CentOS 7 was developed as a core based Linux server OS. As with all core products, you will have to pretty comfortable with the commande line as well as google.com. Ijs, most people don’t know Linux even though most devices run some flavor of linux.
Today I will be showing you how to set up a very basic TFTP server on a CentOS 7 vm. TFTP is a file transfer protocol that can be used by cisco devices to upload firmware, backup configurations, etc.
At this point I’m going to assume that you have CentOS 7 already installed. One prerequisite that you may want to think about is if you will be using FirewallD or IPtables. If you’re comfortable with using the fairly new FirewallD then go right ahead. If you have a fresh install of CentOS 7 and you just want to get your TFTP server up and running with IPtables, then check my post on Disabling FirewallD and enabling IPtables.
Install the TFTP service
yum install -y tftp tftp-server xinetd
Edit the TFTP config file
Add the -c switch to the server_args line in order to allow clients to connect. You may also specify the tftp folder if you don’t want it to remain the default. In this case, I am changing my tftp folder to /home/cisco.
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -c -s /home/cisco
disable = no
per_source = 11
cps = 100 2
flags = IPv4
Set TFTP Folder Permissions
Keep the access on the directory wide open with 777.
chmod 777 /home/cisco
You should see a green fill behind the lettering to show that access fully allowed from any user or group.
If you’re pretty savvy with working with SELinux, then you should be able to enable anonymous access to the folder by issuing the following command.
setsebool -P tftp_anon_write 1
If you’re not savvy with working with SELinux, then you can disable it all together.
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
# SELINUXTYPE= can take one of three two values:
# targeted – Targeted processes are protected,
# minimum – Modification of targeted policy. Only selected processes are protected.
# mls – Multi Level Security protection.
Allow TFTP Through Firewall
firewall-cmd –zone=public –add-service=tftp –permanent
-A INPUT -p udp -m state –state NEW -m udp –dport 69 -j ACCEPT
Configure TFTP to Start on Boot
chkconfig xinetd on
REBOOT THE SERVER