Difference between revisions of "TFTP server"
(Created page with "Category:Linux =Reminder= * TFTP requires a DHCP server * TFTP is NOT secure at all. You should only use it into your internal network !! => Don't forget to adjust y...") |
|||
(6 intermediate revisions by the same user not shown) | |||
Line 34: | Line 34: | ||
− | = | + | =Basic configuration= |
Line 108: | Line 108: | ||
$IPTABLES -A INPUT -p udp -s $LAN_ADDRESS --dport 69 -j ACCEPT | $IPTABLES -A INPUT -p udp -s $LAN_ADDRESS --dport 69 -j ACCEPT | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | |||
+ | =TFTP folder tree= | ||
+ | |||
+ | ==Tree overview== | ||
+ | |||
+ | This is how we'll setup our files and folders: | ||
+ | |||
+ | <syntaxhighlight lang="bash"> | ||
+ | #### PXE bootloader | ||
+ | /tftpboot/pxelinux.0 | ||
+ | |||
+ | |||
+ | #### Boot configurations and menus libraries | ||
+ | /tftpboot/pxelinux.cfg/ | ||
+ | /tftpboot/pxelinux.cfg/menu.c32 | ||
+ | /tftpboot/pxelinux.cfg/vesamenu.c32 | ||
+ | |||
+ | /tftpboot/pxelinux.cfg/default # default NetBoot configuration | ||
+ | /tftpboot/pxelinux.cfg/01-ec-a8-6b-fd-da-44 # specific configuration for host with MAC @ "EC-A8-6B-FD-DA-44" | ||
+ | |||
+ | |||
+ | #### Netboot Kernels | ||
+ | /tftpboot/images/ | ||
+ | |||
+ | |||
+ | #### Kernels' libraries and modules | ||
+ | /tftpboot/sources-images/ | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | ==Create folders== | ||
+ | |||
+ | You need to create the following set of folders: | ||
+ | |||
+ | <syntaxhighlight lang="bash"> | ||
+ | mkdir -p /tftpboot/pxelinux.cfg | ||
+ | chmod -R 755 /tftpboot/pxelinux.cfg | ||
+ | |||
+ | mkdir -p /tftpboot/images | ||
+ | chmod -R 755 /tftpboot/images | ||
+ | |||
+ | mkdir -p /tftpboot/sources-images/ | ||
+ | chmod -R 755 /tftpboot/sources-images/ | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | ==PXE bootloader== | ||
+ | |||
+ | The PXE bootloader is the '''pxelinux.0''' file = that's the file that allows the NetBoot. | ||
+ | |||
+ | * That file is always served by the TFTP server. | ||
+ | * This file is provided by the ''syslinux'' package | ||
+ | |||
+ | <syntaxhighlight lang="bash"> | ||
+ | cp /usr/lib/syslinux/pxelinux.0 /tftpboot/ | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | ==PXE libraries== | ||
+ | |||
+ | <syntaxhighlight lang="bash"> | ||
+ | # Plain text menu | ||
+ | cp /usr/lib/syslinux/menu.c32 /tftpboot/pxelinux.cfg/ | ||
+ | |||
+ | # Graphical menu | ||
+ | cp /usr/lib/syslinux/vesamenu.c32 /tftpboot/pxelinux.cfg/ | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 132: | Line 201: | ||
Connect to the server and get file: | Connect to the server and get file: | ||
+ | |||
+ | <small>''in that example 172.16.50.2 is my server''</small> | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
Line 150: | Line 221: | ||
− | =TFTP management= | + | =TFTP service management= |
Just use the "service" command: | Just use the "service" command: | ||
Line 157: | Line 228: | ||
service tftpd-hpa {status|restart|start|stop} | service tftpd-hpa {status|restart|start|stop} | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |
Latest revision as of 10:38, 21 August 2014
Contents
Reminder
- TFTP requires a DHCP server
- TFTP is NOT secure at all. You should only use it into your internal network !!
=> Don't forget to adjust your firewall rules
Installation
Trivial FTP (TFTP) client
apt-get install tftp-hpa
Trivial FTP (TFTP) server
apt-get install tftpd-hpa
SysLinux [netboot utilities]
apt-get install syslinux mtools initramfs-tools
Syslinux contains some starter files you can use for your netboot clients.
Basic configuration
Create target TFTP folders
mkdir -m 755 -p /tftpboot
TFTP configuration
vim /etc/default/tftpd-hpa
It should look like:
# /etc/default/tftpd-hpa
RUN_DAEMON="yes"
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/tftpboot"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure"
Don't forget to add the RUN_DAEMON setting.
The TFTP server files [= the files that will be used by the TFTP clients] are in the "TFTP_DIRECTORY" instruction.
==> You should use the folder we just created: /tftpboot
IMPORTANT !!
You must not change the default user or port number !!
service tftpd-hpa restart
TFTP automatic start on boot
Sometimes the "RUN_DAEMON" is not enough for TFTP automatic startup... :(
In that case you have to register tftp-hpa as a service.
cd /etc/init.d/
update-rc.d tftpd-hpa defaults
Reboot your server ! The TFTP should be up and running now :)
Firewall configuration
Adjust your firewall script and add the following rules:
IPTABLES=`which iptables`
LAN_ADDRESS="172.16.50.0/24"
$IPTABLES -A INPUT -p udp -s $LAN_ADDRESS --dport 69 -j ACCEPT
TFTP folder tree
Tree overview
This is how we'll setup our files and folders:
#### PXE bootloader
/tftpboot/pxelinux.0
#### Boot configurations and menus libraries
/tftpboot/pxelinux.cfg/
/tftpboot/pxelinux.cfg/menu.c32
/tftpboot/pxelinux.cfg/vesamenu.c32
/tftpboot/pxelinux.cfg/default # default NetBoot configuration
/tftpboot/pxelinux.cfg/01-ec-a8-6b-fd-da-44 # specific configuration for host with MAC @ "EC-A8-6B-FD-DA-44"
#### Netboot Kernels
/tftpboot/images/
#### Kernels' libraries and modules
/tftpboot/sources-images/
Create folders
You need to create the following set of folders:
mkdir -p /tftpboot/pxelinux.cfg
chmod -R 755 /tftpboot/pxelinux.cfg
mkdir -p /tftpboot/images
chmod -R 755 /tftpboot/images
mkdir -p /tftpboot/sources-images/
chmod -R 755 /tftpboot/sources-images/
PXE bootloader
The PXE bootloader is the pxelinux.0 file = that's the file that allows the NetBoot.
- That file is always served by the TFTP server.
- This file is provided by the syslinux package
cp /usr/lib/syslinux/pxelinux.0 /tftpboot/
PXE libraries
# Plain text menu
cp /usr/lib/syslinux/menu.c32 /tftpboot/pxelinux.cfg/
# Graphical menu
cp /usr/lib/syslinux/vesamenu.c32 /tftpboot/pxelinux.cfg/
Test the server
1. Create a file on the server
vim /tftpboot/hello.txt
2. Connect to the server
Install TFTP client:
apt-get install tftp-hpa
Connect to the server and get file:
in that example 172.16.50.2 is my server
tftp 172.16.50.2
get hello.txt
quit
Check the received file:
cat hello.txt
TFTP service management
Just use the "service" command:
service tftpd-hpa {status|restart|start|stop}