Hi Kenneth, I have that setup running here, so it is possible, with vuurmuur :) I'm using isc-dhcpd-V3.1.1 with tftpd in inetd mode
Your vuurmuur rule RULE="Accept service tftp from local.lan to firewall" should be the only one you need, I'm guessing your firewall doesn't need to download anything using tftp? Your service definition seems a bit incorrect: - the services doesn't need a helper - tftp uses an unprivileged port from the client. Mine looks like this: ACTIVE="Yes" TCP="" UDP="69*1024:65535" ICMP="" GRE="" AH="" ESP="" PROTO_41="" BROADCAST="No" HELPER="" That should do the trick.... Cheers, Milo On 24-5-2010 19:37, Victor Julien wrote: > Hi Kenneth, I have no experience with tftp, but I think it should be > able to work. Are you seeing any drop lines in the vuurmuur traffic log? > > Cheers, > Victor > > Kenneth Shaw wrote: > >> Hi, >> >> I've been attempting to run a TFTP server on the firewall for PXE booting. >> >> Long story short, I've tried every variation on defining a service for TFTP >> that I can think of, however I can not get PXE booting to work. I am able to >> use a tftp client at the command line on another host to copy files from the >> firewall, but actually doing it during a PXE boot causes timeout errors. >> I've used both atftpd and tftpd-hpa. With atftpd, in the syslog, I see that >> the tftp server is receiving some kind of data, however the client never >> receives the files. >> >> The following is the service definition I have used for vuurmuur: >> >> ACTIVE="yes" >> UDP="69*69" >> BROADCAST="no" >> COMMENT="Trivial File Transfer Protocol" >> PROTO_41="" >> GRE="" >> AH="" >> ESP="" >> ICMP="" >> HELPER="tftp" >> >> >> (I have used many variations of this, with and without the conntrack helper). >> >> Additionally, I have these rules (among others) defined: >> >> RULE="Accept service any from firewall to local.lan" >> RULE="Accept service tftp from local.lan to firewall" >> >> What am I doing wrong? I would really like to get my PXE boot environment up >> and running and self-contained on the firewall -- as it is, I am forced to >> run the tftp server on a separate system which is not ideal. Also if it >> matters (I do not know if it does or not), I am not launching tftp from >> inetd. Instead I am having atftpd run as a standalone daemon. >> >> Any help would be greatly appreciated! >> >> -- >> Kenneth Shaw >> ExpiTrans, Inc. >> 1401 Dove St, Suite 260 >> Newport Beach, CA 92660 >> tel: 949.650.4600 >> fax: 949.642.6044 >> [email protected] >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> Vuurmuur-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/vuurmuur-users >> > > ------------------------------------------------------------------------------ > > _______________________________________________ > Vuurmuur-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/vuurmuur-users > ------------------------------------------------------------------------------ _______________________________________________ Vuurmuur-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/vuurmuur-users
