DragonFly BSD

HowToSetupATFTPServer

Setup A TFTP Server

This document outlines how to setup a tftp server on a DragonFlyBSD 1.3.x server. As it turns out, setting up tftp isn't as trivial as the name implies. There are quite a few tasks that need to be done before one can easily send and receive files using tftp. Typically, one would use tftp to send and receive configuration files from network devices such as Cisco routers. It has also been known as a method for booting computers remotely.

1. What is TFTP?

TFTP, or Trival File Transfer Protocol ("RFC 1350"), is a simple protocol used for sending and receiving files over a network without requiring an account or password on the remote system. TFTP operates on port 69 using UDP. If you want to know more in-depth information regarding TFTP and how it works you visit the following link:

"Trivial File Transfer Protocol" (http://en.wikipedia.org/wiki/TFTP)

Note: Due to the lack of authentication, the TFTP server on DragonFlyBSD allows only publicly readable files to be read and written.

2. Setting up a TFTP Server

DragonFlyBSD already has a TFTP server installed by default. The default tftp server is quite suitable for most file transfter tasks, such as sending and receiving configurations to/from a Cisco Router. In order to make use of the default TFTP server we need to undergo a few steps.

2.1 Edit the inetd.conf(8) file

The first thing we need to do to get a TFTP server running is edit the /etc/inetd.conf(8) file. Inetd has been known as the "Super Server". It first appeared in 4.3BSD and it manages network services by listening on specific udp or tcp ports and then passing the connection to the appropriate network service.

Using your favorite editor, open up the /etc/inetd.conf(8) file and remove the comment from the following line and add a -l (letter 'el') before -s:

#tftp   dgram   udp     wait    root    /usr/libexec/tftpd      tftpd -s /tftpboot

so that it looks like

tftp   dgram   udp     wait    root    /usr/libexec/tftpd      tftpd -l -s /tftpboot

Note : Adding the l will enable logging which is good to have especially when using tftp. This is actually optional. If you don't care about logging connections and transfers then don't use the -l flag. More about this later.

You should have noticed that the tftp line mentions something about a /tftpboot directory. This directory doesn't exist by default so we need to create it. Therefore, we need to move onto the next step.

2.2 Creating the /tftpboot Directory

The tftp line in the inetd.conf(8) file uses the -s flag to desginate what directory to change to. This directory is where the files will be placed. The TFTPD server will not look in any other directory but this one so we need to create this directory by issuing the following command:

# mkdir /tftpboot

ATTENTION:

ANY FILE THAT YOU WANT TO GET/PUT MUST ALREADY BE IN THE /tftpboot DIRECTORY AND IT MUST BE WORLD READ/WRITABLE. THIS IS STATED IN THE MAN PAGE FOR TFTPD BUT IT NEEDS TO BE STRESSED FURTHER.

For instance, if you want to get/put the file router-config then be sure that /tftpboot/router-config exists and the permissions are set to 666. For example, consider the following:

# touch /tftpboot/router-config

Now the file has been created.

# chmod 666 /tftpboot/router-config

Now the file is world readable. How do we know? Take a look...

# ls -l /tftpboot/

total 0

-rw-rw-rw-  1 root  wheel  0 Oct 14 16:53 router-config

2.3 Edit the syslog.conf(5) file

I mentioned earlier that it would be a good idea to use the -l flag for the tftpd(8) service so that we can log connections and transfers. The TFTPD uses the LOG_FTP facility to do the logging. We need to make syslog listen for that facility and output the log information to a file. If you have decided, as I did, that logging tftp(1) connections and transfers is a good thing then follow the next steps.

Use your favorite editor and open the /etc/syslog.conf(5) file and add the following line to the file:

ftp.*                                           /var/log/ftplog

Note : I put that line right after the line that starts with "cron".

Now that we configured the syslogd(8) server to listen to the LOG_FTP facility, we need to a.) create the log file in /var/log named ftplog and b.) restart the syslogd(8) server.

2.3.1 Create the ftp log file

To create the ftp log file mentioned previously issue the following command:

# touch /var/log/ftplog

Note : This should create a zero length file called ftplog in the /var/log directory with the default root permissions (you are using root right?). This is where syslogd(8) will be putting the LOG_FTP logs.

2.3.2 Restart the syslogd(8) server

Now that the log file has been created, we need to restart the syslogd(8) server so that it can start listening for the LOG_FTP data and put it into the log file. To do this issue the following command:

# kill -HUP `ps ax | grep syslogd | grep -v grep | awk '{print $1}'`

Note: -HUP is the hang-up signal which essentially makes the process restart and therefore re-read its own configuration file.

At this point, syslogd(8) has been restarted and it should be listening for LOG_FTP log information and spitting it out to /var/log/ftplog.

2.4 Enabling the inetd(8) Service

Now that we have configured the /etc/inetd.conf(8) file so that inetd can listen for tftp connections, we need to make it so that inetd can run and do the listening.

It may be possible that your system is already configured so that inetd(8) starts automatically on system startup. If your system isn't configured to run inetd(8) upon startup (you can verify this by looking to see if the inetd process is running), then use your favorite editor to open the /etc/rc.conf(8) file and add the following line:

inetd_enable="YES"

Note: This will make it so that inetd runs automatically upon system startup.

If you checked to see if the inetd(8) process is running and it is indeed running, then we need to make inetd(8) re-read its own configuration file by issuing the following command:

pkill -HUP inetd

Note: -HUP is the hang-up signal which essentially makes the process restart and therefore re-read its own configuration file.

3. Test the Connection

By this time we have edited the inetd.conf(8) file so that it can listen to incoming tftp(1) connections and log the connections using the LOG_FTP facility. We have created the appropriate TFTP directory, and hopefully you have created whatever files you need in that directory and have made them world read/writable. We have also edited the syslog.conf(5) file so that it listens to LOG_FTP information and sends that data to the ftplog file in the /var/log directory. We have also either enabled the inetd(8) server or have restarted it so that it can reread its configuration file.

Now it's about time we test the connection, but first I want to double check to make sure that inetd(8) is listening for tftp connections. We do this by looking at what network ports are currently open. To do this, issue the following command:

# netstat -an

You should see a line like the following:

udp4       0      0 *.69                  *.*

If you don't see a line like that, then something happened. Go back and try to find where things went wrong.

The next thing to try is to connect and actually put or get a file. To do that, issue the following command:

# tftp <ip address>

tftp> put router-config

Sent 6 bytes in 0.0 seconds

tftp>

If at this point it didn't hang and it said "Sent" then you're done.

4. Done

Congrats! Now you have a working TFTP server and you can go on with copying your router configuration files off your routers (or whatever) and onto your DragonFlyBSD server for safe-keeping.