我正在尝试在 Ubuntu 机器上部署 TFTP 服务器来备份交换机和路由器配置,但是尽管我可以看到 tftp 流量进来,我仍然不断超时。
我环顾四周,发现很多人都遇到过这个问题,但没有一个答案对我有用。
以下是我安装时遵循的步骤tftpd-hpa
sudo apt install tftpd-hpa
- 打开配置文件(
/etc/default/tftpd-hpa
)并添加create
标志,这是我当前的配置
# /etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/var/lib/tftpboot"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure --create -v"
~
- 更改 tftp 目录的所有权和权限,我认为这就是导致问题的原因,但我不确定
sudo chown -R tftp /var/lib/tftpboot
sudo chmod -R 777 /var/lib/tftpboot
mheni@lap2:~$ ll /var/lib/ | grep tftp
drwxrwxrwx 3 tftp nogroup 4096 Oct 11 13:50 tftpboot/
我还尝试将所有权更改为用户和组,(tftp:tftp
而不是tftp
)
- 为路由器配置创建目录
sudo mkdir /var/lib/tftpboot/RT-SLX-1
mheni@lap2:/var/lib/tftpboot/$ ll
total 12
drwxrwxr-x 3 tftp nogroup 4096 Oct 11 14:11 ./
drwxrwxrwx 3 tftp nogroup 4096 Oct 11 13:50 ../
drwxr-x--- 2 root root 4096 Oct 11 14:11 RT-SLX-1/
- 更改所有权和权限(因为创建时它归 root 所有)
sudo chown -R tftp:nogroup /var/lib/tftpboot/RT-SLX-1/
sudo chmod -R 777 /var/lib/tftpboot/RT-SLX-1/
mheni@lap2:/var/lib/tftpboot$ ll
total 12
drwxrwxrwx 3 tftp nogroup 4096 Oct 11 13:50 ./
drwxr-xr-x 74 root root 4096 Oct 11 13:45 ../
drwxrwxr-x 2 tftp nogroup 4096 Oct 11 14:17 RT-SLX-1/
- 重新启动 tftpd-hpa 服务并检查状态
sudo service tftpd-hpa restart
mheni@lap2:/var/lib/tftpboot$ sudo service tftpd-hpa status
● tftpd-hpa.service - LSB: HPA's tftp server
Loaded: loaded (/etc/init.d/tftpd-hpa; bad; vendor preset: enabled)
Active: active (running) since Fri 2019-10-11 13:49:19 EDT; 30min ago
Docs: man:systemd-sysv-generator(8)
Process: 18660 ExecStop=/etc/init.d/tftpd-hpa stop (code=exited, status=0/SUCCESS)
Process: 18672 ExecStart=/etc/init.d/tftpd-hpa start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/tftpd-hpa.service
└─18685 /usr/sbin/in.tftpd --listen --user tftp --address 0.0.0.0:69 --secure --create -v /var/lib/tftpboot
Oct 11 13:49:19 lap2 systemd[1]: Starting LSB: HPA's tftp server...
Oct 11 13:49:19 lap2 tftpd-hpa[18672]: * Starting HPA's tftpd in.tftpd
Oct 11 13:49:19 lap2 tftpd-hpa[18672]: ...done.
Oct 11 13:49:19 lap2 systemd[1]: Started LSB: HPA's tftp server.
- 检查服务是否正在监听
mheni@lap2:/var/lib/tftpboot$ sudo netstat -tunlp | grep tftp
udp 0 0 0.0.0.0:69 0.0.0.0:* 18685/in.tftpd
- 尝试从路由器复制运行配置并使用 tcpdump 监听 tftp 服务器。
tftp 服务器 ==> 10.11.200.211
路由器 ==> 10.11.200.14
############ ROUTER #########################
mheni connected from 10.11.200.211 using ssh on RT-SLX-1
RT-SLX-1# copy running-config tftp://@10.11.200.211/RT-SLX-1/run-cfg-bkp-10.11.2019-1
Error while transferring file over tftp. Reason:Transfer timed out.
RT-SLX-1# copy running-config tftp://@10.11.200.211/RT-SLX-1/run-cfg-bkp-10.11.2019-1
Error while transferring file over tftp. Reason:Transfer timed out.
RT-SLX-1#
################### Ubuntu TFTP server ######################
mheni@lap2:/var/lib/tftpboot/RT-SLX-1$ sudo tcpdump src 10.11.200.14
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s31f6, link-type EN10MB (Ethernet), capture size 262144 bytes
13:52:30.732859 IP 10.11.200.14.ssh > 10.11.200.211.50486: Flags [P.], seq 3610769485:3610769613, ack 3983111689, win 261, options [nop,nop,TS val 954270862 ecr 3182467340], length 128
13:52:32.813201 IP 10.11.200.14.ssh > 10.11.200.211.50486: Flags [P.], seq 128:192, ack 1, win 261, options [nop,nop,TS val 954272942 ecr 3182493847], length 64
13:52:33.734182 IP 10.11.200.14.ssh > 10.11.200.211.50486: Flags [P.], seq 192:320, ack 65, win 261, options [nop,nop,TS val 954273863 ecr 3182496846],
13:52:35.293485 IP 10.11.200.14.55517 > 10.11.200.211.tftp: 45 WRQ "RT-SLX-1/run-cfg-bkp-10.11.2019-1" netascii
13:52:40.293114 IP 10.11.200.14.55517 > 10.11.200.211.tftp: 45 WRQ "RT-SLX-1/run-cfg-bkp-10.11.2019-1" netascii
13:52:45.292433 IP 10.11.200.14.55517 > 10.11.200.211.tftp: 45 WRQ "RT-SLX-1/run-cfg-bkp-10.11.2019-1" netascii
13:52:50.291666 IP 10.11.200.14.55517 > 10.11.200.211.tftp: 45 WRQ "RT-SLX-1/run-cfg-bkp-10.11.2019-1" netascii
13:52:55.291001 IP 10.11.200.14.55517 > 10.11.200.211.tftp: 45 WRQ "RT-SLX-1/run-cfg-bkp-10.11.2019-1" netascii
正如您所见,请求已经进入,但没有任何内容写入目录 :(
非常感谢您的指点,谢谢。
更新:捕获两个方向的流量
09:41:02.519086 IP 10.11.200.211.33632 > 10.11.200.14.ssh: Flags [P.], seq 5744:5808, ack 6241, win 287, options [nop,nop,TS val 3513004024 ecr 1284829985], length 64
09:41:02.523556 IP 10.11.200.14.ssh > 10.11.200.211.33632: Flags [P.], seq 6241:6321, ack 5808, win 261, options [nop,nop,TS val 1284837839 ecr 3513004024], length 80
09:41:02.523585 IP 10.11.200.211.33632 > 10.11.200.14.ssh: Flags [.], ack 6321, win 287, options [nop,nop,TS val 3513004029 ecr 1284837839], length 0
09:41:03.951654 IP 10.11.200.14.32990 > 10.11.200.211.tftp: 39 WRQ "RT-SLX-1/run-bkp-10-15-2019" netascii
09:41:08.951074 IP 10.11.200.14.32990 > 10.11.200.211.tftp: 39 WRQ "RT-SLX-1/run-bkp-10-15-2019" netascii
09:41:13.950339 IP 10.11.200.14.32990 > 10.11.200.211.tftp: 39 WRQ "RT-SLX-1/run-bkp-10-15-2019" netascii
09:41:18.949665 IP 10.11.200.14.32990 > 10.11.200.211.tftp: 39 WRQ "RT-SLX-1/run-bkp-10-15-2019" netascii
09:41:23.949051 IP 10.11.200.14.32990 > 10.11.200.211.tftp: 39 WRQ "RT-SLX-1/run-bkp-10-15-2019" netascii
09:41:28.991134 IP 10.11.200.14.ssh > 10.11.200.211.33632: Flags [P.], seq 6321:6449, ack 5808, win 261, options [nop,nop,TS val 1284864311 ecr 3513004029], length 128
09:41:34.180628 ARP, Reply 10.11.200.14 is-at 60:9c:9f:de:d2:01 (oui Unknown), length 46
09:41:42.852212 IP 10.11.200.211.33632 > 10.11.200.14.ssh: Flags [P.], seq 5808:5872, ack 6513, win 296, options [nop,nop,TS val 3513044357 ecr 1284866393], length 64
09:41:42.855651 IP 10.11.200.14.ssh > 10.11.200.211.33632: Flags [P.], seq 6513:6577, ack 5872, win 261, options [nop,nop,TS val 1284878178 ecr 3513044357], length 64
09:41:42.855682 IP 10.11.200.211.33632 > 10.11.200.14.ssh: Flags [.], ack 6577, win 296, options [nop,nop,TS val 3513044361 ecr 1284878178], length 0