Hi,
I'm trying to do some configuration backups from a piece of equipment over
tftp (only option for this equipment) to a new-ish OBSD 5.3 file server
running tftpd.
Historically, this equipment has done its backups to a tftpd server running on
OpenBSD 4.4 and its been working fine for several years. But as it's rather
old we're switching over to the 5.3 server.
The device and the servers (both old and new) reside on separate rfc 1918
networks (equip - lets say 10.1.0.60, servers - 10.5.0.[13 & 5]) connected
with an OpenBSD firewall/router.
However the 5.3 box doesn't seem to allow for complete transfers over the
firewall. Only about 10-30K of the ~50K transfer completes. The equipment
reports "TFTP Error: Server Timeout".
Running tftpd manaully with "#tftpd -c -d -v /tftproot/" prints the following:
tftpd: 10.1.0.60: write request for 'mybackup.cfg'
tftpd: tftp_wrq recv: Connection refused
Running tcpdump while the transfer is happening shows the following:
nas1 #tcpdump -i em1 net 10.1.0.60
tcpdump: listening on em1, link-type EN10MB
tcpdump: WARNING: compensating for unaligned libpcap packets
12:12:02.790735 10.1.0.60.2164 > 10.5.0.13.tftp: 27 WRQ "mybackup.cfg"
12:12:02.828113 10.5.0.13.7048 > 10.1.0.60.2164: udp 4
12:12:02.852699 10.1.0.60.2164 > 10.5.0.13.7048: udp 516
12:12:02.852757 10.5.0.13.7048 > 10.1.0.60.2164: udp 4
12:12:02.952641 10.1.0.60.2164 > 10.5.0.13.7048: udp 516
12:12:02.952677 10.5.0.13.7048 > 10.1.0.60.2164: udp 4
12:12:03.059579 10.1.0.60.2164 > 10.5.0.13.7048: udp 516
12:12:03.059614 10.5.0.13.7048 > 10.1.0.60.2164: udp 4
12:12:03.072072 10.1.0.60.2164 > 10.5.0.13.7048: udp 516
12:12:03.072106 10.5.0.13.7048 > 10.1.0.60.2164: udp 4
[......
.....]
12:12:11.048977 10.1.0.60.2164 > 10.5.0.13.7048: udp 516
12:12:11.049010 10.5.0.13.7048 > 10.1.0.60.2164: udp 4
12:12:11.148920 10.1.0.60.2164 > 10.5.0.13.7048: udp 516
12:12:11.148954 10.5.0.13.7048 > 10.1.0.60.2164: udp 4
12:12:11.276346 10.1.0.60.2164 > 10.5.0.13.7048: udp 516
12:12:11.276380 10.5.0.13.7048 > 10.1.0.60.2164: udp 4
12:12:15.293532 10.1.0.60.2164 > 10.5.0.13.7048: udp 516
12:12:19.311719 10.1.0.60.2164 > 10.5.0.13.7048: udp 516
12:12:23.329904 10.1.0.60.2164 > 10.5.0.13.7048: udp 516
12:12:27.348589 10.1.0.60.2164 > 10.5.0.13.7048: udp 516
12:12:31.366275 10.1.0.60.2164 > 10.5.0.13.7048: udp 516
12:12:36.375321 10.5.0.13.7048 > 10.1.0.60.2164: udp 4
12:12:36.384384 10.1.0.60 > 10.5.0.13: icmp: 10.1.0.60 udp port 2164
unreachable
On the old OBSD 4.4 file server the tcpdump of the successful transfer looks
like this:
filestore # tcpdump -i em1 net 10.1.0.60
tcpdump: listening on em1, link-type EN10MB
12:32:47.946560 10.1.0.60.2165 > 10.5.0.5.tftp: 27 WRQ "ta4303-1.bend1.cfg"
12:32:47.956856 10.5.0.5.10436 > 10.1.0.60.2165: udp 4
12:32:48.026514 10.1.0.60.2165 > 10.5.0.5.10436: udp 516
12:32:48.026562 10.5.0.5.10436 > 10.1.0.60.2165: udp 4
12:32:48.126455 10.1.0.60.2165 > 10.5.0.5.10436: udp 516
12:32:48.126487 10.5.0.5.10436 > 10.1.0.60.2165: udp 4
[......
.....]
12:33:00.820607 10.1.0.60.2165 > 10.5.0.5.10436: udp 516
12:33:00.820633 10.5.0.5.10436 > 10.1.0.60.2165: udp 4
12:33:00.920549 10.1.0.60.2165 > 10.5.0.5.10436: udp 516
12:33:00.920575 10.5.0.5.10436 > 10.1.0.60.2165: udp 4
12:33:01.020491 10.1.0.60.2165 > 10.5.0.5.10436: udp 420
12:33:01.020549 10.5.0.5.10436 > 10.1.0.60.2165: udp 4
12:33:22.597501 10.1.0.60 > 10.5.0.5: icmp: 10.1.0.60 udp port 2165
unreachable
Attempting a tftp transfer from my linux workstation (within the 10.5.0.0/24
net) to the 5.3 box works fine. Doing a tftp transfer over the firewall from
the equipment to my workstation with atftpd running, works fine.
For giggles, I loaded up the 9/14 snapshot of OpenBSD 5.4 in a virtual
machine, tested, and got the same result as with 5.3.
Should I be taking a closer look at the firewall (seems unlikely as the
transfers work on the old box and my workstation) or are the other debugging
steps I should be looking at?
Thanks!
--
Joe Kowalski
