【嵌入式Linux学习七步曲之第二篇 交叉开发环境】FC6 上架设TFTP服务器,Transfer timed out

 FC6 上架设TFTP服务器

Sailor_forever  sailing_9806#163.com 转载请注明
http://blog.csdn.net/sailor_8318/archive/2009/11/14/4811277.aspx

 

1、检查是否安装了TFTP server及client,否则安装
[root@sailing ~]# rpm -qa |grep tftp
tftp-server-0.42-3.1
tftp-0.42-3.1

2、设置TFTP服务开机自启动
[root@sailing ~]# cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer /
#       protocol.  The tftp protocol is often used to boot diskless /
#       workstations, download configuration files to network-aware printers, /
#       and to start the installation process for some operating systems.
service tftp
{
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -s /tftpboot
        disable                 = no
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}
[root@sailing ~]#                              
Tftp服务默认是关闭的,将disable选项设置为=yes,开机自启动

3、重启TFTP服务
[root@sailing nfs]# /etc/init.d/xinetd
用法:/etc/init.d/xinetd {start|stop|status|restart|condrestart|reload}
[root@sailing nfs]# /etc/init.d/xinetd restart
停止 xinetd:                                              [确定]
启动 xinetd:                                              [确定]
[root@sailing nfs]# service network restart
正在关闭接口 eth0:                                        [确定]
关闭环回接口:                                             [确定]
弹出环回接口:                                             [确定]
弹出界面 eth0:
正在决定 eth0 的 IP 信息...完成。
                                                           [确定]
[root@sailing nfs]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:CD:A1:5C
          inet addr:192.168.1.101  Bcast:255.255.255.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fecd:a15c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:34562 errors:0 dropped:0 overruns:0 frame:0
          TX packets:260 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3111447 (2.9 MiB)  TX bytes:36926 (36.0 KiB)
          Interrupt:67 Base address:0x2000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:5911 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5911 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:7307856 (6.9 MiB)  TX bytes:7307856 (6.9 MiB)

4、建立tftpboot目录,设置权限
[root@sailing nfs]# chmod -R 777 tftpboot
[root@sailing nfs]# ls -l
total 144
。。。。
drwxrwxrwx   2 root root  4096 2009-08-17 15:22 tftpboot

5、主机平台上自测试
[root@sailing nfs]# ls /tftpboot/
test
[root@sailing nfs]# tftp 192.168.1.101
tftp> get test
Transfer timed out.
传输超时

6、修改防火墙设置,允许TFTP连接
TFTP是一种不安全的服务,通常情况下Linux系统是禁止TFTP连接的
查看防火墙当前设置,可知在INPUT和OUTPUT中都没有TFTP ACCEPT的相关规则,则表示禁止TFTP
[root@sailing ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:nfs
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:netbios-ns
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:netbios-dgm
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:netbios-ssn
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:microsoft-ds
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:telnet
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

添加TFTP服务,端口号69,为UDP协议
[root@sailing ~]# iptables -A OUTPUT -p UDP --dport 69 -j ACCEPT
[root@sailing ~]# iptables -A INPUT -p UDP --dport 69 -j ACCEPT

[root@sailing ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere            udp dpt:tftp

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp dpt:tftp

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:nfs
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:netbios-ns
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:netbios-dgm
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:netbios-ssn
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:microsoft-ds
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:telnet
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited
[root@sailing ~]#                                                                                  

当然也可以用其他方式修改防火墙设置,图形界面也可以
若是远程ssh连接的,也可以用文本模式的命令设置
[root@sailing ~]# setup
Firewall configuration--> Customize--other port 处:tftp:udp,保存就可以了。

7、再次测试,OK
[root@sailing ~]# ls
anaconda-ks.cfg  Desktop  install.log  install.log.syslog  test
[root@sailing ~]# rm -f test
[root@sailing ~]# ls
anaconda-ks.cfg  Desktop  install.log  install.log.syslog
 [root@sailing ~]# tftp 192.168.1.101
tftp> get test
tftp> q
[root@sailing ~]# ls
anaconda-ks.cfg  Desktop  install.log  install.log.syslog  test

 

你可能感兴趣的:(linux,tcp,防火墙,嵌入式,input,output)