TFTP Server: CentOS 7

CentOS 7 was developed as a core based Linux server OS. As with all core products, you will have to pretty comfortable with the commande line as well as google.com. Ijs, most people don’t know Linux even though most devices run some flavor of linux.

Today I will be showing you how to set up a very basic TFTP server on a CentOS 7 vm. TFTP is a file transfer protocol that can be used by cisco devices to upload firmware, backup configurations, etc.

At this point I’m going to assume that you have CentOS 7 already installed. One prerequisite that you may want to think about is if you will be using FirewallD or IPtables. If you’re comfortable with using the fairly new FirewallD then go right ahead. If you have a fresh install of CentOS 7 and you just want to get your TFTP server up and running with IPtables, then check my post on Disabling FirewallD and enabling IPtables.

Install the TFTP service

yum install -y tftp tftp-server xinetd

 

Edit the TFTP config file

Add the -c switch to the server_args line in order to allow clients to connect. You may also specify the tftp folder if you don’t want it to remain the default. In this case, I am changing my tftp folder to /home/cisco.

# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -c -s /home/cisco
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}

 

Set TFTP Folder Permissions

Keep the access on the directory wide open with 777.

chmod 777 /home/cisco

You should see a green fill behind the lettering to show that access fully allowed from any user or group.

 

SELinux…

If you’re pretty savvy with working with SELinux, then you should be able to enable anonymous access to the folder by issuing the following command.

setsebool -P tftp_anon_write 1

 

If you’re not savvy with working with SELinux, then you can disable it all together.

vi /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted – Targeted processes are protected,
# minimum – Modification of targeted policy. Only selected processes are protected.
# mls – Multi Level Security protection.
SELINUXTYPE=targeted

 

Allow TFTP Through Firewall

FirewallD 

firewall-cmd –zone=public –add-service=tftp –permanent

IPtables

-A INPUT -p udp -m state –state NEW -m udp –dport 69 -j ACCEPT

Configure TFTP to Start on Boot

chkconfig xinetd on

 

REBOOT THE SERVER

reboot

 

One thought on “TFTP Server: CentOS 7

  1. To function with SELinux, which is highly recommended and not as hard as it seems, you will need two additional commands.

    semanage fcontext -a -t tftpdir_rw_t “/home/cisco(/.*)?”
    (Creates a tag for the /home/cisco directory that allows reads and writes from the tftp service)

    chcon -t tftpdir_rw_t /home/cisco
    (Applies the tag to that directory. Can be seen using ># l -lZ command. )

    One correction, the -c option in the TFTP config file is for “Allow new files to be created.” from the man pages.

Leave a Reply

Your email address will not be published. Required fields are marked *