E-Mail Removed)>
Linux solution for data management and processing.

On Tue, 25 Nov 2003 18:25:45 +0000, William Park wrote:
> In <alt.os.linux.slackware> Menno Duursma <(E-Mail Removed)> wrote:

>> And i just tested it on SW 9.1 - tftp-hpa-0.34 upon seeing your post.
>> Still, it should be more secure - at little extra cost. (And i like
>> any service to run under thier own account, for clear separation in
>> any case.)
>
> Since you have TFTP running, I can only assume you're doing network
> boot..

No. I use(ed) it for remotely updateing firmware.

> something I'm trying to do.

I have read up on that - some time, however never actually set it up.
(Others did, i'm useing SanDisk Flash drive now.)

> I can
> - boot using LILO boot floppy or from harddisk (for development
> only), and
> - mount NFS root using BOOTP or static parameter on kernel
> commandline.
>
> Now, how do I boot over the network?

Setup dhcpd to point clients to your kernel-image under /tftpboot
http://etherboot.sourceforge.net/doc...rman/x126.html

Create the root-filesystems for the clients under /tftpboot and export
them via NFS (or a ramdisk-image instead.):
http://www.applied-synergetics.com/a...klessboot.html

> I have 3c905C whose boot rom (MBA-4.30) is configured for TCP/IP with
> BOOTP. When computer boots, it connects to BOOTP and TFTP, but hangs
> after TFTP download.

So it does download a kernel?
(But then tells you it's unable to mount `/'?)

I'm probably now going to test it out myself as well... However it'll be a
Compaq Deskpro, onboard `tulip' NIC - in my case.

Hoop this helped you any though.

--
-Menno.

In <alt.os.linux.slackware> Menno Duursma <(E-Mail Removed)> wrote:
> On Tue, 25 Nov 2003 18:25:45 +0000, William Park wrote:
> > I can
> > - boot using LILO boot floppy or from harddisk (for development
> > only), and
> > - mount NFS root using BOOTP or static parameter on kernel
> > commandline.
> >
> > Now, how do I boot over the network?
>
> Setup dhcpd to point clients to your kernel-image under /tftpboot
> http://etherboot.sourceforge.net/doc...rman/x126.html
>
> Create the root-filesystems for the clients under /tftpboot and export
> them via NFS (or a ramdisk-image instead.):
> http://www.applied-synergetics.com/a...klessboot.html
>
> > I have 3c905C whose boot rom (MBA-4.30) is configured for TCP/IP with
> > BOOTP. When computer boots, it connects to BOOTP and TFTP, but hangs
> > after TFTP download.
>
> So it does download a kernel?
> (But then tells you it's unable to mount `/'?)
>
> I'm probably now going to test it out myself as well... However it'll be a
> Compaq Deskpro, onboard `tulip' NIC - in my case.
>
> Hoop this helped you any though.

I bought 3c905 because it has bootrom (Managed PC Boot Agent v4.30), so
I wouldn't have to bother with Etherboot and the likes (so was my
thinking). The card has PXE, Netware, TCP/IP, RPL support; and, within
TCP/IP, it has BOOTP and DHCP.

Here is what I got so far:
- NFS root works, because I can boot from LILO floppy or harddisk,
and mount NFS root using
ip=192.168.1.2:...:...:255.255.255.0:...:eth0ff
nfsroot=/tftpboot/...
as kernel parameter which assign everything statically.
- BOOTP works, because I can mount NFS root (as above) using
ip=bootp
as kernel parameter.
- TFTP works, because I can move files manually.

I think it has to do with kernel tagging. I've tried sending
- regular kernel that I use for LILO boot.
- "tagged" kernel obtained with
mknbi-linux -i rom bzImage bootImage (netboot-0.9.8)
mknbi-linux --ip=bootp bzImage --output=bootImage (mknbi-1.4.2)

Nothing. On the screen, computer prints
BOOTP.
TFTP..... (dots fly by on this line before hangs with this)

--
William Park, Open Geometry Consulting, <(E-Mail Removed)>
Linux solution for data management and processing.

On Wed, 26 Nov 2003 21:12:03 +0000, William Park wrote:
> In <alt.os.linux.slackware> Menno Duursma <(E-Mail Removed)> wrote:
>> On Tue, 25 Nov 2003 18:25:45 +0000, William Park wrote:

>> I'm probably now going to test it out myself as well... However it'll be a
>> Compaq Deskpro, onboard `tulip' NIC - in my case.

I haven't gotten it to work at all. Although my dhcpd works fine as a
bootp server for a HP JetDirect print-spooler. And i can download via TFTP
no problem as well. However, it might be do my buggy BIOS (which acts as
the bootPROM as well) it's a LSA-M99 LanDesk :-(.

> I bought 3c905 because it has bootrom (Managed PC Boot Agent v4.30), so

That one looks to be supported by `pxelinux': "3Com MBA v4.30 or later is
believed to work on all supported network cards" from:
http://syslinux.zytor.com/hardware.php

menno@desktop:~$ grep -r -m1 pxelinux /var/log/packages
/var/log/packages/syslinux-2.06-i386-1:usr/doc/syslinux-2.06/pxelinux.doc

> I wouldn't have to bother with Etherboot and the likes (so was my
> thinking). The card has PXE, Netware, TCP/IP, RPL support; and, within
> TCP/IP, it has BOOTP and DHCP.

I'd try following this howto:
http://syslinux.zytor.com/pxe.php

> Here is what I got so far:
> - NFS root works, because I can boot from LILO floppy or harddisk,
> and mount NFS root using
> ip=192.168.1.2:...:...:255.255.255.0:...:eth0ff
> nfsroot=/tftpboot/...
> as kernel parameter which assign everything statically.
> - BOOTP works, because I can mount NFS root (as above) using
> ip=bootp
> as kernel parameter.
> - TFTP works, because I can move files manually.

So you should be almost there.

> I think it has to do with kernel tagging. I've tried sending
> - regular kernel that I use for LILO boot.
> - "tagged" kernel obtained with
> mknbi-linux -i rom bzImage bootImage (netboot-0.9.8)
> mknbi-linux --ip=bootp bzImage --output=bootImage (mknbi-1.4.2)
>
> Nothing. On the screen, computer prints
> BOOTP.
> TFTP..... (dots fly by on this line before hangs with this)

Well, it might be you have to set the path in bootp/dhcp to look for:
/bootImage (instead of /tftpboot/bootImage) as you chrooted to /tftpboot

And instead of tagging the kernel you might want to try a boot loader:
/usr/share/syslinux/pxelinux.0

Or, have a look at:
http://www.bpbatch.org/

HTH.

--
-Menno.

In <alt.os.linux.slackware> Menno Duursma <(E-Mail Removed)> wrote:
> > I think it has to do with kernel tagging. I've tried sending
> > - regular kernel that I use for LILO boot.
> > - "tagged" kernel obtained with
> > mknbi-linux -i rom bzImage bootImage (netboot-0.9.8)
> > mknbi-linux --ip=bootp bzImage --output=bootImage (mknbi-1.4.2)
> >
> > Nothing. On the screen, computer prints
> > BOOTP.
> > TFTP..... (dots fly by on this line before hangs with this)

Finally, solved! It was tagging problem. Apparently, 'mknbi' breaks
some "tagging" standard. I had to use 'imggen-2.0' (found at
www.lstp.org) to correct what 'mknbi-linux' produced. So,
mknbi-linux -a "apm=power-off ip=bootp" bzImage boot.nbi
imggen -a boot.nbi boot.mba

> And instead of tagging the kernel you might want to try a boot loader:
> /usr/share/syslinux/pxelinux.0
>
> Or, have a look at:
> http://www.bpbatch.org/

Thanks for the URL pointers. I can now get some sleep...

--
William Park, Open Geometry Consulting, <(E-Mail Removed)>
Linux solution for data management and processing.