Your message dated Wed, 06 Apr 2011 18:51:14 +0200
with message-id <[email protected]>
and subject line Re: tftpd-hpa coflicts with portsentry (cannot bind tp
UDP-port 69)
has caused the Debian Bug report #618655,
regarding tftpd-hpa coflicts with portsentry (cannot bind tp UDP-port 69)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
618655: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618655
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tftpd-hpa
Version: 5.0-22
Severity: normal
The Package won't install when portsentry is running and controlling
UDP-Port 69. The normal /etc/init.d/ -startscript fails and thus the
installation breaks. It may also be a problem of portsentry although the
normal tftpd cooperates with the existing portsentry.
Because I don't know better, I took port 69 out of the UDP_PORTS= -list in
/etc/portsentry/portsentry.conf .
My tftpd-hpa startscript is only modified to locate the problem.
Ciao, BHA
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-trunk-686 (SMP w/2 CPU cores)
Locale: LANG=, LC_CTYPE= (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages tftpd-hpa depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii cdebconf [debconf-2.0] 0.153 Debian Configuration
Management Sy
ii debconf [debconf-2.0] 1.5.38 Debian configuration
management sy
ii libc6 2.11.2-11 Embedded GNU C Library:
Shared lib
ii libwrap0 7.6.q-19 Wietse Venema's TCP
wrappers libra
tftpd-hpa recommends no packages.
Versions of packages tftpd-hpa suggests:
ii syslinux-common 2:4.03+dfsg-12 collection of boot loaders
(common
-- Configuration Files:
/etc/init.d/tftpd-hpa changed:
PATH="/sbin:/bin:/usr/sbin:/usr/bin"
DAEMON="/usr/sbin/in.tftpd"
test -x "${DAEMON}" || exit 0
NAME="in.tftpd"
DESC="HPA's tftpd"
PIDFILE="/var/run/tftpd-hpa.pid"
DEFAULTS="/etc/default/tftpd-hpa"
if [ -r "${DEFAULTS}" ]
then
. "${DEFAULTS}"
fi
set -e
. /lib/lsb/init-functions
do_start()
{
# Ensure --secure and multiple server directories are not used at the
# same time
if [ "$(echo ${TFTP_DIRECTORY} | wc -w)" -ge 2 ] && \
echo ${TFTP_OPTIONS} | grep -qs secure
then
echo
echo "When --secure is specified, exactly one directory can be
specified."
echo "Please correct your /etc/default/tftpd-hpa."
exit 1
fi
# Ensure server directories are existing
for _DIRECTORY in ${TFTP_DIRECTORY}
do
if [ ! -d "${_DIRECTORY}" ]
then
echo "${_DIRECTORY} missing, aborting."
exit 1
fi
done
echo "now start-stop-daemon --start --quiet --oknodo --exec ${DAEMON}
-- --listen --user ${TFTP_USERNAME} --address ${TFTP_ADDRESS}
${TFTP_OPTIONS} ${TFTP_DIRECTORY} "
start-stop-daemon --start --quiet --oknodo --exec ${DAEMON} -- \
--listen --user ${TFTP_USERNAME} --address ${TFTP_ADDRESS} \
${TFTP_OPTIONS} ${TFTP_DIRECTORY}
}
do_stop ()
{
start-stop-daemon --stop --quiet --oknodo --name ${NAME}
}
do_reload ()
{
start-stop-daemon --stop --quiet --oknodo --name ${NAME} --signal 1
}
case "${1}" in
start)
log_daemon_msg "Starting ${DESC}" "${NAME} "
do_start
log_end_msg ${?}
;;
stop)
log_daemon_msg "Stopping ${DESC}" "${NAME} "
do_stop
log_end_msg ${?}
;;
restart|force-reload)
log_daemon_msg "Restarting ${DESC}" "${NAME} "
do_stop
sleep 1
do_start
log_end_msg ${?}
;;
status)
status_of_proc ${DAEMON} ${NAME}
;;
*)
echo "Usage: ${0} {start|stop|restart|force-reload|status}" >&2
exit 1
;;
esac
exit 0
-- debconf information:
tftpd-hpa/address: 0.0.0.0:69
tftpd-hpa/directory: /srv/tftp
tftpd-hpa/username: tftp
tftpd-hpa/options: --secure
--- End Message ---
--- Begin Message ---
Hi,
As you may know, portsentry is an anti-port scanner.
Portsentry seats on ports (defined in the local config file) and waits there
for unspected
connection attempts on configured ports.
By default, '69/udp' is in the UDP_PORTS list because is somehow considered
'risky' due to be used
by some worms and trojans...
As I said in bugreport #618653, you need to perform a bit of tunning on the
configuration file to
run portsentry (in conjuction with other services) just because the default
delivered configuration
file does not know which services are running (planning to run in the future).
To run portsentry + any tftp service, you just need to:
* Edit /etc/portsentry/portsentry.conf
* Remove the 69 from UDP_PORTS list.
* Restart portsentry (/etc/init.d/portsentry restart)
* Install (or reinstall) the tftp server.
Hereby I'm closing this bug report (considering it's a feature).
Thanks for reporting.
Regards,
--
Dario Minnucci <[email protected]>
Phone: +34 902884117 | Fax: +34 902024417 | Support: (+34) 807450000
Key fingerprint = BAA1 7AAF B21D 6567 D457 D67D A82F BB83 F3D5 7033
signature.asc
Description: OpenPGP digital signature
--- End Message ---
